de698fc752eabbe55a1699f2978cd7da5ca791931279c10d84a7d305e4e06b6a

Analysis

max time kernel
149s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FigmaDiscordPresenceSetup1.2.6.exe
Size

57.7MB
MD5

c1b0bf0da9420a7b18b875e354f7d1c2
SHA1

f70d18119738ab10b1ecf9e38b0ebc6bf4d3138d
SHA256

de698fc752eabbe55a1699f2978cd7da5ca791931279c10d84a7d305e4e06b6a
SHA512

24923dbbf88a5f9177629aa9a9e764d577e8549039d5dc61fa4b09c639a2b5f91d163702cb6f33590c5cea39b88eceedcddc147e8925920e397faca5438496b3
SSDEEP

1572864:P/t4XJatvBl/LE4HRUL+m/tKWb2BQkHQCXkjRMZI4:P/t4+//7RWjY02pkdQI4

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation	Figma Discord Presence.exe

Executes dropped EXE 5 IoCs

pid	Process
324	Figma Discord Presence.exe
2992	Figma Discord Presence.exe
3032	Figma Discord Presence.exe
2880	Figma Discord Presence.exe
2476	Figma Discord Presence.exe

Loads dropped DLL 27 IoCs

pid	Process
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
1204	Process not Found
324	Figma Discord Presence.exe
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
2992	Figma Discord Presence.exe
3032	Figma Discord Presence.exe
3032	Figma Discord Presence.exe
2880	Figma Discord Presence.exe
3032	Figma Discord Presence.exe
3032	Figma Discord Presence.exe
2476	Figma Discord Presence.exe
2476	Figma Discord Presence.exe
2476	Figma Discord Presence.exe
2476	Figma Discord Presence.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	Figma Discord Presence.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Figma Discord Presence.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Figma Discord Presence.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Figma Discord Presence.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
2864	FigmaDiscordPresenceSetup1.2.6.exe
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe
2880	Figma Discord Presence.exe
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2864	FigmaDiscordPresenceSetup1.2.6.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe
324	Figma Discord Presence.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 2992	324	Figma Discord Presence.exe	30
PID 324 wrote to memory of 2992	324	Figma Discord Presence.exe	30
PID 324 wrote to memory of 2992	324	Figma Discord Presence.exe	30
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 3032	324	Figma Discord Presence.exe	31
PID 324 wrote to memory of 2880	324	Figma Discord Presence.exe	32
PID 324 wrote to memory of 2880	324	Figma Discord Presence.exe	32
PID 324 wrote to memory of 2880	324	Figma Discord Presence.exe	32
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33
PID 324 wrote to memory of 2476	324	Figma Discord Presence.exe	33

C:\Users\Admin\AppData\Local\Temp\FigmaDiscordPresenceSetup1.2.6.exe
"C:\Users\Admin\AppData\Local\Temp\FigmaDiscordPresenceSetup1.2.6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2864

C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe
"C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:324
- C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe
  "C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Figma Discord Presence" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Figma Discord Presence\Crashpad" --url=https://o940691.ingest.sentry.io/api/5890015/minidump/?sentry_key=b32c5d25554f4e6ebed361104462766a "--annotation=_productName=Figma Discord Presence" --annotation=_version=1.2.6 --annotation=prod=Electron --annotation=sentry___initialScope={} --annotation=ver=13.1.7 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d4,0x146faf550,0x146faf560,0x146faf570
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2992
- C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe
  "C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe" --type=gpu-process --field-trial-handle=1044,14065750309180869567,10341984058489248616,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1040 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3032
- C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe
  "C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,14065750309180869567,10341984058489248616,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe
  "C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\Figma Discord Presence.exe" --type=gpu-process --field-trial-handle=1044,14065750309180869567,10341984058489248616,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1208 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
755093733c8a466df9f91dd2335796a9

SHA1
85bc772b0e5e931fa891551432c6f6d0cefb1730

SHA256
3984731c6e599ba83d185632964f83594cf38270f125331fba86f13ca0c288fd

SHA512
3df80bffb4f9f28fc8c139be69fa51c20bdff3be797cb5f13d2689a6e7952285343d20d8e1daa48d5df2ca5c96546bad86120a42c2832a88becdb89901c80ee0

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\ffmpeg.dll

Filesize
2.6MB

MD5
852816337ce93ed2106ff1eb6ac4a40c

SHA1
39f246f2f87110130625c08e9cf26de7a95b82a9

SHA256
d4c699ddc30c53bbdd6a172f1c58edd9ab160d7a3e846a639c48b4cb01dd91d8

SHA512
869b9c7528038a0e57a258df6c8fd0a9b135b701cc05f7cb91b60b3169e2974011425d442ab6babf538b82e62a70396c9216ac4805278cce935b29ccc9230d1b

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\resources.pak

Filesize
4.9MB

MD5
c400d06430b2a46d484692d4dae60919

SHA1
c7ee7c020058de020554e5831345a5fa52f43a6a

SHA256
b9f84f3b08a7074c66024bb697c50415c57bec778227dfdfecab4c7dcfa4f1bf

SHA512
d9f0d095e509cedd4f5fdecd9476ca3bacf677a8699d898a1be2a23eb0c084cef7922b83b28bbf99bf2f3fa848c229982be9f4c765b305d96971ce3937811394

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\resources\app-update.yml

Filesize
96B

MD5
2c99fcc08d3d142cc32f639f6c7a0a63

SHA1
dbcf58a20f60f74605653a71a9bd08544f9b283c

SHA256
b9d361c219ed43dbe6a5a1b8f176d40597863f1a1d851d010b9939d693eae6b5

SHA512
1abb7cf7e6320de56eff01f46e25b2386a0b68168fbb341e3dbb7109bc2b6870b4c827a386c1a63a8c87948a5d5b628e3aef2bc8cc140aefb5b2b1f9033e9e8c

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\resources\app.asar

Filesize
15.4MB

MD5
df274c13bc938e486573d4020bff83cc

SHA1
090e6ca44e0b944bab017cfe8d642eb9a5379579

SHA256
b7811c66092397cb3a124abb2fc757efe479e99185a3096d14501762670b3a28

SHA512
85afab1e478bec66e6b63c4418c8cb81d46920b0fab08ad81c83326c27eed9e7c7dcc0c61ce09a2364b0a31ccc25ae7773028773008f0de78ea9867f9d5d6dec

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\resources\app.asar.unpacked\node_modules\@bberger\win-info-fork\index.js

Filesize
2KB

MD5
4fa8a77e8a521670d13f8cb3f856f3b2

SHA1
9ed28a471f7c32c3156838e819f8305e99ab4405

SHA256
8923f8340f41990d4765ec8d134acfd89b3880f9dd109a942f4bfc209319a5cd

SHA512
37537e216aa0856a5ff5358b0688200838a06b9e9309951ae2c2bcaf5a7800e8ba65f606ca3ac752f7e7574f4b04584fa6eb5fe8fad29c92ef72db7e9ac22f14

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\resources\app.asar.unpacked\node_modules\@bberger\win-info-fork\package.json

Filesize
1KB

MD5
cb988dfc3f5523e7bc9d0a13c8227efb

SHA1
6fd3cb7e05d4a5a54d0e5b6d7dca9da7b90b7bca

SHA256
b2ce44a93edba01d5961993d05025db8de334d68fa32415010d759e8b0f9e8d1

SHA512
0c17bae7b522518f5b1d20db137471a3e717a71b515ee851e41b3157df840937ada7dd0e086fca0e0bc3c900184fb63885d1eb8b3d8a3e403eef5cb4072adb68

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\resources\app.asar.unpacked\node_modules\ps-list\index.js

Filesize
4KB

MD5
32385488335d3acbac238ae79c09256b

SHA1
6945ac03e7581574c5e9dc0b943d89f13eb6bc81

SHA256
fb267dc224440784ece7cac39c0143d79420a206ac8054d5cec1bc702a885a9c

SHA512
76fbdc4e34e68acdbac018c73d937a3da3cad307e417174f9b52db26959388d23f9bb502f9b4f64e44f62565d675dedaabb4f4f3b0f3dbae088b284c96a8bfbe

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\resources\app.asar.unpacked\node_modules\ps-list\package.json

Filesize
649B

MD5
d28de9ae87083e800b9f24e1677fb4d8

SHA1
24091307b7e8b2e00b3ead1c275f69347091af7d

SHA256
6eced87be4f4c59f154f294413391aa25dfd613ac11742b288f6acd766f0f1ba

SHA512
7786aa5ab2804863a04a01792c3760831d227cddbcea0ca8a24dda521348520dab25e1fcccc9f5914900a003731f462cf18083eaffc8a01bbbd2bd8781c394a7

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
be9c23aeca0e61aa22fff992e407147d

SHA1
c6e84a8a015b6c1456e05b614ff94992dace2000

SHA256
4c5f6bb7e8ea2eac7a501a63370431704478c555723c9a8402721f820213d348

SHA512
b602b8de8392df7d52a6db8c063711594fc735be8d9deedf4f9620986ae890f5339983ff2b01ed0885a9d4b1e7d3a5050d645f48b65b64f643753f8cb9017c4f

Download Submit
C:\Users\Admin\AppData\Local\Programs\figma-discord-presence\v8_context_snapshot.bin

Filesize
161KB

MD5
33fe35c8dbea3b96b6f0e91cc51dd301

SHA1
68026a4022f7b8b3d2dc4e2fda9495bc4fcb596d

SHA256
7f0fe67734bc04adf9e949510ecc57678a24afbce5bc310d600ef587058c8a59

SHA512
bdb8b206ceb87e8300cad48990e0649f31d4287fd5f3d89d452949bedeffff4729b4c22a22ebd9fc19f06bf78a7b37b940dc5f76b5c8c9bfa37ddcbd9ee9c38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3902.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Figma Discord Presence\Crashpad\settings.dat

Filesize
40B

MD5
0141afcc0eb37e3e11b74aa01f79713c

SHA1
3034fc0bf88f03aff0f77b2e685db6c04fe654ac

SHA256
a5e7292a5434bde1cf36957619c0bef14375c083a799614f5bc80a9bb8421b1b

SHA512
d3f1d0c5f84ffab903cb23694aceea88de00bb47875ba3c5d35286bac97372f128c2164f0cf57eeb3215e3abdb168e453f37dbb7899b4c2dae171a373c14fcb4

Download Submit
\Users\Admin\AppData\Local\Programs\figma-discord-presence\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Programs\figma-discord-presence\libEGL.dll

Filesize
429KB

MD5
44c15dbe05e89ecf596a2cd98952dd8c

SHA1
b5d1d3a704230131804e24ffe45ad26f76a48b80

SHA256
a1174dbcacc41ca6c27bbd30ae37daacce8685a89a4a61c68b47e646c458c2af

SHA512
4b12859d064c5284a417628bc3835a619bccd976eb695dff93d313c704c218479c6dad00020e2ab38c9fe8ea7ae856ab20248f9e2089d4f4e1a0c195cd8bfa17

Download Submit
\Users\Admin\AppData\Local\Programs\figma-discord-presence\libGLESv2.dll

Filesize
7.6MB

MD5
fd5f1a34b7490f232f9391e07218b01e

SHA1
15bf54d65b23703ff27723907b123aa874cb1466

SHA256
cbbf093abee7979c15e89d6dc3604ae60e6aba2162a773eba6c36bec385eb24f

SHA512
e0dc0bc67565df7daa6e6480547ae22fe4a414802e427e50db1f20fca95263ed9a1157e99c476d4b0b1571ffa2d71b762249a55d8e483cde4daf8c4ec96bf417

Download Submit
\Users\Admin\AppData\Local\Programs\figma-discord-presence\swiftshader\libEGL.dll

Filesize
448KB

MD5
f3cff1494ace967b98199952c7e8e15a

SHA1
04f608268640f543bead2c66a84310943a8f16c6

SHA256
8a98a74e69499ce71dd1e0c8141378388790ae10e4bf94075fe22a02ded9da6e

SHA512
c27ee71fd7283549aa4a3aa134cdf8b3c518ffb70ea75a9a629f5dedaa662c9d13e3258000ee94ba62790cc75c8ae0eb192058283dd6334654988b243f9b4f40

Download Submit
\Users\Admin\AppData\Local\Temp\nst20EA.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nst20EA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nst20EA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nst20EA.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nst20EA.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nst20EA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2864-229-0x0000000004110000-0x0000000004112000-memory.dmp

Filesize
8KB

Download
memory/3032-257-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/3032-290-0x00000000772B0000-0x00000000772B1000-memory.dmp

Filesize
4KB

Download