1acf137396d46e2d7c0b008dfe9247f03eafdb1bda8a08de008a02d9e5f73738

Resubmissions

28-06-2024 22:54

240628-2vlmlathrd 7

28-06-2024 19:29

240628-x7pgsszdmc 5

Analysis

max time kernel
128s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordSetup (1).exe
Size

94.7MB
MD5

49c9c51dd3052cd6249b8c2a26d7cd4d
SHA1

6c87336e9bec6ed26c07dc58f1a75325b2d3bed9
SHA256

1acf137396d46e2d7c0b008dfe9247f03eafdb1bda8a08de008a02d9e5f73738
SHA512

afe0041cdc71b1581c73c0491456a9ec36dfb29cd7825f4bc597a20e8b4558c8089ac0e170181abcbb4f02a2a36c6733f92608b429d36980cd2e297396f224e5
SSDEEP

1572864:YEkjfT5WG3Ql7P4F+aXO/B513buFVmb5wFV7bwYsWmGZ4guqE9ZwIKro9QDUHIy:YEkTlWP4a/B5eFR1Ew7rQQDeIy

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	Discord.exe

Executes dropped EXE 6 IoCs

pid	Process
4464	Update.exe
3784	Discord.exe
2936	Discord.exe
1468	Update.exe
3152	Discord.exe
2992	Discord.exe

Loads dropped DLL 8 IoCs

pid	Process
3784	Discord.exe
2936	Discord.exe
3152	Discord.exe
2992	Discord.exe
3152	Discord.exe
3152	Discord.exe
3152	Discord.exe
3152	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\URL Protocol	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9047\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9047\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Discord\shell\open	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
1436	reg.exe
4036	reg.exe
1868	reg.exe
4372	reg.exe
2816	reg.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe
3784	Discord.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3784	Discord.exe
Token: SeCreatePagefilePrivilege	3784	Discord.exe
Token: SeShutdownPrivilege	3784	Discord.exe
Token: SeCreatePagefilePrivilege	3784	Discord.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4464	Update.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 4464	1280	DiscordSetup (1).exe	94
PID 1280 wrote to memory of 4464	1280	DiscordSetup (1).exe	94
PID 1280 wrote to memory of 4464	1280	DiscordSetup (1).exe	94
PID 4464 wrote to memory of 3784	4464	Update.exe	99
PID 4464 wrote to memory of 3784	4464	Update.exe	99
PID 4464 wrote to memory of 3784	4464	Update.exe	99
PID 3784 wrote to memory of 2936	3784	Discord.exe	101
PID 3784 wrote to memory of 2936	3784	Discord.exe	101
PID 3784 wrote to memory of 2936	3784	Discord.exe	101
PID 3784 wrote to memory of 1468	3784	Discord.exe	102
PID 3784 wrote to memory of 1468	3784	Discord.exe	102
PID 3784 wrote to memory of 1468	3784	Discord.exe	102
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 3152	3784	Discord.exe	103
PID 3784 wrote to memory of 2992	3784	Discord.exe	104
PID 3784 wrote to memory of 2992	3784	Discord.exe	104
PID 3784 wrote to memory of 2992	3784	Discord.exe	104
PID 3784 wrote to memory of 1868	3784	Discord.exe	107
PID 3784 wrote to memory of 1868	3784	Discord.exe	107
PID 3784 wrote to memory of 1868	3784	Discord.exe	107
PID 3784 wrote to memory of 4372	3784	Discord.exe	109
PID 3784 wrote to memory of 4372	3784	Discord.exe	109
PID 3784 wrote to memory of 4372	3784	Discord.exe	109
PID 3784 wrote to memory of 2816	3784	Discord.exe	111
PID 3784 wrote to memory of 2816	3784	Discord.exe	111
PID 3784 wrote to memory of 2816	3784	Discord.exe	111
PID 3784 wrote to memory of 1436	3784	Discord.exe	113
PID 3784 wrote to memory of 1436	3784	Discord.exe	113
PID 3784 wrote to memory of 1436	3784	Discord.exe	113
PID 3784 wrote to memory of 4036	3784	Discord.exe	115
PID 3784 wrote to memory of 4036	3784	Discord.exe	115
PID 3784 wrote to memory of 4036	3784	Discord.exe	115

C:\Users\Admin\AppData\Local\Temp\DiscordSetup (1).exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4464
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe" --squirrel-install 1.0.9047
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3784
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9047 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x528,0x52c,0x530,0x524,0x534,0x8c96284,0x8c96290,0x8c9629c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2936
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:1468
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2136 --field-trial-handle=2144,i,5792178080539330367,5684980305069259586,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3152
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2236 --field-trial-handle=2144,i,5792178080539330367,5684980305069259586,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2992
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:1868
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4372
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2816
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:1436
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1060,i,3549704109630749084,1975543916261970610,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:8
1⤵
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\d3dcompiler_47.dll

Filesize
3.9MB

MD5
08ac37f455e0640c0250936090fe91b6

SHA1
7a91992d739448bc89e9f37a6b7efeb736efc43d

SHA256
2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d

SHA512
35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\ffmpeg.dll

Filesize
3.2MB

MD5
c7f3fd0a890b45aa036eb2c73d7dd0d4

SHA1
5c4bd83c81ef68c930c3db818df11a1e890925b5

SHA256
386aabadbf7aeb305e99b440424b6483ceaf915610a0a0179847026640a836d0

SHA512
0ace3612b5555b3f6de577ba48bf96dde7d71903ee5aef0e2647dc7b8424bf1dc71c94e75cfbbb0e175b2d930bd466c433020f6ed34b6b5a81e4e6ecc41d70ee

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\libEGL.dll

Filesize
378KB

MD5
d782b5097710900e39ee3c0884ab826b

SHA1
2c03056cfcec9ea48c707b8fea24f36f670e2109

SHA256
e7cea7c999002a01342a6869f368eae57846460f64aeb87aa79c6b27d9744358

SHA512
2c31f94c8f1bbd3624c5c36650d759cf4993a94da8a7a8c357bee3081f1d491671ef90f6d140e6a900eb1a833ce36e318291aa4252d26aaf453c7ef9c9ee3f61

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\libGLESv2.dll

Filesize
6.4MB

MD5
9b1f24ea4dc607ed434d7d4edcf03b8a

SHA1
e0558b3180e1bc58839621aa94825dca06e06031

SHA256
c18564a617ca32c2407de905eac3e00797812ccb834b3acae48d9611fe479856

SHA512
01e6ca3ec06806ea85b232b514b52da5e39947e190a58271fd2d48ee83f030bbb54408496c44497af0cada458bd000a7dde74c06068a292ad118a3c0df881889

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\resources.pak

Filesize
5.1MB

MD5
e9056386a2b4edac9f0ffa829bc0cfa0

SHA1
f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e

SHA256
546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c

SHA512
c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\resources\app.asar

Filesize
6.3MB

MD5
91a273dc1d39acad8781fecd5f57933d

SHA1
918ae121eafdae53fa029f1aece4e7dfce752112

SHA256
f819a0553fe7e04e331119cfcd6ed399a05865ff05f0434d0b2e5ef660bef2d2

SHA512
b406f7f686b56014c198e3df8d80f104cbacb3593ecd21c35003e6820b53092f7269f35d3045b7de9ea370ae258efb0d30639a494af1b59eea3f6563cbb83ef4

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\resources\build_info.json

Filesize
83B

MD5
88c35fdb3485a93aa5852d980e9666d0

SHA1
aa25ec668423ab84254a6957c7e96a785d76ecd0

SHA256
5451ce2c61d70a8b0b38bde5fd838e8980a831e8ee5f0575973fe60b7a349de8

SHA512
526e99144d3331fefefdf72338b893b8d08a1e6ecabeca9e45a1b4b3578cb11ebc944039a7fa5c4dfca449e6f58bd90e21b2b6bc86372f4dc3d773041daddd59

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\v8_context_snapshot.bin

Filesize
631KB

MD5
5e59b98c444e66f981b8605636e88efd

SHA1
78ce5d12ef8d76e5de09873eec59657a5b3964ee

SHA256
457167b96cf7cb9d80bf5f74976314b465439adb0563ed820be15d848f3daf66

SHA512
9401047fb86cd7d9b9aeea72bc3b7981b834e914d7ecc19ef2f787ccf946548a95241b89d508372caad6a7cc157e2be6fa931d952f836404b7c0c5abe4ca614b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9047\vk_swiftshader.dll

Filesize
4.4MB

MD5
2b695ea8aa1a40fe702d99c5af68c591

SHA1
821181f473160fb64b72e51002ae762d5b17ac73

SHA256
4151fb2eb9f61eb72a73540563088421c97ace1ce4aa453b398f7a6951f852d3

SHA512
cb701f9837153aaa16fe76cf58c2d4c19e4a1ddb4455541aed4ade74e9157f2687e76b7d1b19c6e678288760a42e9a230ff1e1c2c5d1a2d0a6f4e1b5b828c02b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
bb97d42cc118e0576f7fb74de3eba344

SHA1
074b31cecd9c78715d5cf3bf9f1c9aaf1cf341b5

SHA256
6c1121cce194e8a44d8339156a16e064c468de3f853027e02764ef3a570e7924

SHA512
7c4982284d755e8cb92c052a07962b1a164cdeb18dca412ea6d4b1e6560add6468ccb5ba0e9484622b13b073d63701d38507ae4e1e7eb9e358dadb7c72081a60

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
ef92a12b805647f2378d7d603d3e7025

SHA1
2dc82d1f2e7dae080c7942a475ddd5c980d9e42f

SHA256
20465433a19a866f6b03f41d6b586bfe7811c441f3648b16ecc147b0dd686145

SHA512
967bce7aa66d835e24b9370796803b20a35df7bb7ecf515fa95063f17b147f14c5081232f52b69ef0f7390b1238c727ecfa0f7d690aef89770866b3617a1e320

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1468-229-0x0000000004A90000-0x0000000004AB0000-memory.dmp

Filesize
128KB

Download
memory/4464-192-0x00000000105F0000-0x0000000010628000-memory.dmp

Filesize
224KB

Download
memory/4464-193-0x00000000105D0000-0x00000000105DE000-memory.dmp

Filesize
56KB

Download
memory/4464-191-0x000000000FD70000-0x000000000FD78000-memory.dmp

Filesize
32KB

Download
memory/4464-9-0x0000000000360000-0x00000000004D6000-memory.dmp

Filesize
1.5MB

Download