b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Analysis

max time kernel
299s
max time network
300s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
16-05-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

open.gif
Size

43B
MD5

325472601571f31e1bf00674c368d335
SHA1

2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512

717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
3028	DiscordSetup.exe
2936	Update.exe
4728	Discord.exe
5084	Discord.exe
1528	Update.exe
3716	Discord.exe
3728	Discord.exe

Loads dropped DLL 8 IoCs

pid	Process
4728	Discord.exe
5084	Discord.exe
3716	Discord.exe
3728	Discord.exe
3716	Discord.exe
3716	Discord.exe
3716	Discord.exe
3716	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
17	discord.com
27	discord.com
28	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2419320719"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31107056"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603494317153847"	chrome.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9147\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{3D1FC4AC-15F1-40F0-9932-322FF0620DF9}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\shell\open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9147\\Discord.exe\" --url -- \"%1\""	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
2976	reg.exe
5044	reg.exe
1188	reg.exe
2568	reg.exe
3896	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
4728	Discord.exe
2176	chrome.exe
2176	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
2936	Update.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1920	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2800	1700	chrome.exe	87
PID 1700 wrote to memory of 2800	1700	chrome.exe	87
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 1728	1700	chrome.exe	88
PID 1700 wrote to memory of 3404	1700	chrome.exe	89
PID 1700 wrote to memory of 3404	1700	chrome.exe	89
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90
PID 1700 wrote to memory of 4936	1700	chrome.exe	90

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\open.gif
1⤵
- Modifies Internet Explorer settings
PID:5032

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4977ab58,0x7ffa4977ab68,0x7ffa4977ab78
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:2
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3736 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4388 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4952 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3420 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5104 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3068 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4680 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Users\Admin\Downloads\DiscordSetup.exe
  "C:\Users\Admin\Downloads\DiscordSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:3028
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    PID:2936
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --squirrel-install 1.0.9147
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:4728
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9147 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x534,0x538,0x53c,0x52c,0x540,0x7ff6e7693108,0x7ff6e7693114,0x7ff6e7693120
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Discord\Update.exe
        
        C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
        5⤵
        Executes dropped EXE
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2124 --field-trial-handle=2128,i,16874208534746612573,8203522596131598199,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2364 --field-trial-handle=2128,i,16874208534746612573,8203522596131598199,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3728
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
        5⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:2976
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:5044
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:1188
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\",-1" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:2568
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\" --url -- \"%1\"" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4376 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5004 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5916 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5644 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6116 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5652 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4324 --field-trial-handle=1724,i,13116453517907864799,7801376783328077321,131072 /prefetch:1
  2⤵
  PID:1836

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D8
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\ffmpeg.dll

Filesize
4.0MB

MD5
34a86c7a13ab91972883df3e3e2eb9ab

SHA1
88cb2d58ebf507dc96f9c72051e90a5aeb6de03b

SHA256
88e4dc54a49083defc4ebbe97520f8fa701aa23eadb49620006367640d2ea24d

SHA512
68ec3062268936a6bd8bdb0e97488a082d10ad9f169c27b5422ac17b2b7e3f28dd44b9e49d8af18f29074f9830213478d95050d910a0c801a12bbe2fcb6c57d2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\libGLESv2.dll

Filesize
7.5MB

MD5
a18a279444b09e7097d49564d10ccaa2

SHA1
a3e566c85cadba9ae48ff128ddec097a413e6a87

SHA256
bf7d30ed4761b0cd19ec18934447ee254f23413c8d831f6d64521bd087fbbfce

SHA512
6a6c5234b051b5d4b321921430fd77e760d9ea59b3edf260f17edeeb98ba899dfa292dc4e4c9ea7d5e094201157395c8c3abae5b14c6007f891d49d933c7e86a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\libegl.dll

Filesize
487KB

MD5
c502f0b22b24eaab84561aa1c5e4da53

SHA1
29594a4d5de1cc3bb24c9364169ba5e3d3e71bbd

SHA256
45f9e83f6c5a282adff76689b6996dda9883d9d9a85992fc9909f723c470f0ca

SHA512
7a014d6943bc70b1b1852b23144408b7c6fbfef3b1bb104c954e4ee8de1a41db80b207b912ef7fde956e0b170db4075f82925419a48ef48ad35d3397b4092504

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources.pak

Filesize
5.1MB

MD5
e9056386a2b4edac9f0ffa829bc0cfa0

SHA1
f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e

SHA256
546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c

SHA512
c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar

Filesize
6.3MB

MD5
12722f1f6a97cef65dc24bb4c8049e9a

SHA1
20098990d4a272ff87bfba34a6a3fe6195e22fd8

SHA256
21eee017072356ac5430688af44a8499f2230f847c391fa96c5816bf38aed0ab

SHA512
b9209c66e716d30195d9bb423a6e9ac6e7118778aea9ef0da7a269b1762e1b5b1e0e406c0cdc5a50759081e9041acc9210a91dbcd7dfe67c82d973f3cba2edaa

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\build_info.json

Filesize
83B

MD5
29758c7a31b168e9cf70a533e5aa64f0

SHA1
68886573a1586259e409786181412c253ece150d

SHA256
136281506525bfcc8862d2d9ea9597af93281cd4da4b3595083e3c3613eebafc

SHA512
4a8b3b14d0fe9a2cc66470986e8971ae325f3ab06ebbce90ba488015a7e29a7fdb578078e5309eace8077b4221368c549cda3f6e4fcdfcf0962081001c01c6ab

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\v8_context_snapshot.bin

Filesize
627KB

MD5
1e4da0bc6404552f9a80ccde89fdef2b

SHA1
838481b9e4f1d694c948c0082e9697a5ed443ee2

SHA256
2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

SHA512
054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\vk_swiftshader.dll

Filesize
5.0MB

MD5
418931d6324a4b9aee665db02ffa4608

SHA1
bb9e9b30d3a84bf68a0cc4f56e125b8709ca9d6c

SHA256
282726daea498983b4480a161cbdc885c76fc01fd53ab96c469a39e0e18722e5

SHA512
89cd3c3b7028c65826dd2aee6caa6752483095391861d42de554e31f946b1d49d5c40f3c94f034dcd902d2e2896a56fb563c39548cb7951c271f93387b14328c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2ab7a7c7-7b8e-4c69-b111-8d913d7c574b.tmp

Filesize
7KB

MD5
81080bf1377b4c3aa075ab9d24da0ade

SHA1
cec05d0af1b5ed0e31307b512365687c6e5470d1

SHA256
819d34e54df98fef9226f4088b51f3826e00b3d7e076d2fef9f4676467d51e35

SHA512
af01957759a6ef8d34f2cd32ca91a58b3d6c2153d8b261e1c52cab45f43ae4f389637f564ae5248d3d2a69f4d5a1a53fc85ef9d3be09e08d38c26df81b10bd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
24118588f9692fc3771b4c78551f7219

SHA1
88a43dd7e9c4a83d2abcf4a635031a98a9899dfc

SHA256
e5e5ad7d63f7ee0d7bddbf6d13590506869f15973e3c1a1f4b3dfde588cf0c52

SHA512
6891f1ef9a88c4c0b5559259e8d2eb3de907f4ac13cbed2866f7956bb6de5fa3e67dd63c50cb5ed06e549f3ad3822e722cacb46fd04d41f5109078cd64f226d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
1b0c3c5b6a4c3bdd13986e2b1e6f9434

SHA1
8ff1d08f1a747aa939f87ea752eaf87a56c561f2

SHA256
2719f1aa9625c2c6f6180985f6f7e7166e45cabc9a71efb7c7621c48d0190328

SHA512
2268bc617e4887dbf3f313e0f6e714c74a30d1751c5d0820b75141b1a9251357e8e743f907e22eecace5f2b3a49dfeb5034ed8ef3cc24234a5eaa00834831a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1fdc1cadc5b4d0b6dc45ebfc6e3a2a24

SHA1
1925e9659c417d580b6cc18117599ccd3a950c4c

SHA256
d442965e7414bbcc0c741193a48d392fc8396cece7eb2c37ad0593b34e16e80d

SHA512
830521b189d1aa1046e10428cf9ac1e800979e64a08e64a1dcfdbfa89e5c57bd659720912d875de52f23e250a121ca33a50c91d5d2e61374530965ee23e3c848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d6dcbd97bd0d699ccac87ec2d7516934

SHA1
9737cebc1a9f3092881fd1601502f54c541b458a

SHA256
9c8137d8575432d2e53bc308ec11d61418c464a4959ba30b7ea04d0fc45ef201

SHA512
3d9ff59fd61f6498d46dfb1572f1ed0060e2f628746663ed61155f9345e4734f765c0d4232c3d16bc11f72c25aea2f4391c5960749e36505469d682be5b2b5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8e5155d56d9c898abd5c08b47e55265e

SHA1
40d380e1ee2fa791f76061f9eba8ecbf09914918

SHA256
70b4bcaf9c86bc258a4d56b996d3a61c4830f00ddfb75f5d8f30de5ceea05516

SHA512
3afd23dbd701bc9a4efe8013816eb45a3525d81c6bd1e2b053eaa225fc748569f46fa87a2786dccd6a90eac717a3ef79002ee8bc80c7a026c518fe8c76611072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
ae6e1ba64e3af4ce7e4d602e8bf002d3

SHA1
4bb162eed157a48ba527f43e4166faa609613d76

SHA256
63346ebbb0116c7d561dcd9bb42dc34ec395a2a1663b699b3c1c3a29e5aa96a7

SHA512
d74a49624a68ed80ae9357ded499329456daa712eb1e812f4c5c667be49439c5a7322341418b693a678459a38ed9096897ad9ef3cb05c497c4433480cb551ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da302cc73e6f279c33132f04553d7deb

SHA1
7bdb25336ade67c8fe6506c376edb7203256e1b9

SHA256
bbab4460b29478958a0166ab8550843a16b6b8d1d42e6b8b310819460831ed02

SHA512
e867aa1eea24bed25af3eff1a76f9e395a165777bf987b7ce0d92e427ea5ffdc340b8018fb338718ecb9e66e92a648aa96ab03098b7762cfeb054d9fb11cf034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
383abb213b1756f5da737a35d56fb160

SHA1
3ee751e5f363a83a25ba0462ad72cc1c1dab364b

SHA256
7dfa9827e2f07e0226900028e60b74d784f420d093d2637290c6314b10cca187

SHA512
4cbf89e340cb2847654e885dd63f1d5d3fc3d7724775173ad708650ae2a2a2b555e180384feb466cc5e19b51c2dd1748d4944e1911370e4c7c41cb9ff87b28b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
768c7c6250de6fbe1367faf8c6f4969a

SHA1
f0d6d40e29d7b572495cf387ec18fb05e1174a9b

SHA256
f0cd3c3f6b9b54a5fafb3aa882bb4e8e571b69aab71c7867acfa9aa704841e0c

SHA512
0e788710807e3fbc67d747d8b3d0e084dddb9dd1f82e4b71d4036260c836c54f5f05ef6b921602b8efcfa714968137fb3e3a4f45a20066648e08555acde73355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9893ae749e960e080a0ed96a1124748

SHA1
192a73c65d3f9924ba071feb81161f1bdcc99c03

SHA256
53c758baec3e97a96f24c456cbd9f758dcf0be2e58a9630e257c9a7bb0ef80f6

SHA512
058c8e0f4ec643d45923c0a6c455c7f401cdb88e817574ec73fa7681f14c325f0685a7fda8e6d75ba5bd54c302f9ed4c5efcfd61e57137e99ca0c4ea64946557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
42bc0023d0e73dc7bd8d7cd26a6ea291

SHA1
40fab8e9db9e4ea41e74e708167aae50c8e9d722

SHA256
ecedc17f91d9fbec80e4dbf04cd756c91c918e7e1270839f5f0ecd1a9007ef4d

SHA512
b52abe8b03f961f53ce5018faef850f4a5f43e91dbd7f452cd9124702a2a52b8ae34897368718038d7297c7c5344dc1929280209cb88756a93eed13e8f61ad21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e46ab5b4ec017dc1923ffe85e92c16ee

SHA1
a3a78b8ed1396fa72110a5d65f5b1bac717668d2

SHA256
4ae98d169b4e1eff48f2eea056af6dafec4dc6c3fd5b870ed6f55b1ee16b1183

SHA512
44ba7b10e96493e27aaad4e3889f5cd1dc6d382a59d6e69a2774a603920521768fb5c00e1d72ec66562104fa00a155828f84f96b398862228eaba1ec4cc6b114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1f39ae0e89b9b274d0436330eca9fb4c

SHA1
af496cf3da6ebd4a0c7e319f07e307dd7eb015bd

SHA256
5cc00f6ca6e30a53433f7d872102d42bee5dca957e9de77e5eaec25be2edcc83

SHA512
f7d8a2219a318f3cbf41b0cfa55322eda8d6c45ef139b374d92aa51d276d61d879998e82dc29894d1d532883dca951716f117ab4190f7096ac935d6c91620c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4a793710ebfc4fb181c69a4de6b81ed6

SHA1
06a3471bd45994f2b8d63ef5b000271330ad6b04

SHA256
40a28b4f12e31dd0190c30ef1346df6491b5ef595c538cd9c2e4d10d602b0801

SHA512
ec636101a09b0a7f8c94f8ecdf3332f2d67b8174f4666f7bd2b8b63d0563f2e43482e096b61d71f714b4bbfe9b81b9175239c70b266de76919db4d75fa381b2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a579cc6be37243148e7ec62c9e9387ea

SHA1
26ba4296765c1d366d543c18cc7c85b9d2d8dca5

SHA256
44f7b6498272139e6f9c4dd5923b4d2b0d33f8ebc683cc95cf2c68dedd7597fd

SHA512
df037d2827cbb68898778e18f93cb8589c6eb454a8664137646480b36d56a71b09d08691edfa874707f434af02be3dfe8d2a5df58859d18d8a6aa1bd99a0dae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bca63542945cf7071236166df2373079

SHA1
ab99253a60c02685c87bf58278aeffa41b16dcef

SHA256
461a6217928f2202ffdfe29e54efaf27a7a3c4bf1ca943f6de7491d5eff6acc7

SHA512
948803d4e14fc8fd1540c0634eb05d4cc5ad3aabadd266a0030becd096cbfad7f22b9a5b6e10b2a10ca8c10e4e97f19d7b6a3b6ee7d619a6a6699b5678adcb30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a531dc60d46bf41146bfc77856d9630

SHA1
2e614a427dee3161f14baae7196715fc5a763cf8

SHA256
cd050a50f483ef59853fe42fcae1755a9a064260e940e4a8a82ca6ca6f597e07

SHA512
6c542bf21836cb0b64a9570cb835eb38794bf217a645e6e13a2f8c746b53f78e51f3804658f97b6d50182ca36fd6c3529c9d06fd4b9403f3d04e4fd5d831b366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\eff627ee-3deb-4fe0-aada-d6dbbc9983f4.tmp

Filesize
1KB

MD5
65ab60c677d3e1804c51c875bb59bafe

SHA1
c5c129db3db314bb85693d0efdcaf835583d7738

SHA256
b58072811d3091134a8376909e30884deb16fbd92f4d3346bfb2ed5bb22885d8

SHA512
92cf3860c0fc18410cd2345d907e50464b5f6e4e56ddbaa8702433336b2b8a0ea3891fd972ea3b1a05ac221ab739fac0e188f223c7e8c03951e46a80d80c989c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
262f5e8fd2ac2199813f0b7245026d17

SHA1
11313129420d43e52c9be9939bf2c50fdff39573

SHA256
50c79fead6cae751c7b15dc205bfe6e8fb4f81493df3cecd6da389f771aa1e41

SHA512
221a329b8d6cbcb27e14bc6c00f4fbf19429db488393ae3cf1e7c1ffe01429833eea81ba3b85cba784dab779dac3ba297625e536b6c7208b3a283761ae83e90f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1ba822517ed177e6d40c405a1cf5ae59

SHA1
e642c06d10b8f0900e51224cefda1cf0b64ec66a

SHA256
da27b830a5f19048a946b0da317d431dac302cec4b7bc841dffd19cca998c89d

SHA512
204ade5d54723cd1837eb1712081ca2b79dbfb6e2aa971e9ccc3f45df50d99a153f8803937006fd98841043f5c96ccf8e81de7777f967f4157d8207db28b63aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
288b8e04657756ff55e3f348695771a8

SHA1
a9079e22579097fa6b4c25ac29400996a21362b5

SHA256
3a4aa89c7963a1b829054807f30307735e2481811c251021539449d0700c6082

SHA512
e1737c7e5d93ac1c728dda81e17e0e4284abe647099f51ff820fcf9930b7242233f5d6fd566ff21807e4466dbc9cbb6fd0ffa53f0be8b78f47d79b637bc1dd27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
05154cdaebe4d7a424dae1efd87f8764

SHA1
b76291e6dbf9e66b108bd34b651d2760c8612a9a

SHA256
bf017f04511e136c0ea66e4a8d700ede1febcc11eeba3a8f1a0c7e7d5931380e

SHA512
ea0a920d79ef1ee49ebbbcf8fba681fb46902ce8f37e54b13355f1e1db7bb031506bc18bf7d41deea5a62d5eed519ac75f4a985ceddf4bddf96cf24ec4367a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5b2cb458fa3c9d1bb89839ab4202c076

SHA1
64d79f3751988de5110258c7c054eabbe9b0f3ea

SHA256
32843a58b157a0bb3681f6234ff977b3fb1df78b9c55bc7a09d0d8e3e1c61f18

SHA512
ade1e892c07c5737ea481c770d7bb8d7fda69e39d119175e4bad6c117a2820dddbd8c689775fc00b2ca2ebe4270ec0ba3ba60493516ed6da1102e2c7b71ab580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
36a74462d7e3188dce42734bd69526cf

SHA1
8d2b7e8527926fa1688c90a4fed0d5cbc9cd59f5

SHA256
61bd7b83227472adee4ff13320273293fd4d7b309a698fb185797554b716723e

SHA512
554a4a99190d69085ea6cc2278b94ec94ff06ed46e1d3a777c6c8fed85528d553f9ce3cbee9b72082b4cc6d908f5465c39b4198328a118018021c0431ea7ae7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
13e7e179f754f52dd34fd2aeb1358898

SHA1
b99a63928637610e726422762bae9ae575c5a9bc

SHA256
9d7460d77b511ab047f07c413e32ede930b3b300b53a726bd3485744b6ec2cbc

SHA512
7c14b7852607f5340ed7e467630c25fac10698f64862c51fa87638875842e7fc602c002c55aa7d7ff6e15d191d4c4939a8ef69b41b8a777ddcc6ecec7750878f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
851accd4cb3157f4aa91d344a0ffb98b

SHA1
14d6f23edccf6e70d024971bbe590c28dab0b5f0

SHA256
5314b7de8b04a9f4722fd097b30fca4e14a0c7adc463c29adc309b61a36269f8

SHA512
e989d4555987b83d16b6399e52b40dc1b5bf8def49835fb34c93e28fd33d8e2efd77ab3f440bdc4d11c8c984d3095d5eaff8fa6cd70195bd4797f4dfb8d0ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
544e6178850d7eb7db5a2fb792f0df4c

SHA1
89d5673605d103c395eee01ab465cfd1b1608da9

SHA256
6e86a63c914bb31fc6a349bc3a21986be21791c48473175f5c19727b55a05a5f

SHA512
e7407f2bf86a67e163d29d94ea5c04717775f5ab52788ef5b6795e0954837f81c0368fd1fd69778ebc40122e65fbf6e4dee32d45693c980dd0321f790f8f8a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
7f5e456af51cc1e3b1eac39e084972e5

SHA1
4da59c5ee9f4808662263f66a68211296717b8c1

SHA256
91b30aa5f82c7b3cdfed51ca8a9d02ae04be0f63ed1aa3a273de41ea70e40afe

SHA512
adcbfabd6171d14eeba03b63d0da910fcd94af4eccd3609df329a407039290faf6b876cf41aa7986134de9daac3a6e1f275916248462b4de6d25295ef6ddbb8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
0ab7dbeb56d0346fc97667c4758df5df

SHA1
6e5e1c047848c06fc651976423dc54367b63a5c8

SHA256
320f30e11f9d5a869d89bffccdd97bcd00cb869b588cb6e628c78afca8e259f1

SHA512
fbe9659841dbf558d7d1f41929df5eb36a19514c98953ba1df5688c7e8dbdf5c5a16e1debc8a2c26632e6fdd30a40a623e852d64c1eb191b5c6da23a75eb863f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586e36.TMP

Filesize
88KB

MD5
b8f75809f75952e1e7bc63dddc6b80e2

SHA1
ca99074e9b0f1b88fb0e3646962bf6212bf6269b

SHA256
1d2043ff34c0f0f85b0525f46bac1a488184fc2180817dc6a7e998445c992b23

SHA512
f0e0c28ef5fbb568f359d0e80b0d9eb1bfb55c0d41a250729322ba397c89203a5a5a440d0e103b1152ee0862375d9ac0938a8326f3803434ab26d563003ec967

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
79d221283c0d1389b849165306d9015e

SHA1
fcaad52b3b0d49e98d71a56aac199ed95c1301f1

SHA256
fd6682599238b669f85bd201e7803c6dd304b6b3a36ca0557b0cc92e21bfa86e

SHA512
d70e9a2d137172b45cf6a912e93a6313728003c303fd4235811fd1ec588c9a4c4f924eb9a2588825883c3a8369e5918aa11f485442ec2eacd28deb7410ff308e

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
78b7a9a33ab3c3a17336ad38f5ba9f65

SHA1
0089d32e98292c2cf7d16d98616635eac0d90508

SHA256
65c2cb5539c0957ab57281f4294cc01876285461f47847eb83304732e0cf4b1c

SHA512
53fdef293137c431729181426a47cac1ffc9855c1a7622a7f36dc750a8bafc3607ae81fdb3102f6eb1d4684ef66e2e62116b741243b39a4d8a33d2425f7f122b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1528-446-0x0000000005390000-0x00000000053B0000-memory.dmp

Filesize
128KB

Download
memory/2936-406-0x00000000125B0000-0x00000000125BE000-memory.dmp

Filesize
56KB

Download
memory/2936-404-0x0000000012550000-0x0000000012558000-memory.dmp

Filesize
32KB

Download
memory/2936-405-0x00000000125D0000-0x0000000012608000-memory.dmp

Filesize
224KB

Download
memory/2936-211-0x00000000008E0000-0x0000000000A56000-memory.dmp

Filesize
1.5MB

Download