d24dddbdf2970f6a51611a193bcd839faf3d7a28d4dc96adcb3c20a11424209e

Analysis

max time kernel
24s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 08:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DiscordSetup.exe
Size

108.8MB
MD5

4a2bab1275706365277fbecc493b0bcb
SHA1

944287d298e5e3876d41f5416573091bfb27edf8
SHA256

d24dddbdf2970f6a51611a193bcd839faf3d7a28d4dc96adcb3c20a11424209e
SHA512

775c618c025f125e6fce586ec4727eede2761d75fc288ca0afece8723463e173ced87959ea706b4ec48ee477a92100ab1c3c2341311e1b0d4396b3a772e51ecc
SSDEEP

1572864:TPKunsjp0UyfrzJwWhQgQdCev9wChYAs9YLiC1lgno+r7BP9cSFc3YpnngmBXlI1:TPCp7wKq3VYLiC1iZvBPTFcgnFBVI1

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	Discord.exe

Executes dropped EXE 12 IoCs

pid	Process
1092	Update.exe
3632	Discord.exe
184	Discord.exe
1360	Update.exe
988	Discord.exe
4116	Discord.exe
908	Update.exe
2028	Discord.exe
4152	Discord.exe
3888	Discord.exe
4956	Discord.exe
2712	Discord.exe

Loads dropped DLL 20 IoCs

pid	Process
3632	Discord.exe
184	Discord.exe
988	Discord.exe
4116	Discord.exe
4116	Discord.exe
4116	Discord.exe
4116	Discord.exe
4116	Discord.exe
2028	Discord.exe
4152	Discord.exe
3888	Discord.exe
4956	Discord.exe
2712	Discord.exe
3888	Discord.exe
3888	Discord.exe
3888	Discord.exe
3888	Discord.exe
2712	Discord.exe
2028	Discord.exe
2712	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\URL Protocol	reg.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry

T1112

pid	Process
5408	reg.exe
3912	reg.exe
392	reg.exe
3424	reg.exe
3460	reg.exe
880	reg.exe
5580	reg.exe
5888	reg.exe
5940	reg.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2712	Discord.exe
2712	Discord.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3632	Discord.exe
Token: SeCreatePagefilePrivilege	3632	Discord.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1092	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1092	1416	DiscordSetup.exe	95
PID 1416 wrote to memory of 1092	1416	DiscordSetup.exe	95
PID 1416 wrote to memory of 1092	1416	DiscordSetup.exe	95
PID 1092 wrote to memory of 3632	1092	Update.exe	100
PID 1092 wrote to memory of 3632	1092	Update.exe	100
PID 3632 wrote to memory of 184	3632	Discord.exe	101
PID 3632 wrote to memory of 184	3632	Discord.exe	101
PID 3632 wrote to memory of 1360	3632	Discord.exe	102
PID 3632 wrote to memory of 1360	3632	Discord.exe	102
PID 3632 wrote to memory of 1360	3632	Discord.exe	102
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 4116	3632	Discord.exe	104
PID 3632 wrote to memory of 988	3632	Discord.exe	105
PID 3632 wrote to memory of 988	3632	Discord.exe	105
PID 3632 wrote to memory of 3912	3632	Discord.exe	106
PID 3632 wrote to memory of 3912	3632	Discord.exe	106
PID 3632 wrote to memory of 392	3632	Discord.exe	108
PID 3632 wrote to memory of 392	3632	Discord.exe	108
PID 3632 wrote to memory of 880	3632	Discord.exe	111
PID 3632 wrote to memory of 880	3632	Discord.exe	111
PID 3632 wrote to memory of 3424	3632	Discord.exe	113
PID 3632 wrote to memory of 3424	3632	Discord.exe	113
PID 3632 wrote to memory of 3460	3632	Discord.exe	116
PID 3632 wrote to memory of 3460	3632	Discord.exe	116
PID 908 wrote to memory of 2028	908	Update.exe	121
PID 908 wrote to memory of 2028	908	Update.exe	121
PID 2028 wrote to memory of 4152	2028	Discord.exe	123
PID 2028 wrote to memory of 4152	2028	Discord.exe	123
PID 2028 wrote to memory of 3888	2028	Discord.exe	124
PID 2028 wrote to memory of 3888	2028	Discord.exe	124
PID 2028 wrote to memory of 3888	2028	Discord.exe	124
PID 2028 wrote to memory of 3888	2028	Discord.exe	124
PID 2028 wrote to memory of 3888	2028	Discord.exe	124
PID 2028 wrote to memory of 3888	2028	Discord.exe	124
PID 2028 wrote to memory of 3888	2028	Discord.exe	124
PID 2028 wrote to memory of 3888	2028	Discord.exe	124

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1092
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --squirrel-install 1.0.9152
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3632
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9152 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.1.0 --initial-client-data=0x504,0x50c,0x510,0x4f8,0x514,0x7ff734f39218,0x7ff734f39224,0x7ff734f39230
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:184
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:1360
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,11217912592874209896,3715096408760184590,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1896 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4116
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2172,i,11217912592874209896,3715096408760184590,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:988
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:3912
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:392
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:880
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:3424
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4256,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:8
1⤵
PID:5052

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:908
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9152 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.1.0 --initial-client-data=0x500,0x504,0x508,0x4f4,0x50c,0x7ff734f39218,0x7ff734f39224,0x7ff734f39230
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4152
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,14305621587053311986,3330989846950958497,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1880 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3888
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=2168,i,14305621587053311986,3330989846950958497,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4956
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2316,i,14305621587053311986,3330989846950958497,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2712
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
    3⤵
    - Modifies registry key
    PID:5408
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3368,i,14305621587053311986,3330989846950958497,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:5540
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
    3⤵
    - Modifies registry key
    PID:5580
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\",-1" /f
    3⤵
    - Modifies registry key
    PID:5888
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\" --url -- \"%1\"" /f
    3⤵
    - Modifies registry key
    PID:5940
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=4340,i,14305621587053311986,3330989846950958497,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8
    3⤵
    PID:6044
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=4444,i,14305621587053311986,3330989846950958497,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8
    3⤵
    PID:5436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2028_1588569340\Google.Widevine.CDM.dll

Filesize
2.7MB

MD5
477c17b6448695110b4d227664aa3c48

SHA1
949ff1136e0971a0176f6adea8adcc0dd6030f22

SHA256
cb190e7d1b002a3050705580dd51eba895a19eb09620bdd48d63085d5d88031e

SHA512
1e267b01a78be40e7a02612b331b1d9291da8e4330dea10bf786acbc69f25e0baece45fb3bafe1f4389f420ebaa62373e4f035a45e34eada6f72c7c61d2302ed

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2028_1588569340\manifest.json

Filesize
145B

MD5
bbc03e9c7c5944e62efc9c660b7bd2b6

SHA1
83f161e3f49b64553709994b048d9f597cde3dc6

SHA256
6cce5ad8d496bc5179fa84af8afc568eeba980d8a75058c6380b64fb42298c28

SHA512
fb80f091468a299b5209acc30edaf2001d081c22c3b30aad422cbe6fea7e5fe36a67a8e000d5dd03a30c60c30391c85fa31f3931e804c351ab0a71e9a978cc0f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2028_1718033514\manifest.json

Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.log

Filesize
2KB

MD5
cdec6992740218dfbc2809c9da2add4f

SHA1
b2d4a80065b2918adc03292a93efc8d9f3379a86

SHA256
f58887627a64532536761b4f51c45cc007b87315015756e5c122d9c35040428e

SHA512
f8fb47703dfa896f0e09326ed61db4597fb43ad41c61a16eacdf83f78e727ecbe19391137741a16fe7068b5cc06b74ad590e5a4e8f9f98a242a7b5358c58d8e0

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\chrome_100_percent.pak

Filesize
146KB

MD5
6c2827fe702f454c8452a72ea0faf53c

SHA1
881f297efcbabfa52dd4cfe5bd2433a5568cc564

SHA256
2fb9826a1b43c84c08f26c4b4556c6520f8f5eef8ab1c83011031eb2d83d6663

SHA512
5619ad3fca8ea51b24ea759f42685c8dc7769dd3b8774d8be1917e0a25fa17e8a544f6882617b4faa63c6c4f29844b515d07db965c8ea50d5d491cdda7281fc5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\chrome_200_percent.pak

Filesize
220KB

MD5
77088f98a0f7ea522795baec5c930d03

SHA1
9b272f152e19c478fcbd7eacf7356c3d601350ed

SHA256
83d9243037b2f7e62d0fdfce19ca72e488c18e9691961e2d191e84fb3f2f7a5d

SHA512
5b19115422d3133e81f17eedbacee4c8e140970120419d6bbfe0e99cf5528d513eea6583548fa8a6259b260d73fab77758ad95137b61fe9056101dd5772e8f4a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\ffmpeg.dll

Filesize
3.9MB

MD5
b3a288e4c97297d2c6158b1461d7eb67

SHA1
23b98e59f7cec85c7526087d54b2199e0b26dbda

SHA256
28d2ca5d4e5e032764d8ed24bc270cb90ccd447b6419e937204eddff2f02d7c6

SHA512
255cffbbcdc0ce6b0a4ad32d26c036184c394f2dc09cd91eaaab18fe5ee9aed5f6e3ad8b04d3d356e0eada4ee70695872a0c3b0cfc78e290d26e5c83973ffe63

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\libEGL.dll

Filesize
486KB

MD5
1532ee9eb4215e6fb83d0db7157009be

SHA1
8001cc0019de78737efa2fa21afc02ae2238607f

SHA256
4ef5fbd9d4d764d98dc7742282f7770adfb420903f4d50f1fd0a551f86bc1b2e

SHA512
c824bf012394dc1f8dd0863c7271bb86ddea5f3bdab3227e7eec16153c049451b3b4b3228b566f9550cda0e0060d2ef5b2fa4b560e96cf42ae57079e2eef5a3f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\libGLESv2.dll

Filesize
7.6MB

MD5
6c708bb61f49bf9f3112a56b961dc5fd

SHA1
2b7ab85596925f5928bda16d75e20ac14c3b4ea8

SHA256
ba465165e10089769f7743e17296afde16b3dedbb4a06f444f37c99b123c83a4

SHA512
259cd16b34ec51311f3b2322777832478cd55054356a2969794d0faf6efa6e139d30aeea2e9ccc21d094598a64bd32485472cb05fbfe3b8985ffb560d316ee7d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\locales\en-US.pak

Filesize
443KB

MD5
88bbc725e7eedf18ef1e54e98f86f696

SHA1
831d6402443fc366758f478e55647a9baa0aa42f

SHA256
95fd54494d992d46e72dad420ceee86e170527b94d77bfaaa2bfc01f83902795

SHA512
92a5c6cfc2d88272bb5144e7ee5c48337f2c42083bc9777506b738e3bcb8f5a2c34af00c4ccc63b24fb158c79f69e7205b398c9e22634dae554410450978a2c4

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\resources.pak

Filesize
5.1MB

MD5
db3fa7a7f7af66bbb73c1c0a46187572

SHA1
5c6f2b5c01a20f204bb67f28a907dec4cd98bce8

SHA256
0e114f6464cecae87988c1dd65ea1bc939681fee6415d343e947a5889717165f

SHA512
e639e96c36fa67dfdc7098c7d6863ee421a2de9fa49630038e8abf4f152b03e0bbb80eee0d40a68cac5a48bfa75f0cc3542c1170dd65ab1bf5626450f803d410

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\resources\app.asar

Filesize
6.3MB

MD5
572b744d6569367f96beeb607186ecc0

SHA1
56871c8dd4128047352b105580b02666c6907445

SHA256
6b566f5b8470c1e233cd46cd5c16c3849464e1d1869dddbc4697509420254357

SHA512
86bdc89a4baf268b405a71d448d191f33d5f0cfc74b8f37b0fa3fa179e39324b3ea6a7a8649f8fcb113fe5dfbb332e35bd390b18466cdff819d170fdb166f09e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\resources\build_info.json

Filesize
83B

MD5
b3ab6f4926a8d3feeb64a5b030633658

SHA1
ac9f2d3890260b710fd12207d813db44fe4a4dba

SHA256
854c79094804243419f2153adc0c77d6846576f7f57b27b7e547db6a48b45887

SHA512
598f069633141df096d8bd1a4966cf49f96c3f381ff7c152436341a2c1f783833cd141447fc3fe51aca8cc1fcba33baab4362eb22f77fe7e14422becc671a4c4

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\v8_context_snapshot.bin

Filesize
641KB

MD5
228cb75c5b14fb790ec913a34c12b4d6

SHA1
aa6dbfb6cd403be3110f85c2a3ae72ab575645fb

SHA256
bb9c5a66316280c3d90ad63e20e34a7311972632bfd927f9d192407c13714444

SHA512
ab6b94de633b71a99b58f3924b0b8a351e0899ccff0fdab35e06938ad22ed62548a331b0b296a886f67941a642fd32d00ec2297b0d687139c0e57d2919739c19

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\vk_swiftshader.dll

Filesize
5.1MB

MD5
752e30ced23ca5e21472b1f977211ed5

SHA1
64758c8ca34a65659d00032fe880735d5efe9740

SHA256
8eea88d83246f1a945a5d21a29d97dc0dfd6f659bf1fbdd7f0c68c693032e794

SHA512
b402649012d6810527f2e92d929b2209cbe515632e092894690bb29b3338834729bea2c23b4735e6fc50619e239b5f05c5c48182c73f904db101cd4639b0eafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

Filesize
1KB

MD5
6eb96c16eb677b6a8c1df381a0497a1a

SHA1
d4596baadc2d4bee89d57e1718ab30c0b7d563ec

SHA256
e96331392d474ca0fbc51036c7d55aa3a37aae6b074d50ebd106a277b0cb4097

SHA512
3d472d56ceb73a3df3f65eff6af088b3a81ab553153cbda925091500a6543cf83e84872f2bc81f218deddecd8f3c9868d784c2fe08ece95f915138becaecfb0b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
a7a2ccd9a66d4f5928c3b73590fc2858

SHA1
62f99222c8a06aa74cefd667bb2a2e16e9164438

SHA256
161de70989b18983f51d874810d4b952eea9c05e263596a9dc72df3eeb81b144

SHA512
8ff2f145f818a2f71086723215b9303696720c2af3907c423ab9c25eca988ead9c8639026d3946bfde736eaeb714877788aae80c9e9d90351f8d5977a5e8070e

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
377f7daed6450f501fd58ca22a921181

SHA1
dca44be7b99c98d62a3b46430c83220e4e53b89d

SHA256
d8e99b0a2ff17a8525f11cf8f06f84b2561852b1521c8ad2657ca9075a521fea

SHA512
06197d7edb7fdd7cc4f749fb9d50889115ff479c893812a6d7d180140e6aeb038cdba35850fb7cbc119c06ed2b70f7ab2943dbfa89cb5446e06e69b3d21cb6f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

Filesize
40B

MD5
aa83b6e5aa0750fb740b7d0148333edb

SHA1
0daddbb29def9b329286a72e0c72d026c984c64e

SHA256
06e65b17dd88d002164eb67837c395c55bcc0d09010c36fe2a002e7eca28f32c

SHA512
48c1023b6c3459d99d8854b049934dfc95ab3467e5fec890d85da6515c9d85fdca48f232b14c36066ebc4542276482b830362971afc81c06c111d4b3da194ca0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
434B

MD5
40ae77ed965f5afd0cf77c9b0a87621c

SHA1
7bd994f7d8d5820ad7264d4d0b22afb55640c68c

SHA256
b3e631940da106965011f5ae1c6561bc68aceb7ff5543e06ebeb908aca9b55dc

SHA512
b2cfd24c2243b413ba0f3bcca488ca3f48788611f4de06310dde3247726689eba8be0b32e24b9e105a0f60f49bcc050064f4335de50bf445ec32f3779e024127

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\LOG

Filesize
245B

MD5
3761f26bfe0d25a05010e3562d12392e

SHA1
8f89bc471de7aaaac7159206c760ff84f3f0530a

SHA256
25144fcbbbe475ebdaa0a034051284bc4f6d7f112f12afca87ee248cb3a50ffe

SHA512
89b4948790377eb1b799a84d7bbc02041d8863a6f6318bd2e892cf2e14a9e103b04d134cdbee1cf0d466eb708ff69cf042ae91ce245e4faabc8baa0699571fd1

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\_metadata\verified_contents.json

Filesize
1KB

MD5
3e839ba4da1ffce29a543c5756a19bdf

SHA1
d8d84ac06c3ba27ccef221c6f188042b741d2b91

SHA256
43daa4139d3ed90f4b4635bd4d32346eb8e8528d0d5332052fcda8f7860db729

SHA512
19b085a9cfec4d6f1b87cc6bbeeb6578f9cba014704d05c9114cfb0a33b2e7729ac67499048cb33823c884517cbbdc24aa0748a9bb65e9c67714e6116365f1ab

Download Submit
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\manifest.fingerprint

Filesize
66B

MD5
d30a5bbc00f7334eede0795d147b2e80

SHA1
78f3a6995856854cad0c524884f74e182f9c3c57

SHA256
a08c1bc41de319392676c7389048d8b1c7424c4b74d2f6466bcf5732b8d86642

SHA512
dacf60e959c10a3499d55dc594454858343bf6a309f22d73bdee86b676d8d0ced10e86ac95ecd78e745e8805237121a25830301680bd12bfc7122a82a885ff4b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Trust Tokens

Filesize
36KB

MD5
6c216868c6d46de3627905ef3e91ad38

SHA1
7a171f8cef2ddeb09a13a78a49850db798bb6745

SHA256
64a4f564295d067c798c28a4da39a1856c6a93a1684a7ae9416b8c8ae4a4123b

SHA512
5818685ed57cf629983fe10aba55195ff6bad0a62227acd695733504f200e10b6836c2accddde080732e77d7743c0e56389453bd3771fc403e5a66e7ecf6c57e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
2fecefada855994bc9ad9edb453e6cf9

SHA1
dcbafd1be4e73373220318ddc55894b0194422a2

SHA256
770586245ffbda145d59fdb134f739e42d77342b0f26792d2c6cb0a03b326415

SHA512
2e028b2936e59a079b8f1243a0f4d5480d124547eb31f740b2a71aecacc88d594f2af004005dea559587a653fd025ec70abb32186e9c05e7644d7686e57fc435

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\db

Filesize
44KB

MD5
2ca93b9b4af8d2ce579d69ff7499315d

SHA1
97a062ae757b40c2ce757f6b3abf994a07449a3c

SHA256
aae37c889218b960b2520ad2bce835e55fad618efaf3c297f98a05ac48a72562

SHA512
ec4ef8cf602b1274360d5bb490f4700013a37ee855885bfb2e483feab1425e48a6cd7f8d8071c26cb7ea1bca1b4de905422e8d8e3028ce9f695309ccf45b9a8d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

Filesize
1.1MB

MD5
f265d47475ffd3884329d92deefae504

SHA1
98c74386481f171b09cb9490281688392eefbfdd

SHA256
c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

SHA512
4fd27594c459fb1cd94a857be10f7d1d6216dbf202cd43e8a3fa395a268c72fc5f5c456c9cb314f2220d766af741db469c8bb106acbed419149a44a3b87619f1

Download Submit
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

Filesize
13.7MB

MD5
17c227679ab0ed29eae2192843b1802f

SHA1
cc78820a5be29fd58da8ef97f756b5331db3c13e

SHA256
d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

SHA512
7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf

Download Submit
C:\Users\Admin\AppData\Roaming\discord\module_data\crashlogs\2024_06_27T08_20_19_232Z-0-events.log

Filesize
548B

MD5
d3917691e293871c9bbda0483a31a878

SHA1
3291ab68743f166c9e43279dac58176b18f39e5f

SHA256
c57cc5bfa5868961ed4c6b77ac558942386814e3cd1b3ea6c6d2a72db972d747

SHA512
0896791a75ff0d2efe560c7eaa3f8634466c4d72126e53a47f6ef30ce779fccfd6b43a232bd4a2c2cb75f5c7a6cc4b2ac02e7e2c565b6bf5544cc24ff71342d4

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\queue\queue.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\scope_v3.json

Filesize
1KB

MD5
9f3e2786ffa848eebd8c7c5ecd89ceb4

SHA1
862c7ed6d094ddbebae27f590e896ad61c9c1bd3

SHA256
27555e179bbf0e330458b1dd3de9cba7bff0a9607b1ab2a9572810b8cb00a126

SHA512
7252c312691fc2df802974428f189d68aa026efd80b309a37856ce7936d89eb52b82c1e0a41d14fb75355db469aeef6b57791106bbbc204579b60b67701d9704

Download Submit
memory/1092-9-0x00000000006A0000-0x0000000000816000-memory.dmp

Filesize
1.5MB

Download
memory/1092-191-0x0000000012300000-0x0000000012308000-memory.dmp

Filesize
32KB

Download
memory/1092-192-0x0000000012B80000-0x0000000012BB8000-memory.dmp

Filesize
224KB

Download
memory/1092-193-0x0000000012B60000-0x0000000012B6E000-memory.dmp

Filesize
56KB

Download
memory/1360-236-0x00000000051A0000-0x00000000051C0000-memory.dmp

Filesize
128KB

Download
memory/2712-355-0x000002023E2D0000-0x000002023E2D1000-memory.dmp

Filesize
4KB

Download
memory/2712-349-0x000002023E2D0000-0x000002023E2D1000-memory.dmp

Filesize
4KB

Download
memory/2712-350-0x000002023E2D0000-0x000002023E2D1000-memory.dmp

Filesize
4KB

Download
memory/2712-351-0x000002023E2D0000-0x000002023E2D1000-memory.dmp

Filesize
4KB

Download
memory/2712-352-0x000002023E2D0000-0x000002023E2D1000-memory.dmp

Filesize
4KB

Download
memory/2712-353-0x000002023E2D0000-0x000002023E2D1000-memory.dmp

Filesize
4KB

Download
memory/2712-354-0x000002023E2D0000-0x000002023E2D1000-memory.dmp

Filesize
4KB

Download
memory/3888-365-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-341-0x000002231BDD0000-0x000002231BDD1000-memory.dmp

Filesize
4KB

Download
memory/3888-356-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-358-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-362-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-363-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-364-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-373-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-366-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-367-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-342-0x000002231BDD0000-0x000002231BDD1000-memory.dmp

Filesize
4KB

Download
memory/3888-357-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-340-0x000002231BDD0000-0x000002231BDD1000-memory.dmp

Filesize
4KB

Download
memory/3888-372-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-374-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-375-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-368-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-369-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-370-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/3888-371-0x000002231C850000-0x000002231C852000-memory.dmp

Filesize
8KB

Download
memory/6044-432-0x00007FF90D990000-0x00007FF90D991000-memory.dmp

Filesize
4KB

Download
memory/6044-433-0x00007FF90E4A0000-0x00007FF90E4A1000-memory.dmp

Filesize
4KB

Download