990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b

Analysis

max time kernel
122s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b.exe
Size

46.3MB
MD5

f6a8dca61c984137f9df99826747caca
SHA1

dba1c4a8ad77fb6afd47f4b98a6e10b5e2bcc785
SHA256

990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b
SHA512

b230e1c6d91c3749fa15a30595b7172303e5b2bc01febab52018e08872da28952b67788f8e911cc9141bb70d8fc2485d36fb81c24b04621a3ce5860caac0edc0
SSDEEP

786432:SMEnRtpu84z8+IElBn5ydGZpM+NaW041cAySCq8j21XntkNGQjkqWJWqfetxTwBp:3+LWbIED5yIZfNaWsW1oGskfoqGtxTvY

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	Update.exe

Executes dropped EXE 18 IoCs

pid	Process
3624	Update.exe
4016	Squirrel.exe
4864	Discord.exe
2596	Discord.exe
1360	Update.exe
1648	Discord.exe
1604	Discord.exe
672	Discord.exe
4712	Update.exe
2728	Update.exe
4240	Update.exe
1820	Update.exe
244	Update.exe
5048	Update.exe
2800	Update.exe
3040	Update.exe
2548	Update.exe
2292	Update.exe

Loads dropped DLL 27 IoCs

pid	Process
4864	Discord.exe
4864	Discord.exe
4864	Discord.exe
4864	Discord.exe
4864	Discord.exe
4864	Discord.exe
2596	Discord.exe
2596	Discord.exe
2596	Discord.exe
2596	Discord.exe
2596	Discord.exe
1648	Discord.exe
1648	Discord.exe
1648	Discord.exe
1648	Discord.exe
1648	Discord.exe
1648	Discord.exe
1604	Discord.exe
1604	Discord.exe
1604	Discord.exe
1604	Discord.exe
1604	Discord.exe
672	Discord.exe
672	Discord.exe
672	Discord.exe
672	Discord.exe
672	Discord.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "C:\\Users\\Admin\\AppData\\Local\\Discord\\app-0.0.291\\Discord.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-0.0.291\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\shell\open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-0.0.291\\Discord.exe\" --url \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Discord\shell\open\command	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
3888	reg.exe
2760	reg.exe
2016	reg.exe
4528	reg.exe
3972	reg.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4864	Discord.exe
4864	Discord.exe
1648	Discord.exe
1648	Discord.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	3624	Update.exe
Token: 33	4424	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4424	AUDIODG.EXE
Token: SeDebugPrivilege	4712	Update.exe
Token: SeDebugPrivilege	2728	Update.exe
Token: SeDebugPrivilege	4240	Update.exe
Token: SeDebugPrivilege	1820	Update.exe
Token: SeDebugPrivilege	244	Update.exe
Token: SeDebugPrivilege	5048	Update.exe
Token: SeDebugPrivilege	2800	Update.exe
Token: SeDebugPrivilege	3040	Update.exe
Token: SeDebugPrivilege	2548	Update.exe
Token: SeDebugPrivilege	2292	Update.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3624	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 3624	1100	990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b.exe	85
PID 1100 wrote to memory of 3624	1100	990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b.exe	85
PID 1100 wrote to memory of 3624	1100	990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b.exe	85
PID 3624 wrote to memory of 4016	3624	Update.exe	88
PID 3624 wrote to memory of 4016	3624	Update.exe	88
PID 3624 wrote to memory of 4016	3624	Update.exe	88
PID 3624 wrote to memory of 4864	3624	Update.exe	89
PID 3624 wrote to memory of 4864	3624	Update.exe	89
PID 3624 wrote to memory of 4864	3624	Update.exe	89
PID 4864 wrote to memory of 2596	4864	Discord.exe	90
PID 4864 wrote to memory of 2596	4864	Discord.exe	90
PID 4864 wrote to memory of 2596	4864	Discord.exe	90
PID 4864 wrote to memory of 1360	4864	Discord.exe	91
PID 4864 wrote to memory of 1360	4864	Discord.exe	91
PID 4864 wrote to memory of 1360	4864	Discord.exe	91
PID 4864 wrote to memory of 2760	4864	Discord.exe	94
PID 4864 wrote to memory of 2760	4864	Discord.exe	94
PID 4864 wrote to memory of 2760	4864	Discord.exe	94
PID 4864 wrote to memory of 2016	4864	Discord.exe	96
PID 4864 wrote to memory of 2016	4864	Discord.exe	96
PID 4864 wrote to memory of 2016	4864	Discord.exe	96
PID 4864 wrote to memory of 4528	4864	Discord.exe	98
PID 4864 wrote to memory of 4528	4864	Discord.exe	98
PID 4864 wrote to memory of 4528	4864	Discord.exe	98
PID 4864 wrote to memory of 3972	4864	Discord.exe	100
PID 4864 wrote to memory of 3972	4864	Discord.exe	100
PID 4864 wrote to memory of 3972	4864	Discord.exe	100
PID 4864 wrote to memory of 3888	4864	Discord.exe	102
PID 4864 wrote to memory of 3888	4864	Discord.exe	102
PID 4864 wrote to memory of 3888	4864	Discord.exe	102
PID 3624 wrote to memory of 1648	3624	Update.exe	105
PID 3624 wrote to memory of 1648	3624	Update.exe	105
PID 3624 wrote to memory of 1648	3624	Update.exe	105
PID 1648 wrote to memory of 1604	1648	Discord.exe	106
PID 1648 wrote to memory of 1604	1648	Discord.exe	106
PID 1648 wrote to memory of 1604	1648	Discord.exe	106
PID 1648 wrote to memory of 672	1648	Discord.exe	107
PID 1648 wrote to memory of 672	1648	Discord.exe	107
PID 1648 wrote to memory of 672	1648	Discord.exe	107
PID 1648 wrote to memory of 4712	1648	Discord.exe	108
PID 1648 wrote to memory of 4712	1648	Discord.exe	108
PID 1648 wrote to memory of 4712	1648	Discord.exe	108
PID 1648 wrote to memory of 2728	1648	Discord.exe	109
PID 1648 wrote to memory of 2728	1648	Discord.exe	109
PID 1648 wrote to memory of 2728	1648	Discord.exe	109
PID 1648 wrote to memory of 4240	1648	Discord.exe	110
PID 1648 wrote to memory of 4240	1648	Discord.exe	110
PID 1648 wrote to memory of 4240	1648	Discord.exe	110
PID 1648 wrote to memory of 1820	1648	Discord.exe	111
PID 1648 wrote to memory of 1820	1648	Discord.exe	111
PID 1648 wrote to memory of 1820	1648	Discord.exe	111
PID 1648 wrote to memory of 244	1648	Discord.exe	115
PID 1648 wrote to memory of 244	1648	Discord.exe	115
PID 1648 wrote to memory of 244	1648	Discord.exe	115
PID 1648 wrote to memory of 5048	1648	Discord.exe	116
PID 1648 wrote to memory of 5048	1648	Discord.exe	116
PID 1648 wrote to memory of 5048	1648	Discord.exe	116
PID 1648 wrote to memory of 2800	1648	Discord.exe	117
PID 1648 wrote to memory of 2800	1648	Discord.exe	117
PID 1648 wrote to memory of 2800	1648	Discord.exe	117
PID 1648 wrote to memory of 3040	1648	Discord.exe	118
PID 1648 wrote to memory of 3040	1648	Discord.exe	118
PID 1648 wrote to memory of 3040	1648	Discord.exe	118
PID 1648 wrote to memory of 2548	1648	Discord.exe	119

C:\Users\Admin\AppData\Local\Temp\990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b.exe
"C:\Users\Admin\AppData\Local\Temp\990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3624
- - C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:4016
- - C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe" --squirrel-install 0.0.291
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4864
  - - C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe --reporter-url=http://crash.discordapp.com:1127/post --application-name=Discord --v=1 --submit-backlog
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2596
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:1360
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:2760
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2016
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4528
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:3972
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe\" --url \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:3888
- - C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1648
  - - C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe --reporter-url=http://crash.discordapp.com:1127/post --application-name=Discord --v=1 --submit-backlog
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1604
  - - C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Discord.exe" --type=renderer --no-sandbox --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --node-integration=true --hidden-page --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1648.0.959095514\72642221" /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:672
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --check https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4712
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --update https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2728
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --check https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4240
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --update https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1820
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --check https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:244
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --update https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:5048
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --check https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2800
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --update https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3040
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --check https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2548
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --update https://discordapp.com/api/updates/stable
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x52c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.log

Filesize
53KB

MD5
9234eed17c78479187b0b28449990e71

SHA1
46907b3555b5f21e6df283ff3dd0d35d9b94c947

SHA256
695ab8e7edd62a4c075d73ee01d5bf9123caedd40b94c316b8fce41b3882b6eb

SHA512
baf11626220b8161172ffcfc70338bba6dfc62ed9ac7aee6f4e0db72c7f2a786fe45957877945e8fde35e65dd8200cb237a1399c4c08f3bc5e2a4b9a3f8f498d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\MSVCP120.dll

Filesize
436KB

MD5
772232b5f8da4f3856c69bf83b3ae8d4

SHA1
46b3ec59eaec869a4f44952a1426628c243b544c

SHA256
0b52bea068520215e1a11c2751bb63f49025ea1a8a3080ee045f3565e3f3ef53

SHA512
105c49b8cf32859ceae4177327915be2c4789efa5363b446fd88fd8a24a1f27f1a8246f3edadd9c64410a51eb5a267eb71fe08f74d2098546297ef5e1097ede6

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\Squirrel.exe

Filesize
1.5MB

MD5
f2dfb0f61cc772923a37645898274c5c

SHA1
1051a5c2c6388b8d2835ebd9cb86a7736835446d

SHA256
9b6cd0dd9ea9413aeaea6261d45386a6817e144e002c3cdfd5ca5bbd47e8b919

SHA512
8c06c7ef00effdb71530124d416df787415feeb286e2d06dc064f5023d772add407972466ec87ec28cbabe7d439187ba66efaa3b911be4da8f5340fe7c638b47

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\app.ico

Filesize
361KB

MD5
7568b6c37938a6d4fa1cb12c360e24ea

SHA1
2a16b212e677ec9ee2ca568dfccdafdecf7c69b0

SHA256
e6f5ea9bd0a7943d967a30bc8585593b69a11117496d684ab26b9a909383ddfb

SHA512
6e52f586b7c1363344fc3f19f1f9343c886634751d1fa0470a7023f010ab81be9c102c140dd143888761e8b2d16e38a5aee8f9915d27b5fab85ca88cfc065e87

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\content_resources_200_percent.pak

Filesize
15B

MD5
7c321056f805aabd5a503821fa1994cd

SHA1
9c690875c9189c66c93ebd4c0971739653bccd19

SHA256
261e6aad3ad0a5f608b5694919ee39026c4c3eb4256540068f7c1aa46be9315a

SHA512
8a5f4b3726e4513251475ac470f86f0daa0d5ae42bb750019ce96ed871cb04a7391cea2cef79e67c585e3a982041575e60d0f79b3a5bb9ad09be53362787f090

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\content_shell.pak

Filesize
9.1MB

MD5
dc5414d9ff517169faba23a5d8f50888

SHA1
33cd50296fa708534bda3eae4d62de020a50fa43

SHA256
ec7b6dbb3c64e2684f378b16388ff50acf463410b1876092073d7e03b35250c0

SHA512
75d785e21fd00fc040e6fceece1b692d84f8ab89ce069999720ebe8e6167774299da59d811d91531e0233c7e8f5d6887cd749ce14ee4351cb4bc3befcf361024

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\ffmpeg.dll

Filesize
1.7MB

MD5
64fbc221a5b0f3e2d04a439cbf1b2839

SHA1
0c4ddae4fbb854169ecfcbd28b747293ea5fcd07

SHA256
1edd6fc2d4f87a24dee17104553e1c2ea2280a06066cc0026aa86fe8ecd3187a

SHA512
4205c6846eeb58541bc410825e788c0650bc54809067a4729183d4ef34fcb54478fcedf25b99a69f46b330ed62cdeb6d8ed8edf6adb8f7f8cdd82d48749aad57

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\icudtl.dat

Filesize
9.7MB

MD5
d03ad9a1189d190119209072d048e428

SHA1
aa954098e3ae4c00f67bace45b39a7b4a8242c6a

SHA256
2857fbe46d007307b1e204c6eb1b7e4988973b958ec8edb07445988f332c1ab5

SHA512
4f73a2c0ceef525e5947dc6eeb7608db40e535eeadb37d83842bdd638eb4d9114f3654d8094c0b72c66ae4bb0214b0947cd4fe2b56426f778c07f3cac5faea21

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\libdiscord.dll

Filesize
2.7MB

MD5
7f2c301a1edbe35cf2ff558818fa98d9

SHA1
1e6ded77ec4c345d5e09f2a22a08b9b255cfe058

SHA256
c3e585d5da30afab2ef431ec14e931af6ff1ac2b885977e9873a46efd14d2db7

SHA512
2f95a4c5619304c47a1d808797b96c1c2447563960be804a49f88db25e2ccd34608f6c51b8c75b47946d158a275ad1d935aa5e1fd09d7ff105d7da9aacf0bbac

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\locales\en-US.pak

Filesize
3KB

MD5
b283164059f28057ebb422f1479302fe

SHA1
a896cb901ff74825b236d56274df8c739b0373ee

SHA256
238e9d6dd238521be01c4187a97226dc20ebafe0560011aa7e4bdd72b84a41f9

SHA512
a3a4d8167383fcbd1bbe5ca4c2bb6a46a59cc3f1f70a0235ba589c4495b72bd2d01f3c9b7ef149be7bc5d4e8e8adffbd3edef0156c3a86459b96f4c32c57fd9f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\msvcr120.dll

Filesize
940KB

MD5
765b004d0d78f2c3b84d468f6cc310f9

SHA1
a9c588e2f2929d12bb2c831296815793f3e15131

SHA256
86568f26f33a43fb950e67351e2c2e92d6e3fc5c5b30be4db29788d2102a12e3

SHA512
48ccd6eed08b639f703386ef5c23486ee78b99a52629dc11c693a51f82077ea74fb684d348597daaa8e1335d8fa938d76586ecc5b5e629712b18fdfc2438b74d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\natives_blob.bin

Filesize
402KB

MD5
8f4d6515f4d321313a39a659c3c5ff01

SHA1
f4c95f1abd24c715a3dd4b3e4c9cff5decda7250

SHA256
7d9c0c4d88618bdd16bb0681fdec1dd736e2ed1141ae527a27b22fb93f27848f

SHA512
3c00eb9a8ca8d076140df0071cfa702e1c032edbc20481bb7f7b7a88c1a82c959b8ac901182c2f9d235f55b4528c8e12b1e765119f1e784645c61f66c1c2b007

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\node.dll

Filesize
10.0MB

MD5
6e41cad26b142efdf1f0644874af48ac

SHA1
3a673448b8e58f7784439f733cc3f317e85fe545

SHA256
eb98a24d60748c8fd92ab9586da4a7b9ba329f941ed6996bf43f81b774991373

SHA512
b67787382ba7350a70b9143a8c5b2f5d3f40991e81c87edb02b8f2c936f6e723c9baad8bb58523a107ab6213edb1181335be49e5432590b6e61c75160163d9ca

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\resources\app.asar

Filesize
12.1MB

MD5
1c5a27290af19a33dd11a72e8127dbf9

SHA1
876b7a777c607207635444a225167550af9df35a

SHA256
cb0cb9beed745c85160470100f6c04ce1c849605d1ba6464ff3c8c94d83b12f1

SHA512
b4836c7b9795969c6689a862c237bcec4d9a2243aa68ef926cc436c3f86d6e1b12541ca63368ac4fcb9083a0f28eefd6a18869df6204df66f5c34b19a2a2b557

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\resources\electron.asar

Filesize
161KB

MD5
08bece427f9b4b5590f1278445a2887c

SHA1
a4032b07f69f384fad55effcd3997c86195a8c48

SHA256
eb624b6749c661edb835247152c143b9da5a8dd6b8b668915d7756a863b96ca4

SHA512
0b0e65012b5aa1f47c89f2d2ac639717e95460579bff8923adbaa0e6f2a9f0be82c6f9b13e2c9d0ba36afb819956cca6b887925890d9797f5248a3c6f6ff9db0

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\resources\node_modules\discord_toaster\discord_toaster.node

Filesize
239KB

MD5
4fb01836032735873004e1f7ea1a088a

SHA1
6622a1f87bdee811d70bbd703235dd7c06af66d4

SHA256
02e69fa98b745566040259afa50d2bab78681305275891ac5084357fb761a6f5

SHA512
91e0f30e9c03cd5e5302a76092a976f92a35489acd296a169598565a2c95283a50cfe527d78e70f713a9d15818b003cb29fc55f234f0fca73f83213c66bd8f58

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\resources\node_modules\discord_toaster\index.js

Filesize
636B

MD5
91f1b5cf0692cb31a0d9a6a17689188e

SHA1
9f04c821cf82a9191b5888045ab5c5e521e11c74

SHA256
fba0c30dd0441f990f19cc3e9b1f3463aef47b2f9b5c0a1e76d7a3a2fb6d7047

SHA512
5153753b93691a4fc1a5cf32e4d9ed78269c0bf4eff5a4b910e2beadd60116d7bee1ce2ad9a036e511d13433a9236537e107ab39315f8b4d19339ba8018156d1

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\snapshot_blob.bin

Filesize
474KB

MD5
eb663314b69a1b6360f1feec17032749

SHA1
a70d9ca90e061150cc909743a30076d17064a72b

SHA256
55a1ff1967fb75c2113221f180638861159db8dbfd04129d376311f953d43654

SHA512
d15231c460a30b185141213e7ee338e738edd3d0e93a25e3c1e046de01cb23769bd42b8df7e6f50daf55b2743cdd13c1a6528c5c152f7fe7565b5db934171fd6

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-0.0.291\ui_resources_200_percent.pak

Filesize
77KB

MD5
36d066788d56a024a41c61e61efe53f0

SHA1
e3272cfb326771b66c316dc9f1c5dbb24aa756c1

SHA256
cec4c4fb02a5d631fddf0d46667fc26d320cac19b75c5bccc4917344b3225422

SHA512
10fd56fda15372d57d99ea48ffdaaaf8feca4654dd71dddc186d3d4ee908ce25ec0771b1609c8534d755eaaf43a9506f76a881728427d828ca7704bf65b4b43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

Filesize
1KB

MD5
6eb96c16eb677b6a8c1df381a0497a1a

SHA1
d4596baadc2d4bee89d57e1718ab30c0b7d563ec

SHA256
e96331392d474ca0fbc51036c7d55aa3a37aae6b074d50ebd106a277b0cb4097

SHA512
3d472d56ceb73a3df3f65eff6af088b3a81ab553153cbda925091500a6543cf83e84872f2bc81f218deddecd8f3c9868d784c2fe08ece95f915138becaecfb0b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-0.0.291-full.nupkg

Filesize
45.3MB

MD5
a1a5a5e10e720817eaa0be013dcf8a56

SHA1
003141aa1d64ba93ce0734d405f07b0c65d5d6e8

SHA256
52fda1665b1cec0ee93a7eba354cce2fb58d31e5c4b4f92e2b2dfca9b1b0bbbc

SHA512
c03b989922b72ab548e100861336f1654f360f7de4908ba5989e05408a5cdff26ce637e08fdbbe6dec3f46062aab24397b2bf532473cacf5a4108bd25dffd2bd

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
a3870895c0cc2179f76d0e0b753cfcc5

SHA1
24f8b81c565e8d52c48e8f5ac88b92859dad63d6

SHA256
1b56a6f78c0b980725b9b18f0e1de71c722303de099c952f10906077301167d6

SHA512
eab1657b9c2142ac87f707d503010d267626a520b4e44b761d062c8ed5488e9c93b24e366d4007c5dd38dc297c6f31ec3bd24689674f2185317743ec9eb5b2a5

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
3d543a652f0c3d796eeafff6d8ee1b27

SHA1
ad05909e33da1d5117c227278c5b0417981c1492

SHA256
e7efaf018f997faa25c740b06a1cff268dcaf57ac9eee33fee8229fe0bf50c1c

SHA512
13d6a2c8d28b77bfa5d166a37660627e97419da55c2542f8eadfed6c9aa199c33f015e57a330da3d34552d217558ced26d8bffe49bf4e61b2418dc477ad909cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.squirrel-lock-85C390EB33B0482E084B6817215048ABA63CDC69

Filesize
4B

MD5
a7e0f8ac46398a7876d1e40dd52c2aab

SHA1
b66922b4e6f09e23c072e4aff49c67c3121dd5af

SHA256
05174bbf0d407087e45b12baae17117426852ff3a9e58d12a0ebb9a10b409743

SHA512
e6b93215582f7f4f5e9292273a9466b5d0cc3a4ea7d77ae42854203755441dd5edbefb11fe8890cae7783e41e2edbf61ec7b03d7e5e9870a7821d4016b095f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Discord Crashes\operation_log.txt

Filesize
2KB

MD5
f288a570dd1cfb54b3219ede21f0240a

SHA1
793fb7901ccd3177a6943e8c1e0c472be9524757

SHA256
2fce55c3c4fbe0eb88b37be81fd34a70be576772c1c4604c9b23b44040c3e5d1

SHA512
113c685c37b1f1bef129a5ae3b0e1cdb385dc46f581b73b34be8b9ecdf21519ff43cc8475d57f90043491d13bb8c7c006d9d11fae7eaa83e4ef7963b7505bda0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk

Filesize
2KB

MD5
2b79e2113b50adc160729c231fe02b51

SHA1
ec82410c6d18b5f6cb10cb19c48fc8e4ec94beba

SHA256
05d669cef86bec2a2b0de333e7b95c48a1f0f61db0b64ab86fb725d19686086f

SHA512
17a5f7d0b8c7bd518676c084236271d76a9b440b0d5e31f2ad2a32292ff8e24244b3269baa2248bf2ce321219d3522faa46e89d68df0ab5d1e9b4c766fccee46

Download Submit
C:\Users\Admin\AppData\Roaming\discord\tray-unread.png

Filesize
1KB

MD5
b4f3da4e8976d181ebbb6b197bb55150

SHA1
55a6bed3be7893f89e34f988fbb5741dbcc4f4c4

SHA256
ffa5fff7eb0b91338d4ada7156bc342e2a2e1cfc1265dfb2cf965522ca43e264

SHA512
9966d199dbb57e2321a904e098b73e2a7b58f3450f9a7dc00fdbb5ac05d80dbdbf7bec7d559cb13c5dff942cc94905e2922c828abbd236cc03249e52a58b1efe

Download Submit
C:\Users\Admin\AppData\Roaming\discord\tray.png

Filesize
1KB

MD5
8336c5c34613d39e1ed154172039d1d8

SHA1
8e9c242f4987b192dcd078b463347a202ac84136

SHA256
1c2bbd7c7dd2f91a11471e405cf2ea886157bfcda660d00a93739018fd413fd5

SHA512
7a6017f73c9eaf91508b82cb766ed2cd08dbe7928dcb13c95a4e87e6350f766d02e2c1b79469f8207c364b67ff5e92a95b0cfe1d1df79ffb95ec833b25279045

Download Submit
C:\Users\Admin\Desktop\Discord.lnk

Filesize
2KB

MD5
bf67b87d58faeb4ceedbcc7e524423bd

SHA1
303be7913cdeaebe5cf1cf84e03f0445c9ba0b25

SHA256
c9401c2d7fb43acf1db53dddb518fda8a36b3a399ddc7bd4b818b8e722e870ae

SHA512
26167dedba9dec572c3ea80c51835b280eeefe36a0673278d7251e573b077b074116c9ea6240291859e6472fd3004666fd9dfda3bf45f14f6437e061672293f7

Download Submit
memory/672-350-0x000000003E000000-0x000000003E001000-memory.dmp

Filesize
4KB

Download
memory/1360-294-0x00000000052C0000-0x00000000052E0000-memory.dmp

Filesize
128KB

Download
memory/1648-320-0x000000000E700000-0x000000000E701000-memory.dmp

Filesize
4KB

Download
memory/3624-267-0x00000000068A0000-0x00000000068D8000-memory.dmp

Filesize
224KB

Download
memory/3624-322-0x000000000AC90000-0x000000000AD22000-memory.dmp

Filesize
584KB

Download
memory/3624-328-0x00000000737B0000-0x0000000073F60000-memory.dmp

Filesize
7.7MB

Download
memory/3624-10-0x0000000000880000-0x00000000009FA000-memory.dmp

Filesize
1.5MB

Download
memory/3624-268-0x0000000006860000-0x000000000686E000-memory.dmp

Filesize
56KB

Download
memory/3624-11-0x00000000737B0000-0x0000000073F60000-memory.dmp

Filesize
7.7MB

Download
memory/3624-266-0x0000000005990000-0x0000000005998000-memory.dmp

Filesize
32KB

Download
memory/3624-9-0x00000000737BE000-0x00000000737BF000-memory.dmp

Filesize
4KB

Download
memory/4016-247-0x0000000000840000-0x00000000009BA000-memory.dmp

Filesize
1.5MB

Download
memory/4712-351-0x00000000060D0000-0x00000000065FC000-memory.dmp

Filesize
5.2MB

Download
memory/4864-269-0x000000002E800000-0x000000002E801000-memory.dmp

Filesize
4KB

Download