Analysis Overview
Threat Level: Likely malicious
The file https://winderbox.pl/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Reads local data of messenger clients
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Enumerates physical storage devices
Uses Task Scheduler COM API
Modifies registry key
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of SendNotifyMessage
NTFS ADS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-08 14:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 14:07
Reported
2024-06-08 14:12
Platform
win11-20240508-en
Max time kernel
291s
Max time network
298s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
Reads local data of messenger clients
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\System32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\URL Protocol | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9148\\Discord.exe\",-1" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open\command | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\DefaultIcon | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9148\\Discord.exe\" --url -- \"%1\"" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2457560273-69882387-977367775-1000\{2C819885-52AA-42B7-8462-2AD95E93665B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\ = "URL:Discord Protocol" | C:\Windows\System32\reg.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winderbox.pl/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff808313cb8,0x7ff808313cc8,0x7ff808313cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7508 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.0.977972016\662465409" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2670af6b-963d-4796-84fb-96dbdcba07f5} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 1844 18dfee0e858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.1.427345566\1705487509" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcf3c97b-6610-4275-a1ad-7367e9824fec} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2372 18df2185158 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.2.788514245\1981153371" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2748 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc8dcb56-fbe4-4f6d-962b-657ae11560dd} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2724 18d81aeee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.3.609404228\1603987739" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a399a6a-57fa-4c92-b7eb-3da14eb38f46} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 3592 18d84afcb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.4.1951567576\861683049" -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 5028 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {527f5c2c-7ae8-4c39-b8f5-aa23ecd3d948} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5048 18d86fcdb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.5.1987574149\1307553537" -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c79b96a-d7e2-411e-9484-28cb84189a36} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5184 18df2140c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.6.1618339925\1216412294" -childID 5 -isForBrowser -prefsHandle 5404 -prefMapHandle 5412 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d8c2bd7-b23a-45d0-8040-fda2d5759555} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5364 18d870c5858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.7.409273395\1101180882" -childID 6 -isForBrowser -prefsHandle 5764 -prefMapHandle 2940 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc9ec7c8-4286-457d-81a6-ceb9b232b7ef} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5972 18d88d1f858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.8.1578528333\1121416091" -childID 7 -isForBrowser -prefsHandle 5112 -prefMapHandle 5088 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3e95684-6e96-401c-bec1-b7e7cb48abae} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5140 18d89858258 tab
C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --squirrel-install 1.0.9148
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9148 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x530,0x534,0x538,0x528,0x53c,0x7ff7d2d33108,0x7ff7d2d33114,0x7ff7d2d33120
C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2128 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2268 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\",-1" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\" --url -- \"%1\"" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | winderbox.pl | udp |
| US | 8.8.8.8:53 | winderbox.pl | udp |
| US | 172.67.181.166:443 | winderbox.pl | tcp |
| US | 172.67.181.166:443 | winderbox.pl | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| GB | 191.101.209.39:80 | tcp | |
| GB | 191.101.209.39:80 | tcp | |
| GB | 191.101.209.39:80 | tcp | |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 2.22.144.11:443 | aefd.nelreports.net | tcp |
| US | 2.22.144.11:443 | aefd.nelreports.net | udp |
| GB | 35.214.52.246:443 | quantpie.co.uk | tcp |
| GB | 35.214.52.246:443 | quantpie.co.uk | tcp |
| GB | 35.214.52.246:443 | quantpie.co.uk | tcp |
| US | 151.101.1.91:443 | www.wikihow.com | tcp |
| US | 151.101.1.91:443 | www.wikihow.com | tcp |
| US | 151.101.1.91:443 | www.wikihow.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| PL | 18.244.102.107:443 | c.aps.amazon-adsystem.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| PL | 18.66.233.67:443 | config.aps.amazon-adsystem.com | tcp |
| PL | 18.244.149.66:443 | c.amazon-adsystem.com | tcp |
| PL | 18.244.149.66:443 | c.amazon-adsystem.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 107.102.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.102.244.18.in-addr.arpa | udp |
| DE | 184.30.211.26:443 | secure.cdn.fastclick.net | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | udp |
| US | 34.202.202.73:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| PL | 18.244.146.68:443 | tags.crwdcntrl.net | tcp |
| PL | 18.244.146.68:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| BE | 23.14.90.88:80 | apps.identrust.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| PL | 18.244.109.225:443 | cdn.prod.uidapi.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| IE | 34.246.197.125:443 | bcp.crwdcntrl.net | tcp |
| PL | 18.244.95.68:443 | aax.amazon-adsystem.com | tcp |
| IE | 34.246.197.125:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | wikihow-d.openx.net | udp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| PL | 18.244.102.54:443 | hb.yellowblue.io | tcp |
| US | 35.244.159.8:443 | wikihow-d.openx.net | tcp |
| DE | 18.194.121.118:443 | btlr.sharethrough.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| NL | 178.250.1.8:443 | grid.bidswitch.net | tcp |
| IE | 54.170.43.5:443 | ads.yieldmo.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| FR | 216.58.214.161:443 | 992d907255b5c149856ac76ecea24a76.safeframe.googlesyndication.com | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 5.43.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.102.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 151.101.0.176:443 | checkout.stripe.com | tcp |
| PL | 18.244.146.120:443 | m.stripe.network | tcp |
| IE | 34.241.202.139:443 | api.stripe.com | tcp |
| FR | 172.217.20.195:443 | www.recaptcha.net | tcp |
| US | 151.101.0.176:443 | checkout.stripe.com | tcp |
| FR | 172.217.20.195:443 | www.recaptcha.net | udp |
| US | 198.202.176.201:443 | merchant-ui-api.stripe.com | tcp |
| US | 54.187.119.242:443 | r.stripe.com | tcp |
| US | 54.187.119.242:443 | r.stripe.com | tcp |
| US | 54.187.119.242:443 | r.stripe.com | tcp |
| US | 54.187.119.242:443 | r.stripe.com | tcp |
| US | 54.187.119.242:443 | r.stripe.com | tcp |
| US | 54.187.119.242:443 | r.stripe.com | tcp |
| US | 54.187.119.242:443 | r.stripe.com | tcp |
| US | 52.11.91.164:443 | m.stripe.com | tcp |
| PL | 18.244.102.74:443 | b.stripecdn.com | tcp |
| US | 104.19.230.21:443 | api.hcaptcha.com | tcp |
| US | 198.202.176.201:443 | merchant-ui-api.stripe.com | tcp |
| US | 198.137.150.81:443 | checkout-cookies.link.com | tcp |
| US | 198.137.150.201:443 | checkout-cookies.stripe.com | tcp |
| PL | 18.66.231.215:443 | d1wqzb5bdbcre6.cloudfront.net | tcp |
| PL | 18.66.231.215:443 | d1wqzb5bdbcre6.cloudfront.net | tcp |
| US | 198.137.150.11:443 | payments.stripe.com | tcp |
| US | 198.202.176.211:443 | files.stripe.com | tcp |
| US | 151.101.2.133:443 | api.cash.app | tcp |
| US | 151.101.2.133:443 | api.cash.app | tcp |
| GB | 184.25.204.33:443 | tcp | |
| NL | 23.62.61.99:443 | r.bing.com | tcp |
| NL | 23.62.61.99:443 | r.bing.com | tcp |
| NL | 23.62.61.99:443 | r.bing.com | tcp |
| NL | 23.62.61.99:443 | r.bing.com | tcp |
| NL | 23.62.61.99:443 | r.bing.com | tcp |
| NL | 23.62.61.99:443 | r.bing.com | tcp |
| US | 20.189.173.9:443 | browser.pipe.aria.microsoft.com | tcp |
| N/A | 127.0.0.1:50827 | tcp | |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 44.232.194.163:443 | shavar.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:50834 | tcp | |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| FR | 172.217.20.174:443 | youtube-ui.l.google.com | tcp |
| FR | 172.217.20.174:443 | youtube-ui.l.google.com | udp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | tcp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | tcp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | tcp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | udp |
| US | 104.18.34.227:443 | cdn.prod.website-files.com | tcp |
| US | 104.18.34.227:443 | cdn.prod.website-files.com | tcp |
| US | 104.18.34.227:443 | cdn.prod.website-files.com | tcp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| PL | 18.244.96.92:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 104.18.34.227:443 | cdn.prod.website-files.com | udp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | udp |
| PL | 108.138.51.120:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| PL | 108.138.51.120:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| PL | 108.138.51.120:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| PL | 108.138.51.120:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| PL | 108.138.51.120:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| PL | 108.138.51.120:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | tcp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 104.18.48.115:443 | dl.discordapp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| FR | 142.250.178.142:443 | youtube-ui.l.google.com | tcp |
| FR | 142.250.178.142:443 | youtube-ui.l.google.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0c705388d79c00418e5c1751159353e3 |
| SHA1 | aaeafebce5483626ef82813d286511c1f353f861 |
| SHA256 | 697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d |
| SHA512 | c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f |
\??\pipe\LOCAL\crashpad_1272_UZMLLPNELJFSOHYY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0d84d1490aa9f725b68407eab8f0030e |
| SHA1 | 83964574467b7422e160af34ef024d1821d6d1c3 |
| SHA256 | 40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e |
| SHA512 | f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15f819536754a2ecfaa5ec36773539d8 |
| SHA1 | 457823c76de67b52c2af3ea5b776a55c9517d083 |
| SHA256 | 1347bba7c05a41ddeb202ceeae5683eee34da2964ae4c1b8b5d1f5fffd997b4e |
| SHA512 | c931d028e4684374029c1b1c24035b21d142c56cc7e3208762475bf42fe9df5ff6d0dbc4035244309d26e47d689c3dd17446762dac85a7587519aa5c3e64e6f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8066bfa945c2a7d2a5e99411e93172dc |
| SHA1 | 5988441698eecbf6d89a0d3ebb8509856493bbda |
| SHA256 | 14cc892dea5836e8ffdb8065b0aa1ad237b6f60304b76bb26d22d9fb83c146f5 |
| SHA512 | 28cf65ba59216bed0629cd1a0d39a42f330e617eb4b2654a5b732f40c15a8e9a125ea3ebad4c6749458392c873846a9175d59f37ffbff163e6b1a62a46e93d4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c28a40243e7692d1118855e3b7ccd44 |
| SHA1 | 33f1f5405273f58e8be98dad061d569a76220ee3 |
| SHA256 | 31a41a3b28695fb300fd87df106f6cdafb299514be041ca7eb1dc025cc87c14a |
| SHA512 | 06b5f983f657feeffb81e47934779a065def6cbc1eddc5af0df3ee34c172a5613abef140bf33d325fa92383a499c200cb06d62cfeb4335824f6fc129837f2c0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | aac57f6f587f163486628b8860aa3637 |
| SHA1 | b1b51e14672caae2361f0e2c54b72d1107cfce54 |
| SHA256 | 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486 |
| SHA512 | 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 88680fb89f9210ec416b2da239b58b5b |
| SHA1 | d0e7034c4ce7a100ebfba6f5ae73d2cfc5cf01db |
| SHA256 | f3e85184b9da403ef7277231046f43fcfe9d08f2bc21bf09967c43576d6a66ff |
| SHA512 | fb9e301ac1e7990a2f4c2f109e135c78a275d6feb07ad8aa7765ad3a5e8fd5c77085334ff1b3bab4222090bba6cf4b6b9b3a1e5da3bbf8958d64ed7143d31b39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | b48e876e91ec89fbaaef68677fac8058 |
| SHA1 | 90d1ec84f062ed577f423c44dc8bf04bde44d514 |
| SHA256 | 41b601617afa569c0a42d592341bdbc062b2480bc61f6ab89d85c43c1b2987ac |
| SHA512 | 2d07f78ffdb9ed12e560c9ebf64fdccc4ddf89b7866d28f5c8ccb862ddd56977d2aed1e82158f6f7f444664b4417e96a7923994c51052acc8ca1d6739f7ab5d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d123167b79e7a415361ee08ac60ac77 |
| SHA1 | e9f133de88da395c424c5b9a62ee64756ae1d44b |
| SHA256 | f185755bd21d211b68054b8a61f38f9fe23d028cded6f43be95466d63b472d0d |
| SHA512 | 968387ab6c09aee8c1cd0fa90bf035083114e45155678b023ebcebf58f4e9a490cfa9606a76de62b680fcbde8abf40f008d3e561859f819682d84e233c54ff3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 341b5da3d20aed419e09adcbb5b0b198 |
| SHA1 | 3f0d42a38331aa0ae759f9e481a738d30ec1851b |
| SHA256 | 9c665789906188f506089b89797f990a8e5d011f547f036d53615bdda4d14355 |
| SHA512 | 396d16177a217ca572b9ebb71dc08c91d180e984a656df7f22e96aeb9603062f5ce78376908c9e8af94580945b89f7781cb74744d3f4a720c3603ecf9b6a5e95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | ddcffefac58f205ea194e1612e7c22a7 |
| SHA1 | 4db6276eccafc0030490f970824b55dc327bfebd |
| SHA256 | 5f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a |
| SHA512 | 4b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15f17fcda814629087c0e807cbcd5c5d |
| SHA1 | 8c39ea94d88079f74ee197f231d5c681684e2cee |
| SHA256 | 81daa0d0aa11f2ee03a12406bf22bad8898dae61da4cbcf36ad89f740784e69a |
| SHA512 | 565bcbc0094b24a0a042d7ee3dbac23f3751287c1113aad3d59f18dbb49c296908079cd5cfdb27f1c1ffcaa8f1243ee3bbaa92c098b021a971a972677ee8ebb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a6ab.TMP
| MD5 | 6c42e76160ffd267f83694d67323610a |
| SHA1 | 28ac10f4db65fc7d0629a18dc8cba17533024e28 |
| SHA256 | 12e05cacc2fd6e1c2023e87a152f88b939088e7a619297497ceeb93a9a3b28a6 |
| SHA512 | e06069dd6efba6f3217f77cbace9720c527f3eb34874246a8b42f07217147bb3822fea7785b67dfc0e2d0d241784d309930fbc8a9f681a11688d5abcec666f25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46f7f94d1087c4c84d96574781bd5567 |
| SHA1 | 45ee53a2cc783aec8ca1260a6e40db506ca853f3 |
| SHA256 | 0552bd1e5ca7b742104e27a0fa7a7469492971a19b0b6ded968628387de6328c |
| SHA512 | 4550c7421872d5ecbc7773f3355403146859656e22e22fb582643e919de89dc53a793b02bf89f92f748fe3b90affd01a3c3ac5f938b5898cebb09a83700f2361 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2677083711f8a3c8d6ae9457836c65bb |
| SHA1 | f071f6841b446da284620e9b2d7708d8b052c92f |
| SHA256 | aa5ac433a555362118ef0bf18cb5f8fe336a981d8f8cced6511cd9f31e63ec92 |
| SHA512 | a0f9e4d4978640f6bd4d9d70f2b33298daec2e8ba50a5095925c2688e463f3e685b5d054bc516c13bf3eae12f62327a636b736c61853061c38f25e4c721b9b58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f76bec6944666ada19a9fe9caea062ac |
| SHA1 | abea7a94577e44e351a506ebb56b05404b953d30 |
| SHA256 | 996b8a9f52e23f16cea5e2a0d115201394e13856adfca4b69d392d9fbba2dfdc |
| SHA512 | 6959932ec73ecf7844c0d3271a0e593652b0568baa79715ba3fb9d99390b22f61aa9e3fd4ca59cb936602f4f5bafd06238f4f4427d0a67554fd25604f839ba8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 31d786f7ddf688ee97eb1a8462547dac |
| SHA1 | dccc81490a104610059353ff69682698dd16859d |
| SHA256 | e9f23f30fdb55d95e69e1930049a098f964092ad3811f7f6703fa5fe9c2216ad |
| SHA512 | 1ee26a14cd855ed82d4f5ea642fdcc4c4e09eacc6a5a495234842045c3ee9dd8a16bc03527715bfb6f96e2f8d275d9b992b774dd897270966526522cd42473e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dface1f959df327faf6c2df08bedd195 |
| SHA1 | 979cc3687c3184cd0ddfa82f27433ed54c51bd95 |
| SHA256 | 94c43282b118b8af2f37613b7499fc9f4d6ac954d2c8ea2a0f776cee3ee7ecbf |
| SHA512 | be1ce44492501210fcfacfd833ebc42d6367b19e491c836170b097fcd43bec51a4bffaea192c2efaac46593ff8a59b3fed365cc155120119b67fb51c06ba45d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 90c99a70b32e7c4744faa2f4ac69f75a |
| SHA1 | 3552f7bd196c752fd002d35f71df0cf5b97d1483 |
| SHA256 | 6f78f86043d3e8f1e9b36243ba6fb635b80a6ade46f5e24bc68d6c1126c6d4aa |
| SHA512 | 9e813e63133502cad9ea40a246d6f1695426848f8df350c0a9c28bf817f92d82c75641091343f3ca8080e9736df35e70747425d63e2add82ce3eb39984c678af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45a47c01b243f442c9a2da07f86ca09a |
| SHA1 | 7d5cff3e018c8966c3d42ee9ed3b62779ed945e1 |
| SHA256 | 3c9ff1c135db3499ec11301bb142adcbfe07537957610fbe41654fbba47927cb |
| SHA512 | e444c96d02cd6e743b4b37e6efe51de18dc5bae2c9712d4413ec6c956ec787f61292255b2083d2aee7a9b1e0aec722f391a2f7bdc4b9b4e1f68131f9a747ca35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 674bba33f820e06951cdaf49222a9e23 |
| SHA1 | e461f26b708051584571b3cb2ebca98457dcd77d |
| SHA256 | d03508361cc4e9814b3d4c20eedf6956e31fa1af8487f3b7a72615c0f16d79ec |
| SHA512 | 6b96fc15122e385aa8c6f9f8b9520f742f9a066ddd29124ad415ca48202b8ff7e8f6b74e3cb7cdc52aa6c915e2eb2b8d7f3d802e1138d8e99f1d2bac4f70e1fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 78066e2ce42ee12de90bd94c80d8c161 |
| SHA1 | b4282258fc5ed6213475df1c05caaa87528d6471 |
| SHA256 | 87cfe6c0d2e833d51c4b0745b7a3d5cc169c3b90a13b5a4fe01c8da99d75f1c7 |
| SHA512 | f87123bbaadebed5efdb89208e34e0d1b5dc1dde569cf0374729f79691d5482ded6c0fa37dcbe1ddec366684db2f6f69ab5be3b4a969306ecee7b593d83697a2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d032c762d7373fa2684ef0067f28740e |
| SHA1 | 23214b90b66fe9d9f7157a0b22d7706200506030 |
| SHA256 | a6486700ff734b288a460b6cb234995b64e3ee32cf8a1136b31b516153b7229f |
| SHA512 | 8229784566d621829b0cc0e392fe4751de1a729827ad0c9b9cc626c1f9dcbd8aebbc86c1f6147e03980ed219c94973fa1e9b551dae275567da8e3c9ebf1f6e8f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
| MD5 | cd114da5934c38af5195654da0ee8bb5 |
| SHA1 | 211409cfaab1136dd3b72eff55b884a1167646dd |
| SHA256 | 4125a6fe491d8ae67bc8f8e1dea2d2ac88539cbf93a242d3d1308026f0da5c01 |
| SHA512 | 97f4059334319d5ec2774bec9ea2a3d49583487c13f0a1490c9a51143d630df558397f84eccb01980f378e3d53208f3782decdd0f3fbc8d1bfefd5c77893e4c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | deeb61604c9ab319d18e7eb1bd6d9a24 |
| SHA1 | fad0fb21d09ccd8508e80249dcee305df0b639ca |
| SHA256 | 986bf51522e6e33ea14d54cd5322aa55ee56c95e7f01bc81c96ff7befaee5bba |
| SHA512 | 25f72a49b3c6823a4b31f44db18da2b074fd1bf114f977a8865fcfdffa44b2ee0e89b7dd2756d95a8014031694e9932c95de9b2d2ea41e78683f8c80c18ece0e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\11272
| MD5 | 01ca156a762fb6da999207a84d2a7743 |
| SHA1 | a07ca0c878926b05fd79c9b3a33eb26258fd3c16 |
| SHA256 | 51abbbdc0d9efdb1d9268d268ea96202a001e6dba6c9b8b026c6275bd73df26d |
| SHA512 | 32d84a86e022c54e18d8ab00f83b24259c892c076a8d04f75ec690cc2beec6e6fee9c00f3fd4b4a75b3589b2c21a012c6333878ecf965d8934df25a06ea6a646 |
C:\Users\Admin\Downloads\DiscordSetup.XNxET0lq.exe.part
| MD5 | be5703fc72b1ffed90f587a13266738d |
| SHA1 | 0aad50c44f204aec18ba7e553d604b88f48c3621 |
| SHA256 | 7e9dae07c1eba63d9b65e0b2f0241902a6406e4e329c5ddba617da2f856dd351 |
| SHA512 | daf5fac58eed1673f4fb8b53c2248d561fb14e093cf53a960aca8e701111d6ec34ac80b7c39c5137e2aef883da5a2d62b28f018a4ae9287a13884999a007c3ab |
C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier
| MD5 | 632baae7961971b45182ed7f60b09466 |
| SHA1 | ca8bb0a1ee6d319a67b67d94e2246ad44cec67e7 |
| SHA256 | a532726f2b49df41913f3d96f21c930d69efc1c270955d12f03f634f3499bb6e |
| SHA512 | 1904d1a4b2fa3413ed6d89ad01a05e721646d0c30c066f79b851fc5a38c1bbd14e590c294deb243ff9d8948ddc278a6bddf42a49c591472ab99afe184a505bae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | de2318ed1f4867bb6d736c2d06d8bb7a |
| SHA1 | 16009969d16ab39691b85c32b9b6d4c22fa34779 |
| SHA256 | 1043582351bf29344f92f2cb9448db326b725716ffe984aaf76b2c6e11f3476d |
| SHA512 | 8194249f3f3114106450de0d0126b838908314a139a53b8b26f9cc16c214b3637718e7fbb17fdd8664e64861e543a38748e57ea186bd14b6109adea57880720d |
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | 172a25012639d2177d4218d386953f6d |
| SHA1 | f7a937a8d9fa267cf2cfd9f7ebfbbef0618c91f5 |
| SHA256 | 59b4c3fd71a9d602778ac9479c101c87c9ec0ef28d9a986c6222ed965cad21c8 |
| SHA512 | c8d318e3eb81928d1e781182fc59a57395353443e9d33548316238f3cafcbb2de40e0978d17147a5a3a021b168f24144222246d2749dca1a4a10bff3662a0a80 |
memory/4504-1272-0x0000000000800000-0x0000000000976000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | a7657c3d29ffa0c38fa0710c4a057a18 |
| SHA1 | 5300f1c026ad4858951eb8b38c1eda03369f2161 |
| SHA256 | 732fca23c9deaab2aec377e2bbba5905983a5545c2a8c7eecdded379b59699b6 |
| SHA512 | 886bee5b25822ada19a411eda1b5bbb98b83740a1b17d96e915dcdc0c835d81bd2d9e83cb49fc4299aac52722c51007d3ceee3229f070fa7a0accafec2c7a07c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
| MD5 | 0abbcd5e5a195deefc2aca3723b4ce49 |
| SHA1 | bda98cce0dafdfa52da2891a175ef0a22f98b1c4 |
| SHA256 | a05c4d08851fb95e5a87baa7bbf9418f03511ab0e66c3347a7df82e1de2208ca |
| SHA512 | 794e4ba15b29afe8e450706b33ffee8fe90d30bea511990ee762590b305ee77ce9fbeed9bf39fb02a985ee3c02a8009de7a82490dcb5b448605c681ce97441ed |
memory/4504-1464-0x0000000012570000-0x0000000012578000-memory.dmp
memory/4504-1466-0x00000000125D0000-0x00000000125DE000-memory.dmp
memory/4504-1465-0x00000000125F0000-0x0000000012628000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\ffmpeg.dll
| MD5 | 3c3f780ec6dddfc5803d19dcf0b4a0c1 |
| SHA1 | e27813b9c36539d67daba118a58038ba751c2ee5 |
| SHA256 | f51ba46aa90587df7294c216d3e0d45f5cbf3a062b04971d96d87647556fa02c |
| SHA512 | 332aa9bff4db2458b7a1742f732e501dec165236b87a062a9fef4b09b734d901d13966b18d5fbe7461b50990585a240fd8b2593def254a7d03e92269f40b8ccc |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\v8_context_snapshot.bin
| MD5 | 1e4da0bc6404552f9a80ccde89fdef2b |
| SHA1 | 838481b9e4f1d694c948c0082e9697a5ed443ee2 |
| SHA256 | 2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918 |
| SHA512 | 054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\icudtl.dat
| MD5 | e0f1ad85c0933ecce2e003a2c59ae726 |
| SHA1 | a8539fc5a233558edfa264a34f7af6187c3f0d4f |
| SHA256 | f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb |
| SHA512 | 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources\app.asar
| MD5 | 91a273dc1d39acad8781fecd5f57933d |
| SHA1 | 918ae121eafdae53fa029f1aece4e7dfce752112 |
| SHA256 | f819a0553fe7e04e331119cfcd6ed399a05865ff05f0434d0b2e5ef660bef2d2 |
| SHA512 | b406f7f686b56014c198e3df8d80f104cbacb3593ecd21c35003e6820b53092f7269f35d3045b7de9ea370ae258efb0d30639a494af1b59eea3f6563cbb83ef4 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources\build_info.json
| MD5 | 5a3e7b67737956e1e0e985788775062d |
| SHA1 | b861613a795f268ead8b990a85fda1bb3ba74a01 |
| SHA256 | 3d3f8ef59d1323705154516e73d62fa0781b19315372ac2332a82029acced2a4 |
| SHA512 | 86a45e9023b3f82d0f781e64de06d969ef427052063f3e8bf8cb508dc771299af10bcdff6a596e06094a7ad64805c04d3331e98b4d602556b5643f7c5c7546ec |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\app.ico
| MD5 | 084f9bc0136f779f82bea88b5c38a358 |
| SHA1 | 64f210b7888e5474c3aabcb602d895d58929b451 |
| SHA256 | dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43 |
| SHA512 | 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources.pak
| MD5 | e9056386a2b4edac9f0ffa829bc0cfa0 |
| SHA1 | f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e |
| SHA256 | 546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c |
| SHA512 | c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/1664-1506-0x0000000005460000-0x0000000005480000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\locales\en-US.pak
| MD5 | 809b600d2ee9e32b0b9b586a74683e39 |
| SHA1 | 99d670c66d1f4d17a636f6d4edc54ad82f551e53 |
| SHA256 | 0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb |
| SHA512 | 9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\chrome_200_percent.pak
| MD5 | 47668ac5038e68a565e0a9243df3c9e5 |
| SHA1 | 38408f73501162d96757a72c63e41e78541c8e8e |
| SHA256 | fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32 |
| SHA512 | 5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\chrome_100_percent.pak
| MD5 | 4fc6564b727baa5fecf6bf3f6116cc64 |
| SHA1 | 6ced7b16dc1abe862820dfe25f4fe7ead1d3f518 |
| SHA256 | b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb |
| SHA512 | fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2 |
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 518bcb341793086a662a4d3052e81591 |
| SHA1 | 62ddda41f10204681a0c7a9bef6c692e4f19f766 |
| SHA256 | 7c43d4d029fef583e1980bb5b65b41b8bd6233cd50f2fa31dc07522f1b6c22a2 |
| SHA512 | 415f2189230a8ae61ae19f184c6b692a136c182316411711e53066ca61b7caa442e8a62c1ecf0153004c3c0894dbeb1d8a99448c16223563b2af5f9b40026cf9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 24a95d55e3c3f5cbc4e778dbaa7d6e9e |
| SHA1 | fb66247c8b034d5783c174b5ee93474dfbbf9362 |
| SHA256 | 802307b407adbd87130c0c2255969ddbba635e1a3c14653733b3dbddaeac776a |
| SHA512 | 7ed56b10d22e2feac461ca5662c86669f872b1978a34a658d377b171532bad5fd030639db5d975a97873945044c134c1c59ea665c9023e393ffd76070d6ed429 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
| MD5 | 659e8760c0c3e9acf6931867bbfe6f7f |
| SHA1 | 1041ded2d06e79bd8bb04e51318f2b4c8e26b2d2 |
| SHA256 | 4d62a333cb1045de0aeff1984de5f57dbe18b99e24aa7f7a0689cf84e9370a73 |
| SHA512 | ee4144bb5159b673592cbaab93e32837b669cef58b79ed958492d2ab5537fe674a972e7f3c1489e4d8548a9de349d6596437c6b8298a72f59dc25a8e57e5d408 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | b646c84c5991e176f7e137ff8f515f7b |
| SHA1 | 52dd56c58a28ded672942d0bf38bc94ba0168705 |
| SHA256 | beeda1c19d1ca22c41d0882ad22d9a221282eb9969d8e058d1d42ecf9ca0efa1 |
| SHA512 | e0e90535fa75d5dc65b96953ea537b0f11fac66c4daab07ccb34146f5247417dfb934cea6c63b4e8cb549a8d8629370d5baef5e9bcb1a072e098d47d364b137b |