52e84685350b6d7ec1885f187fdd8417994ce653566555472fe98b4a8bde8eaa

Analysis

max time kernel
1800s
max time network
1514s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23/04/2024, 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-23 3.45.58 PM.png
Size

360KB
MD5

5641fde0bd72e9594a5656d9d630d883
SHA1

a26e86d9e143c67cb9cdfce554a8373b72ec6fdc
SHA256

52e84685350b6d7ec1885f187fdd8417994ce653566555472fe98b4a8bde8eaa
SHA512

797c07db95a5a9f0ed254a607a4dc0e4b8aa398b3868eaffbe2c541be28b316212732472340e2afefefcef9c4e827e51c435ba2a7522bedda51e5994617f09c3
SSDEEP

6144:Zwcq+lFhJB1HkuA/jXbOXrMoX9fRiAKyTilfiv+AvrV/GRKuVfnokI+2Dcjmx:5hfTA3OXrfNJiANVv5vrViXlicjmx

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 35 IoCs

pid	Process
4816	DiscordSetup.exe
5532	Update.exe
1992	Discord.exe
5616	Discord.exe
5980	Update.exe
5892	Discord.exe
5976	Discord.exe
1564	Update.exe
4908	Discord.exe
2688	Discord.exe
6140	Discord.exe
6088	Discord.exe
5976	Discord.exe
3808	Discord.exe
5884	Discord.exe
2928	Discord.exe
3812	Discord.exe
6948	Update.exe
7040	Discord.exe
7100	Discord.exe
7196	Discord.exe
7292	Discord.exe
7312	Discord.exe
7324	Discord.exe
7876	Update.exe
7884	Update.exe
8164	Discord.exe
8172	Discord.exe
5180	Discord.exe
460	Discord.exe
2356	Discord.exe
5060	Discord.exe
8792	Discord.exe
8780	Discord.exe
8212	Discord.exe

Loads dropped DLL 56 IoCs

pid	Process
1992	Discord.exe
5616	Discord.exe
5892	Discord.exe
5976	Discord.exe
5892	Discord.exe
5892	Discord.exe
5892	Discord.exe
5892	Discord.exe
4908	Discord.exe
2688	Discord.exe
4908	Discord.exe
6140	Discord.exe
6088	Discord.exe
6140	Discord.exe
6140	Discord.exe
6140	Discord.exe
6140	Discord.exe
5976	Discord.exe
3808	Discord.exe
5976	Discord.exe
5884	Discord.exe
5976	Discord.exe
2928	Discord.exe
3812	Discord.exe
3812	Discord.exe
7040	Discord.exe
7100	Discord.exe
7040	Discord.exe
7196	Discord.exe
7292	Discord.exe
7312	Discord.exe
7324	Discord.exe
7196	Discord.exe
7196	Discord.exe
7196	Discord.exe
7196	Discord.exe
7312	Discord.exe
7312	Discord.exe
8164	Discord.exe
8172	Discord.exe
5180	Discord.exe
460	Discord.exe
2356	Discord.exe
460	Discord.exe
460	Discord.exe
460	Discord.exe
460	Discord.exe
5060	Discord.exe
8792	Discord.exe
8780	Discord.exe
8792	Discord.exe
8792	Discord.exe
8792	Discord.exe
8792	Discord.exe
8212	Discord.exe
8212	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
16	discord.com
27	discord.com
28	discord.com
44	discord.com

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Discord.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Discord.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Discord.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Discord.exe

Drops file in Windows directory 14 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_740835495\manifest.json	Discord.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_4908_1827067230\oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3	Discord.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_4908_39013244\neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_2128604221\manifest.json	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_2128604221\manifest.fingerprint	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_740835495\_platform_specific\win_x64\widevinecdm.dll.sig	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_740835495\_platform_specific\win_x64\widevinecdm.dll	Discord.exe
File opened for modification	C:\Windows\SystemTemp	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_740835495\_metadata\verified_contents.json	Discord.exe
File opened for modification	C:\Windows\SystemTemp	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_2128604221\Google.Widevine.CDM.dll	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_2128604221\_metadata\verified_contents.json	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_740835495\LICENSE	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_740835495\manifest.fingerprint	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 27 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9142\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\URL Protocol	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9142\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9142\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9142\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Discord\shell\open	reg.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry

T1112

pid	Process
2424	reg.exe
412	reg.exe
1996	reg.exe
3760	reg.exe
1944	reg.exe
5956	reg.exe
5528	reg.exe
5900	reg.exe
2824	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
7896	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
4908	Discord.exe
5976	Discord.exe
5976	Discord.exe
3812	Discord.exe
3812	Discord.exe
3812	Discord.exe
3812	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7040	Discord.exe
7312	Discord.exe
7312	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8172	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8164	Discord.exe
8212	Discord.exe
8212	Discord.exe
8212	Discord.exe
8212	Discord.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3076	firefox.exe
Token: SeDebugPrivilege	3076	firefox.exe
Token: SeDebugPrivilege	5532	Update.exe
Token: SeDebugPrivilege	5532	Update.exe
Token: SeDebugPrivilege	5532	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeDebugPrivilege	5980	Update.exe
Token: SeShutdownPrivilege	1992	Discord.exe
Token: SeCreatePagefilePrivilege	1992	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe
Token: SeShutdownPrivilege	4908	Discord.exe
Token: SeCreatePagefilePrivilege	4908	Discord.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3076	firefox.exe
3076	firefox.exe
3076	firefox.exe
3076	firefox.exe
3076	firefox.exe
5532	Update.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3076	firefox.exe
3076	firefox.exe
3076	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3076	firefox.exe
3076	firefox.exe
3076	firefox.exe
3076	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 5088	3868	private_browsing.exe	84
PID 3868 wrote to memory of 5088	3868	private_browsing.exe	84
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 5088 wrote to memory of 3076	5088	firefox.exe	85
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 2800	3076	firefox.exe	86
PID 3076 wrote to memory of 1916	3076	firefox.exe	87
PID 3076 wrote to memory of 1916	3076	firefox.exe	87
PID 3076 wrote to memory of 1916	3076	firefox.exe	87
PID 3076 wrote to memory of 1916	3076	firefox.exe	87
PID 3076 wrote to memory of 1916	3076	firefox.exe	87
PID 3076 wrote to memory of 1916	3076	firefox.exe	87
PID 3076 wrote to memory of 1916	3076	firefox.exe	87
PID 3076 wrote to memory of 1916	3076	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-23 3.45.58 PM.png"
1⤵
PID:2624

C:\Program Files\Mozilla Firefox\private_browsing.exe
"C:\Program Files\Mozilla Firefox\private_browsing.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -private-window
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -private-window
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3076
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.0.1105893527\1655882214" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a667a37-4f43-4bd2-b081-e23e6fa12d8c} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 1828 1e24860d558 gpu
      4⤵
      PID:2800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.1.1598268447\784290099" -parentBuildID 20230214051806 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae0ab752-3186-4f91-bd51-206cd97e404d} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 2352 1e23b98ae58 socket
      4⤵
      PID:1916
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.2.1109502708\2087107684" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2976 -prefsLen 22925 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58397ccf-779b-4312-8731-95187ce3d4da} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 2952 1e24b451658 tab
      4⤵
      PID:1476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.3.1301149450\1766780303" -childID 2 -isForBrowser -prefsHandle 3364 -prefMapHandle 3360 -prefsLen 27576 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4bda150-a82f-4a84-b598-221cfef7bc94} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 3584 1e23b941e58 tab
      4⤵
      PID:5072
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.4.352321624\585282857" -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5188 -prefsLen 27632 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {740a8820-bc98-48d2-baf2-def6a8672785} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 5248 1e251082558 tab
      4⤵
      PID:2624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.5.1159586706\1093880741" -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5472 -prefsLen 27632 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {480190a0-1837-4a93-b2b5-776145336f74} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 5484 1e251082e58 tab
      4⤵
      PID:3768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.6.1357812649\1225751120" -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27632 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a55ce68a-d43a-4ca3-8d64-c516f95b357a} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 5380 1e2510a1558 tab
      4⤵
      PID:3880
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3076.7.1572722520\888674443" -childID 6 -isForBrowser -prefsHandle 5888 -prefMapHandle 5884 -prefsLen 27792 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfef6e67-2edc-409a-a385-5f6e3974a91f} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" 5900 1e250b97858 tab
      4⤵
      PID:5644
  - - C:\Users\Admin\Downloads\DiscordSetup.exe
      "C:\Users\Admin\Downloads\DiscordSetup.exe"
      4⤵
      Executes dropped EXE
      PID:4816
    - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
        
        "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --squirrel-install 1.0.9142
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9142 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x510,0x514,0x518,0x508,0x51c,0x7ff61c9e3108,0x7ff61c9e3114,0x7ff61c9e3120
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Discord\Update.exe
        
        C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2072 --field-trial-handle=2076,i,5473636032301852408,6425933536892969920,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2660 --field-trial-handle=2076,i,5473636032301852408,6425933536892969920,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5976
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
        7⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:1996
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
        7⤵
        Modifies registry class
        Modifies registry key
        
        PID:1944
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
        7⤵
        Modifies registry class
        Modifies registry key
        
        PID:3760
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe\",-1" /f
        7⤵
        Modifies registry class
        Modifies registry key
        
        PID:5528
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe\" --url -- \"%1\"" /f
        7⤵
        Modifies registry class
        Modifies registry key
        
        PID:5956

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:1564
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4908
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9142 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x518,0x51c,0x520,0x510,0x524,0x7ff61c9e3108,0x7ff61c9e3114,0x7ff61c9e3120
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2688
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2352 --field-trial-handle=2356,i,16632467271042439667,8313930049192609560,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6140
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2388 --field-trial-handle=2356,i,16632467271042439667,8313930049192609560,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6088
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2848 --field-trial-handle=2356,i,16632467271042439667,8313930049192609560,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5976
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:5900
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=2356,i,16632467271042439667,8313930049192609560,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3808
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:2424
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3460 --field-trial-handle=2356,i,16632467271042439667,8313930049192609560,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5884
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3628 --field-trial-handle=2356,i,16632467271042439667,8313930049192609560,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2928
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe\",-1" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:412
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe\" --url -- \"%1\"" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:2824
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3872 --field-trial-handle=2356,i,16632467271042439667,8313930049192609560,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:3812

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:6948
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:7040
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9142 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4fc,0x500,0x504,0x4f4,0x508,0x7ff61c9e3108,0x7ff61c9e3114,0x7ff61c9e3120
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7100
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1780 --field-trial-handle=1784,i,14162305567205261708,13122399554520861193,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7196
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=1868 --field-trial-handle=1784,i,14162305567205261708,13122399554520861193,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7292
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2816 --field-trial-handle=1784,i,14162305567205261708,13122399554520861193,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:7312
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1784,i,14162305567205261708,13122399554520861193,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7324
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2108 --field-trial-handle=1784,i,14162305567205261708,13122399554520861193,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:8212

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:7876
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:8164
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9142 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4f8,0x4fc,0x500,0x4f0,0x504,0x7ff61c9e3108,0x7ff61c9e3114,0x7ff61c9e3120
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5060
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1972 --field-trial-handle=2020,i,10584999551212885474,7978513030807008890,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:8792
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,10584999551212885474,7978513030807008890,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:8780

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:7884
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:8172
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9142 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x4f8,0x4fc,0x500,0x4f0,0x504,0x7ff61c9e3108,0x7ff61c9e3114,0x7ff61c9e3120
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5180
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1800 --field-trial-handle=1804,i,11939335195221481201,14183330974439194669,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:460
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=784 --field-trial-handle=1804,i,11939335195221481201,14183330974439194669,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2356

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SubmitTrace.css
1⤵
- Opens file in notepad (likely ransom note)
PID:7896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\93e7f05821b87c7e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.log

Filesize
2KB

MD5
1352d035058369d28609b30577b10ec4

SHA1
cc81e8d8792912ee5d893aa3aa61c706a4473134

SHA256
47e777ff168326af2d3df30a1ef79b1fb13a8604d24a55e34310ed36f5aac9d6

SHA512
79d8e739909e4aceae4bad6047ca2e9f9dd00a4e2140bfc229a521b87d5a66254a3fc9b98212c5fa10d8fe3db09ccb04e2863a14dba5c7e4218784816dbab5f0

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\Discord.exe

Filesize
169.4MB

MD5
a5853ef869209a9930114cc0b4aee6ea

SHA1
e21596093df8d9abd052ccea90fd923c9a7b9121

SHA256
bb0bced014dc07ca0a9f7d167767ae75c70bb5a8e42126cae568530e4dceb8bb

SHA512
2251507d8d2943667b9c335abc5c164d092da0fc7f4a1929023aa2af9332a039f3e7abd0ac0091b454be5bf6d82911d13facf10473975cc28af726569649b2a9

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\ffmpeg.dll

Filesize
4.0MB

MD5
8206392afea01dedf63fd8be20ad628a

SHA1
81d2f3ccc57942ef4d3e6f6493de2e6b1bf5426c

SHA256
b05865c3509c684377d8eb60398bcf722783799402948899fa9a15b5815cb0b5

SHA512
930f5baf26e9eb98f3e90f98dc506bb06ad6d1620d42e1df3974191b00e2fc869e661cb669efc6fc7d5489055b687c871c3a4c6868901589067072ee8d73e8ea

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\libEGL.dll

Filesize
487KB

MD5
5e6eea1d3198444e1b2faf8cf01f8fad

SHA1
d0ad29a1e52b6838bd94c9c48c182c6dafecd086

SHA256
438b56bdc88c1bfdd9834895c329086defa8b8368ebe24006e7e4dc1259a2411

SHA512
3462e071a4fe723429faa8df8ebb160bbdd39cb9c4d63ab10e1277c027850b6274463b3b5ce585b7be94408c7fe0a2ad8c090724dae7fbd8394ccdcd448cac8e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\libGLESv2.dll

Filesize
7.5MB

MD5
bd8873691bedd4f740678ae765e75d8e

SHA1
a061d03fe0bf94407b0b1c34130f4c6b5b1ae271

SHA256
15134cb19da70147aba9993cb33bbaff203744c61adda51330eef9f0a4288334

SHA512
864ece4a8d9f0aa7ebda945f7789c50454b6ad552bcbff2e1f0ef824bbe62c22a710b335e932f4b7db1942d9d662238f1bc9e7790d21d2e91c7bc7f24d545fc2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\resources.pak

Filesize
5.1MB

MD5
e9056386a2b4edac9f0ffa829bc0cfa0

SHA1
f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e

SHA256
546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c

SHA512
c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\resources\app.asar

Filesize
6.3MB

MD5
18c82fef289b0aa9fff73ce8489c69f5

SHA1
76999d747423ef5cd9cc0a1fa039a7fad6c89763

SHA256
c5e9c322296f97c42132aa29cf9e94e372e9de3b83e2fd1266340ab476b2d821

SHA512
529bb2a0c8c399b4815740928a1b74bbce23d04f9cffeb2be2d12b46f3d3aad00d4498ba95fad0e8d82e52850f6b5395041b65931c63123ab5c95c15d5a82a26

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\resources\build_info.json

Filesize
83B

MD5
a2c7c51e21ab4200a04d9d944428cd4d

SHA1
f059c3c4252336462dfbd43a6237e37b9f71f5f4

SHA256
80c832663053fe43b91d7a8f877ae03eebb50866f8d7d3f73c5f8176b9987993

SHA512
e916b187288b8e735ca4382b1c29a9226f96b3f599be62bfc0bc0a43b2d40284fefa1a38feba0b692d69ebdf900152e46042860b8c77ba30b43cdce4474f8c9a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\updater.node

Filesize
3.9MB

MD5
76e7f6c4e1dc8a5ef0f673dcc0c747aa

SHA1
bd49be853cb7395dcc8704d3fb548bf254f5eabe

SHA256
98ccd7860b42ded66b9726da18562311da10c84fd23ae89f4303a421030f1a78

SHA512
553d3c2688368f84b55f336abe84b2ea366733416b20ac3d3419267351fbdbfabd75901c6cc9342e1a77968253c280345df4835602ec08a3d3b4cca0184ea4c4

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\v8_context_snapshot.bin

Filesize
627KB

MD5
1e4da0bc6404552f9a80ccde89fdef2b

SHA1
838481b9e4f1d694c948c0082e9697a5ed443ee2

SHA256
2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

SHA512
054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9142\vk_swiftshader.dll

Filesize
5.0MB

MD5
ff0e4ca8ba799b3116cbad5b231f5e9a

SHA1
707868043fdb9e2e9ce9d19968e1b193ab9a8dfd

SHA256
c1144fbc38b3be94ea7fd6a5fad54616c9da942c4bb6a4d8087e7460d1212914

SHA512
57574474d98dd085e62bbb826c55f41b74bd3c6d8885f5fa0a66378caceb0a2b63a2e8bc87bd92e6a05f7a0aa29d2732609f515b91ad0f7acac744628816616d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

Filesize
1KB

MD5
4ada7084cc38c692f12f230177e66c30

SHA1
45da6d7b2b61c3f670945bc6b73aa35c975c44f3

SHA256
7b4e3cb73d709049bf3dfcdc19c408e1c647c0f55634635097d8cee75cd63103

SHA512
4cfd2e3bdee8956e4d7103f574b00304967ee38ffeb5c8a1449910593d7b21fe7b1a838e37bb6ba003874ad54f0b276566663b437ef32cf3db953bba2eff0cf6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
a73b18049fcb75c1a4e5be701d1ae2dd

SHA1
30a1574b97a722fbf4f9ccff9031dc0735f3f9fd

SHA256
ce4bd738e28e7f8dccff9b93889be5ebe5ceda68e8116b3561dcfef474a4ceb6

SHA512
7541e0d180fedfbd427a9a92858a9379d71d107d206d8541fffdc3db720f6d64708a4073aa46bae958998b2d2e47d0d6a8fe031287c794d9beec929447d33afa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\doomed\21997

Filesize
11KB

MD5
79d289c921e28d2ac16cc8be4640b2c5

SHA1
b865fd4c0c0733e87699cb7490e92f12b9c8fe38

SHA256
86b6da16e4ec12d22d580dfa833da81de38169be3083a67ebcb45a05afc46d60

SHA512
e877d6146d7548876d557d22f0be4d9952361fa3f1e8dfce1960177b0bf92e9f2ca9e1e805d03b28195d42fbccf62cfa3997594f919e41ea8b83607660ee4262

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
a669d808943d767112f29d7cdba22721

SHA1
a3f23794581135567250d91006e7653f24d67373

SHA256
f107e216b3609ed681fee488a808cb6f338eb9ca8502a03124b4433f87538f33

SHA512
08472a74dadb7cef8c751763b109ddadd502d5a9b7c9f411c851f78bc2f02218adf1fa02ca7738971490e58073d1bfa5e3d36267069f5ec03edf705502fd1e94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
88237b65b7edac5eb157dc42952e714f

SHA1
3b2c5f00508316022a35508ff291346510cd99d5

SHA256
a5ae8e1c565361b88259344b23cf70111a176faef6e79f74d71ba1c1a3954968

SHA512
8464eaeeaad9e2e3485950222db1f2d841059e6187cf1e75ec8fc88a1c411eb7b61a463af6350651e8c1704bd5b435398923bc41b0b43d117b3fc2dcdc305f0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h668dfji.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9142-full.nupkg

Filesize
107.0MB

MD5
c6ae6bfe141b2c4eec9182b0374b8125

SHA1
d917cdb2337e7b16b76538d511efedfffcbdcbf1

SHA256
dab9ada30aafdd1df3c8fd37a4fe6bdf76956191bd81b9850f7d6b9f7ac6cd60

SHA512
1b311358b3e473601bdb02f5e31ca167f3ad4fc95930f5161819c274e15d090a839e7fb88339cfd6067a1722882a1f35f295c5f6eb6a151b6690323dd891b419

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
4e15172de8efff26e3221c1ae8d94d99

SHA1
973327ff8c46cda9b7b727d8d01cca42a6696d93

SHA256
8660a34dfce93f55fc656c2958679b73cc40c3433749d526beb66e37140fcc74

SHA512
d40569850b82467609d80eb5df49d691f7b1bc6fd0b352e9ecb99667a4564c8fd6c130c0da70ef9e12292a0dabedb9c94a52645bac59b80c20beb40921fcf133

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
355f75e42e82d383e932f1befb6aee58

SHA1
92a6e1065dfee8046e22a0e9d5b34e28da2ad804

SHA256
0185b18f9f5c01df783c4eaf5291816039ea2d5b4723133c35dca352968626df

SHA512
8157ca21346aef07e64269fe7fd4fa2621b676f747f32d16535230e439560103a1e518941cb0505f0e4247af3c3a51bb9783bc3528216582d6c5b11a3b0ad17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
aa3ff2421115d59e4a4ef737e890a20b

SHA1
a3f5362276080675e02f51b8bad50a8d024560e6

SHA256
9b7da1303ae5e102551a9bb2477d6086c7b88b239ee5a900a8d42fa2fe8b934c

SHA512
41a71b31c7691e274a7379015f1ed1bf99f5ad6a3fda7ddb6d416dc6055bfbac8e085babc81739cd0a532388b23644896afcc8482ef0571d559181a05ef5e9d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\bookmarkbackups\bookmarks-2024-04-23_11_pCxNWcyzIpkkBIAJYqUZcw==.jsonlz4

Filesize
1006B

MD5
a7ddf8310d32939a02435803eea00ac7

SHA1
65c88eb39323872cb7e3691fe503a39abcba1c29

SHA256
62bf4c6caf18d86d5c8252d20a5e2f75a098ec2cbbee0c6d3fec289452c302de

SHA512
81ecd3d7577e28f919628702ca17f076cc94e8a6952ac29c4f8e9656c3e5d6af89b6f626d6d0d1b374e606ca891b5c306f4118dc91de70de96bd435f592fe4cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\broadcast-listeners.json

Filesize
216B

MD5
1eb526af7501a78b0b84afea8ca6b987

SHA1
3eb931d9ac0eed1b1bc5635773e0fc80315ae209

SHA256
738ae6976481eb76a87e2293e64351fd2ff3efcd6e939c02a61bfcf80b535dde

SHA512
683195e107789f8143951785631d034d51dbc86e4f82f38f5b60d50d941f21ad2191f09327716dc1cae88c708f22b3f66a7b4dbc16ec48320df81ab514999fcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\extensions.json.tmp

Filesize
37KB

MD5
1dd3a24336b878c3c3a46078faeff41a

SHA1
c9fcadc10f086aef7bc1c3dce0bec75464698362

SHA256
cdb21bb926ecb64ac74d4bcc6e27777952190f5975fa5d4c6727403f4660e3c8

SHA512
4032dc2cf5a677301ab583805796e473d94d35cf14217290b6a9c24e7cbe86a24130bce1c6cf5e73b03bbc81229da67086a597a0d8902ffe526cc4142d5ece17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs-1.js

Filesize
7KB

MD5
7b9224035f3fe18f29dbe1cf6cef2a64

SHA1
361d0ee3072278e40c1df00dbf532cf7da83d627

SHA256
000d839b3b4762286ef62b06eb2c1ba8a9383dc2775e0bf0c013418a39c45fdd

SHA512
88a4f0921c97a4f3250d11b7a894956da6f93215be3d51da9bba604ca547e015d671225dc896187b84d2df57c208c67b127cc1c981d018be40eb5b94af45e7b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs-1.js

Filesize
11KB

MD5
9d989ebf9412d764ae7934d347760322

SHA1
4b2ab33b4adcabb2c19cca88e9d2c71b6c589c80

SHA256
43c3210d834613fc34f6feac20fa8f39c3443d99d9357007ec828c02830ef26e

SHA512
b2d5e0a4012d4ca450baa9afa6d4ec05fd990abf3459d97875e8934fbd0e7231baa37a9d15cc419a72c425c7184780c38fa26bf09f9622d56d2d2c01502ce74b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs-1.js

Filesize
7KB

MD5
808e3dec470f5b9ca1e30766dee58631

SHA1
9d08ec1f8ee8273d6d00baddb877ca1219a4f912

SHA256
3ecc6c92dab2136550230f2943ff6a6f6882b20342ee99ebb79816dfa809c1ad

SHA512
a1e95285d3513ad704e69fc8bac18971f4b8cb1eff4049cc05aa478b4f848fdf3cb547cb9d6a471ab828ab122235f5e015cf0935dcbcf3b3e366dadfe6aeabef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs-1.js

Filesize
11KB

MD5
b67e170684820c96e02c861408429820

SHA1
d070f95d05dcfb4fd49057fb49cb3062fc53566f

SHA256
0500dff265d7d5c0ebfcdb47959528db436c76d9e618a3e1dfde416b4fae0e46

SHA512
622bb0c0bb591a2410793828d9724dccac5d55fc62da189adf7f3890db7eac16ffd89973cc394bc1094d96c0e00ce148bc1575cd47efce00d5cddde43af1af1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\prefs-1.js

Filesize
7KB

MD5
564febce65e755d55786895dd6a72406

SHA1
bce2fc1910c58c87a2bde8603786432e6531f867

SHA256
7491825e084803d767fe5b87a8be40a88d7253e4b744951038b4e26f82aaf5e5

SHA512
931046402f771f19be770e344edfd850729d19cf6627229e9a4863a1980acbd26b2fada5bed8362dfb671de8536d7f70edc08b1db11a49f9583b5b42d11d10d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
984B

MD5
c293037fd84c1e261908477e4c4320c6

SHA1
e81e77e0578141e35d87151a26dfe186d6c28947

SHA256
3693ccbd7bf63737cd6e0cd41514577001d6b2592e42a8129fae205bcf341106

SHA512
4c3ed7527d44e8715eb52d660a9577b23e5c4ac201cf2b27059357dcdeaac4be51f7f5d7ccd5d1108a4c92aa20641d57e938f90452774c73f806bed955de2776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
987B

MD5
4abe5c15361554a330c6344fbd7049f4

SHA1
5beb12f3ab3ce02415ec5c745eaa271f795a5ea4

SHA256
b232930eaa1b915ec637726b88952fb55dd55cd89424506d3e6e6c59758b83bf

SHA512
9ae309e5d9c2ec8d5740127c2af0af10f93e957288bc5d5742e23f5c61133b69f76da4983472d49246f8d5f30d49f946d8ddb970bdb032d80aa1948cba999cfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
736KB

MD5
f09a005b3d0b708217c3041b6ca25e06

SHA1
5171d33b3308565325e46aa7db1942c88bc45687

SHA256
37b75708358805c1038bd9a4692cdbde74248b9ee57d1c7f7b28cd3dd48d730c

SHA512
a04e182aa9fdad6bed8971ea53fdabb0344cd848131a6ba78ae5058685f46e2ed8648dbbb055df7ed4573b045e20ec9e3c7b96ddfca4ba5c91deab3d772d3899

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\targeting.snapshot.json

Filesize
4KB

MD5
918707fbd34e2935fe15e0db1e5bb234

SHA1
3ad0b71df5dacf622bc457728d58c78c4cd7c624

SHA256
029ac18fff631e499ec61887b56742194dbaa9b5cebe17035d4fba4c97d4e673

SHA512
75d23610c95cb1e5ecda35e2077fdd34c7781f51a1ba0b9fe48f0b0d9a672c27c86b84c45ee70f87252785d2f7c1df7d4819cb813b972affe04f669ee7204ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h668dfji.default-release\xulstore.json

Filesize
141B

MD5
b847f28acdec63348ea376efd4278d02

SHA1
da4ae0ce914885ad7fe1f89aef3aa4f324747091

SHA256
7e63f727108182d4afdf0ae5131c9e0692d857b934fe8d93a7d4a8cea58fb834

SHA512
07b89826d35c5b9f056c8556ed5dd0a961f779d1aa7639321b90c56ef65bf6706a653a22f7790543b1482414069d5587c1f1c28215e92a7ffdf0fa4a55537c08

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

Filesize
40B

MD5
ef516e81c8fd7435044659965649e572

SHA1
9534b5c8401e659d1440405de87397cc3b2147fc

SHA256
50718c03db20a64efc1f9419bc1e05d18c8ccea8d292331ce04068b2039dbf7f

SHA512
1f30bcb50a4fc6cd299cb805a83a5d20008ffe4f37da66cd1be82597ee15cbce3dc0f73a586ad4e636039c6b8fe07b2f54ce7e295f53fe6211e4a48646f7f19f

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnCache\data_1

Filesize
264KB

MD5
f2129f36b0555752a53cadd30a1a5660

SHA1
ef8d819626e47bd252d79c2b32ef2629c5d95736

SHA256
ebb00ef32ef256921c1be19fbbe45ee1f4e9d64bb6deeb3a05de8c4377c9c678

SHA512
b5d69d7e75560b24357089288b36660ea000e3153c923a7b1bc89aa33a3d810dd98fd09701290690717aa182dcbdaa582dfd9f95a5757f4e6a1aa96ea68068f2

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
979B

MD5
672e3377df349a7f1594db4af39e4112

SHA1
efe91b7a7a7c6470b04e512e12dc28ffd7656868

SHA256
70280c798beff56576a93c92684d1bb28e2436fdde74f274f347b7f6f0b30497

SHA512
3a7f4db175b7f946f3cdf6044fe0d2056c6b86dc037db4d8705336d99145bbefd21b47030f79da049c57641e5f5d62d2d4556f4f886d280a13176b7bd57d4469

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
979B

MD5
0a844168bc899c6ae4bdd06541e53ce0

SHA1
b8c8b95bec5d59c1cfaf012b2e5a895be0acd47a

SHA256
a699aa7f30d4b0200d39126fbdb5302aa81ba94528433d3d14885e7ce46ce121

SHA512
27e2293218f2395eca937d6a725c788a2fc29edcb287846fbaf3ecbc5d71219263d38303cea7b4aebd8b699b010cf064aa3a9e7c8cc76c96207a1182647a0881

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
434B

MD5
881ae7303c890739311d86ee26fe1716

SHA1
aa5bf83a9835076cba55b9771fdbb86f5073e68a

SHA256
ec43cade5f83f2d3f24709f7952dfbf2c7df5cf1e346dc86a254aadbf76077ad

SHA512
760e6d1948d61be2dad4c2ab51153dd10b712c1e986542d05efdaddf56a236f14ca4106405a321efa19369c3a99781587a58cacc952b554922531544c97f2f69

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
794B

MD5
c9b65cf732c253bec606664c41b9f38a

SHA1
70cc8a1d672976e9683c74fe50826f7d6a45af79

SHA256
bb895156f029b5ae148e6b176bb5a53381c5a0de27addb5a54bd786c6d95bfe1

SHA512
6f27fae81edad952bcb053e36ca000b808f7be20f8f921dd24f1dd3e67f99c7c954e2270c5a43cebadb583397cc549648067149b5ca5f8b0b1b9ea51c9fe398e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
979B

MD5
aeea68564043aa6b7d39c868b02930a0

SHA1
4b92dd0c91e3544cd58a031a366f55ce6680046b

SHA256
595fe1f842ca35e7f38f773fd67ce96c222821c042c7e685a5c814753e73fe97

SHA512
754f3879fc07d465e9b206608e2f36ce93f9354f40f8799366adce57dffea23a035fb69991e77f3b44c822d9fd28707d777abca1a042c3c149c8a7498fa2a546

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\LOG

Filesize
247B

MD5
887427ce0cbf5390749bad62eba24ad6

SHA1
8a206dca6d09b768840a89cafd09b9bc18c9bc09

SHA256
7f7df4ba65e792b37bd2f0b2198b66313a9b8646e01637ac5349319e7a3d5e97

SHA512
1f548bfce63e23252be00426c152756753dba6cadade8c893227c1503e196a6285a361d5a997de495ae4ed16fd915b6783439aaa8e9801268ef07f3bce929b31

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\_metadata\verified_contents.json

Filesize
1KB

MD5
3e839ba4da1ffce29a543c5756a19bdf

SHA1
d8d84ac06c3ba27ccef221c6f188042b741d2b91

SHA256
43daa4139d3ed90f4b4635bd4d32346eb8e8528d0d5332052fcda8f7860db729

SHA512
19b085a9cfec4d6f1b87cc6bbeeb6578f9cba014704d05c9114cfb0a33b2e7729ac67499048cb33823c884517cbbdc24aa0748a9bb65e9c67714e6116365f1ab

Download Submit
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\manifest.fingerprint

Filesize
66B

MD5
d30a5bbc00f7334eede0795d147b2e80

SHA1
78f3a6995856854cad0c524884f74e182f9c3c57

SHA256
a08c1bc41de319392676c7389048d8b1c7424c4b74d2f6466bcf5732b8d86642

SHA512
dacf60e959c10a3499d55dc594454858343bf6a309f22d73bdee86b676d8d0ced10e86ac95ecd78e745e8805237121a25830301680bd12bfc7122a82a885ff4b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
592B

MD5
675550e307508b9e461c287109f38e81

SHA1
75d4696250a0e4945246ad0d0c1c831ff36cbf50

SHA256
812b56c59a3815235bf4039b8265e34e5b8e5493e942c77f84752ea53fc77f1b

SHA512
d097e867172f36f6043a6cecf8fbe8853daa8f32b4ea7649202e29a553c55a584f5627f0116a6cc8459c8eda5b5037bbbc77469d1e9d391c1625951d83d5de3e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
623B

MD5
93a8b925b492fb66a071ca05b1e3b10c

SHA1
c48a3220b87af9557ea9af5d3c3cf649e83ce079

SHA256
5f2295fda73c447763cc74da996b81879d0dab226aee36ea890111aa19bbdd95

SHA512
a23dd1fa75b6bbf713bc16d85209d5ef2404554e092b1d09d12b64047f70dbafe36b610081b0060cb27e981bf8157746eb547c64ec052c11a0b5cf65d6e5e68d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
623B

MD5
9522b44b4240e417e13b6e1fd3f26dbc

SHA1
e92160fc2330f70febe80a4bdaa69e09058a6dd8

SHA256
da348560f9f764dcac7807ddb45b74b7741f4167915c5383796e4ce069ef41bf

SHA512
ab5f9bcfae0d49f1eefc8a01254c44734fe410c34ae36b6d8c4dcc78f7bb3c0589dcbf7119eee4ba9bbace06ac3890ae6979c2c47b6af7fa242f85f431652a23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
623B

MD5
e197a0cd9a17534d55068a86de26253b

SHA1
5492b03a325eafd0cb17ea323f933d5080edcf3c

SHA256
e595e59683d55a4653de88dd40e3dcc08d5bb5f50531d7fb5ce5365de22b3af9

SHA512
e78961fbb1d9b66cb421d20099ec2d75a6b18d52d6b68565ddfd63448e5e564de3647f275f990e57f0d98586dd621e12e7f1dffaf4fdbd81c043ea65656d3d43

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
623B

MD5
43e655238f62f19b7e8e0f6154366bc1

SHA1
656ded23eec0d080943d6acd7ad8b85c12406b14

SHA256
4432da638063ee348a1e7ff35d1e13080f746e67abe57038b8dcb23abbc7fc25

SHA512
6d36939d869e8296563d51093b59385c1650f4be3cdb7e6c6145474e4505432fb9049698e8bc3e70f75619ed17e2cdd3c718562ca8a91dc89b266b1ba9e1f5a7

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
623B

MD5
d66f1ab8273e25b5549e70521a34a090

SHA1
820d800df341953a386b11c51cbbcf6a7b66cbe8

SHA256
4087ab5189ecf482926516b9f33310e16ec9b7a288fe0689323e54ad3ae4da8c

SHA512
94a9e6886f973730e3e93ae7a5350121a1caf94e6c6e33af7eb4ceb91a9a90285cf3279a19f052a91bf52423cf9400fa3c06f4e50bd2cc97b0da8b3dd02d83cd

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
623B

MD5
fa29fd5f5d8e8f58c4b763e5b57c4a56

SHA1
d138502df6ae9b21b7bf37540234e5cf57716410

SHA256
65bbd3eed4bbf52093b5f385f86de8464bb09502fcc91be30e68d5cedfe02422

SHA512
8f619f4645449e1ab7cd9745872eb17d56e74fed01d93059434456c01426a604873e4a8017eb2a9e6d9702fed1a9f95423e0101e2bf94941a6a00714bd35c181

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
e49110e224c7fbc630c1dac72825443a

SHA1
a30a1a4a4a8a407d303f83e6e8a543638b607819

SHA256
33e95384ba633ebbcb20904fa3b320f7fa93e9ed349182024de7dcf1965501e4

SHA512
c242eacb2ab4b838c9e16f185056a916cd3c39bd988b4d82c84dd4e7d229d35a7a16280a780e0bbdb823c781101531136fa27ded3ae0e2318a577f00b37ef07e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
38eae938505fffb2915936ca1f307680

SHA1
e0e8510dc3d855015ec102c7d931788e06c2edc6

SHA256
ac31656f550ce33bda8a5a590df3426015cf63a7e916ca730f648c93474e120d

SHA512
12852668f673ffb106b622ffa1ea781657f7ffeec682f18727c703d88519563376a5d5cf6cc271e6ca06374cf420f8cedae5ea4ad095d367b8a8e5ac93730341

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
c2816c1168990707887c85fe66665cf7

SHA1
77260537c0263e31d86412c36c64729cfb9bdc36

SHA256
fd8fc936f6c1768a50af33af4a4290fbf2dd77e4845988dd6aff0e414d5b0bd1

SHA512
0e257f96a442a81a30cca4dacbf05bc94059f1548523070009f409fb2c6159198c11ead29cd088c79ddbedd6a6e4cb6c8a3825592b707a6f5abdbcd4cccf87c6

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
c368aac227c865f35ed1ce7e0478397e

SHA1
923bc0f2a7b4e08701436af827b30bf2a45d4c95

SHA256
0e4049233c15bb9e1d40dc4d77a013bf3fa879c7a68489a89d098173bc91efb1

SHA512
609f8186725c06b983c40d874b0012f47bfad40704f277536f4000d0efbe442ae91f79d7458150060231b24019c35dd7edd09a933dc4de0dcbcb9f534aa4b064

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
5b5c3c0c7d1259cdd93d8d6a98372cae

SHA1
1180344236be198215366fa3105099ecc53351da

SHA256
9349ee4850caa4af48b30949f718f7a74adfe23da16da705444ca5b5f00c0fa8

SHA512
b6152beb80577dbccf45dc99d684e177fd56e7cd393346f5f95149e1392f904c7dcd465cfdef1954301a67f6776bb448164ac6cdff0d5046f3ba28da3ee6848a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
f25d6acebf88c0bd8fbd0e9d8cfa4357

SHA1
bd32867a2841b8cc9408daf91287294eb8d43bde

SHA256
17bc707ca09157e7db2718edb57696b08aa1daedf973b7c1c944b0f67a909bda

SHA512
1008127fadab1c3230131785c69625b5df37be50c8eba91bb9693b16ade496cf4aebd51b037994018038df614f8c1277ab16501f7b5edb628e793c0132096c5c

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
351B

MD5
b0f195cc98b6d3a1b00d82649323d061

SHA1
42e378d5f316600d30c64f6b636cdf95a0691a13

SHA256
98a8cde1e997cf1e00b628a653c75d098bb07e48ef50e1f296d3e656ec962138

SHA512
756ea48aab929af75e1efcb122decf7d75a31320b066413295501cb69cea4348435517fb2b2269e5e06e7ec18b83749249fdefe1af63e6d4474c65aadfba7d89

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
2d4d854c730c6f9d50cd182965082314

SHA1
821c4f2eb277c7b51d8496551b66b10536112d61

SHA256
85fa9e081166ec87397ca42d3fbb63212956668b82ee91d828d288ad98919d71

SHA512
671b0ee82e385db258c59c83d7f044ae550f5c79a8e5c01fd72d1b6913f6fa4d71710d6348fcf2e707e7cea302827c3602cfa2192576eafd72f01fc6eec1a899

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity~RFe59046b.TMP

Filesize
188B

MD5
468b332c415c039154bccef0924f17c1

SHA1
d78921c6fa31085e6e7c233d5328d538a33556ee

SHA256
aef4547f8ae146d5cf3f7d3bd3ac4b462ec0a3e0100626b1f9d8018cc24c46b7

SHA512
a4a650f290540aa54420863ee7b1f7994adf16ba07d74b972e0ed5a16a7183745905d2d288f8790e4bb6f99c306fb2b9ef17686f7795cf87ee107579a31ca38d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Trust Tokens

Filesize
36KB

MD5
7cd8862624e6351a668a8eb081771936

SHA1
52954f29c41d097829692a34fd7dbe0d19817ad2

SHA256
392896d3b54a13cd2c53da93c3c798c2434a02addd5ab916f156d2fb196e689f

SHA512
fe2e5f59b46ae25f1d5f88a87ec4a0c12fa46ecaf3c4805b6b4abb195594b7ae70c919490f684bd711330c8643c9160688bfa9ddbd44ee1592fe63212e2ab0ad

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\c45adde2-5309-4dde-92e7-e275b4c5161a.tmp

Filesize
351B

MD5
e60eb078b154bbabb74a6c77197ac5a7

SHA1
5225cb1969bd2af62d25b114df4b67a436f7ade0

SHA256
c34f35230f2700063631fc94c83946e064888f1c4d3114e1fdce40adea7a746a

SHA512
ad33d3a7270cec58ddff8d941a26e87b53ee58960f75ba37d2de9be4e404823ad62ea7cf2902374a05780480872cff02790097f206c6b7405dcdfefa3cb29cdc

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Preferences

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
ac095bb6d391703660f8299e1a786c95

SHA1
8aad04971f1729834f24c869ff224f9cc0162e27

SHA256
2e56bbd32f0235265ecfadeaf22ea931df2aa85874e6393bf7317de7aa7b6fb1

SHA512
51fd52da07a5bc08cb98f84434ce527487416d24eaca8a1426193b5baaed2f899ac74d3ac0d18adc1615cd7a1d8ab8518eb61b32c8829650f3907cfe30e4ce7b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\db

Filesize
44KB

MD5
4d4863ce15ec9c7dfdc50c288a2d2d1a

SHA1
4494a5c4eab04af1efc9a2d7e1d996064d489512

SHA256
2ef9ab8ec9e6b879a77d1d9dbe7d18a2171f50ff37e803bbd0243af1b87dcb15

SHA512
d34f62eac5f9f0540ed0c6f3c6fcf6713c4546a5625eedc43ecb2cead6af30b387764703637fdaa4ae69d0b6cd31b2e47d6639c41b841d46327886c7a5741247

Download Submit
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

Filesize
1.1MB

MD5
f265d47475ffd3884329d92deefae504

SHA1
98c74386481f171b09cb9490281688392eefbfdd

SHA256
c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

SHA512
4fd27594c459fb1cd94a857be10f7d1d6216dbf202cd43e8a3fa395a268c72fc5f5c456c9cb314f2220d766af741db469c8bb106acbed419149a44a3b87619f1

Download Submit
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

Filesize
13.7MB

MD5
17c227679ab0ed29eae2192843b1802f

SHA1
cc78820a5be29fd58da8ef97f756b5331db3c13e

SHA256
d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

SHA512
7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf

Download Submit
C:\Users\Admin\AppData\Roaming\discord\module_data\crashlogs\2024_04_23T21_14_13_418Z-0-events.log

Filesize
254B

MD5
09cc6dadac72329c4c5c760644cc3383

SHA1
8cda9743f6c796dbc4a27154be4f336641ca1522

SHA256
73ae1d2c47625e428f7cb4aa3e89a15cd90bc90ee088d1630d87ada5f25e12fd

SHA512
e164d656f49efb7f4da7dfda71beb61f43685adc2e620a7ce6c32c0d1587369ed4e53c32cd812766519a5c92b933bac9e1eeb6ac61d2e37955a83446a3abaaec

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\queue\15ca5ea3c25746d38c50e14d7e856795

Filesize
8KB

MD5
712588ae55cd9200ecbd2e776de08cb0

SHA1
e0a30ab71ca3a2432a95940f3011fb68fcd2d3fb

SHA256
dcb43f9d612a322ce8adbae21ee07ffa55625e24cbdc0180a85ac1d8b804c5ff

SHA512
5feac8d826c02b71ee1181de952d80a3c53dc9e8612050422b4d334398d9812e3f4cfb163d1a9af5ded747943595a3196a6f7f5c326bc42135a9c0ec4ef62700

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\queue\531abf293f4c4017a85023297ba5d81e

Filesize
8KB

MD5
8efeec8e04047473ebbbaea61a5c655a

SHA1
8cc19824b837da673a6910a1b393605d58e16ef5

SHA256
5638e9b7d3efa2666c7b69e087142639143d6a33b43c39a49bb57be73e66e1e1

SHA512
4d6bc44f1f8a0e565ffd03c10be7e7f7ea9ed9369aafb0a38b9b9ec05a25182064ee8403f7ce074f8bcbf30445818221629e65e58ed45d9bc1f93ebf889e334c

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\queue\queue.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\scope_v3.json

Filesize
1KB

MD5
b88d6b3de4dcf5cd6ac92876ab732233

SHA1
9e3048754e21511e5b9e3f1c24229d3f819db82f

SHA256
9c63e8b5d19230e2c45422f014ee8a38833878db31e652caea968b5139f1c403

SHA512
e491a85065a0cc5b2f446f326b181d9a4b52b1c3cbf3f3480eda9352034516284c2cc742612df50cb4024326437be36b144c079fb3502126429ba11d2cc3751a

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.Z8nZafEs.exe.part

Filesize
9KB

MD5
5ff1c74048e1c69271f62c9af538c7e9

SHA1
e4a1cef06fd33ef0e2af9cfc94e92cd8d2457620

SHA256
ab88a79dd13d5d844aa8ca714e0309af6038e9a0da1d616eba2fa019af58f6ed

SHA512
1228bdb1659348412b1ae89b0ff95638b547939c89908fcb5ede50c8ec329e5999c4b19a275db8f5a0912d5cc7c26df55e612399c8dbade507184a2b1fe72038

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
107.8MB

MD5
25beefa29ba8c2053810ec13c28d0e94

SHA1
94fd75a4e59c47df12397b2c1474f385d1ffa680

SHA256
e19e717b5b7bf0130b04878dcef2d332aa1c6fad6407fff65613d76a1d5bd6eb

SHA512
b89795255e0ef5bdf28cc82aeba9feefbc29fe3cf23fe95d31cb36d30474069a81909b518244243d0c13ec897b6b8a085b2e6e03247273e11590abc3dade63ed

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_2128604221\Google.Widevine.CDM.dll

Filesize
2.7MB

MD5
477c17b6448695110b4d227664aa3c48

SHA1
949ff1136e0971a0176f6adea8adcc0dd6030f22

SHA256
cb190e7d1b002a3050705580dd51eba895a19eb09620bdd48d63085d5d88031e

SHA512
1e267b01a78be40e7a02612b331b1d9291da8e4330dea10bf786acbc69f25e0baece45fb3bafe1f4389f420ebaa62373e4f035a45e34eada6f72c7c61d2302ed

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_2128604221\manifest.json

Filesize
145B

MD5
bbc03e9c7c5944e62efc9c660b7bd2b6

SHA1
83f161e3f49b64553709994b048d9f597cde3dc6

SHA256
6cce5ad8d496bc5179fa84af8afc568eeba980d8a75058c6380b64fb42298c28

SHA512
fb80f091468a299b5209acc30edaf2001d081c22c3b30aad422cbe6fea7e5fe36a67a8e000d5dd03a30c60c30391c85fa31f3931e804c351ab0a71e9a978cc0f

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4908_740835495\manifest.json

Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
memory/1564-458-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/1564-459-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/1564-463-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/3812-2818-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2809-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2815-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2817-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2816-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2814-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2813-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2811-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/3812-2810-0x0000025770BD0000-0x0000025770BD1000-memory.dmp

Filesize
4KB

Download
memory/5532-143-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/5532-335-0x00000000121D0000-0x0000000012208000-memory.dmp

Filesize
224KB

Download
memory/5532-551-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/5532-647-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/5532-523-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/5532-142-0x00000000004E0000-0x0000000000656000-memory.dmp

Filesize
1.5MB

Download
memory/5532-144-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/5532-334-0x0000000012150000-0x0000000012158000-memory.dmp

Filesize
32KB

Download
memory/5532-337-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/5532-336-0x00000000121B0000-0x00000000121BE000-memory.dmp

Filesize
56KB

Download
memory/5884-642-0x00007FFE82520000-0x00007FFE82521000-memory.dmp

Filesize
4KB

Download
memory/5884-626-0x00007FFE83B30000-0x00007FFE83B31000-memory.dmp

Filesize
4KB

Download
memory/5976-616-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-537-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-648-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-594-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-627-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-522-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-585-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-644-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5976-561-0x000001C142350000-0x000001C142351000-memory.dmp

Filesize
4KB

Download
memory/5980-374-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/5980-403-0x0000000003210000-0x0000000003220000-memory.dmp

Filesize
64KB

Download
memory/5980-417-0x0000000005850000-0x0000000005870000-memory.dmp

Filesize
128KB

Download
memory/5980-431-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/6140-694-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-703-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-646-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-660-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-595-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-718-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-620-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-649-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-500-0x0000021FBFE10000-0x0000021FBFE11000-memory.dmp

Filesize
4KB

Download
memory/6140-664-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-735-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-731-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-730-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-586-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-702-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-634-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-723-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6140-704-0x0000021FBFEA0000-0x0000021FBFEA2000-memory.dmp

Filesize
8KB

Download
memory/6948-5045-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/6948-5042-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/6948-5043-0x00000000056D0000-0x00000000056E0000-memory.dmp

Filesize
64KB

Download
memory/7876-5101-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/7876-5121-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/7876-5103-0x0000000004FF0000-0x0000000005000000-memory.dmp

Filesize
64KB

Download
memory/7884-5120-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download
memory/7884-5106-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/7884-5108-0x0000000073AE0000-0x0000000074291000-memory.dmp

Filesize
7.7MB

Download