Malware Analysis Report

2025-08-11 06:25

Sample ID 240608-rfa77scc7v
Target https://winderbox.pl/
Tags
persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://winderbox.pl/ was found to be: Likely malicious.

Malicious Activity Summary

persistence spyware stealer

Downloads MZ/PE file

Loads dropped DLL

Reads local data of messenger clients

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Enumerates physical storage devices

Uses Task Scheduler COM API

Modifies registry key

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of SendNotifyMessage

NTFS ADS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-08 14:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 14:07

Reported

2024-06-08 14:12

Platform

win11-20240508-en

Max time kernel

291s

Max time network

298s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winderbox.pl/

Signatures

Downloads MZ/PE file

Reads local data of messenger clients

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\System32\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\URL Protocol C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9148\\Discord.exe\",-1" C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open\command C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\DefaultIcon C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9148\\Discord.exe\" --url -- \"%1\"" C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2457560273-69882387-977367775-1000\{2C819885-52AA-42B7-8462-2AD95E93665B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\ = "URL:Discord Protocol" C:\Windows\System32\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1272 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1272 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winderbox.pl/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff808313cb8,0x7ff808313cc8,0x7ff808313cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7508 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.0.977972016\662465409" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2670af6b-963d-4796-84fb-96dbdcba07f5} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 1844 18dfee0e858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.1.427345566\1705487509" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcf3c97b-6610-4275-a1ad-7367e9824fec} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2372 18df2185158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.2.788514245\1981153371" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2748 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc8dcb56-fbe4-4f6d-962b-657ae11560dd} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2724 18d81aeee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.3.609404228\1603987739" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a399a6a-57fa-4c92-b7eb-3da14eb38f46} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 3592 18d84afcb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.4.1951567576\861683049" -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 5028 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {527f5c2c-7ae8-4c39-b8f5-aa23ecd3d948} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5048 18d86fcdb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.5.1987574149\1307553537" -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c79b96a-d7e2-411e-9484-28cb84189a36} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5184 18df2140c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.6.1618339925\1216412294" -childID 5 -isForBrowser -prefsHandle 5404 -prefMapHandle 5412 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d8c2bd7-b23a-45d0-8040-fda2d5759555} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5364 18d870c5858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.7.409273395\1101180882" -childID 6 -isForBrowser -prefsHandle 5764 -prefMapHandle 2940 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc9ec7c8-4286-457d-81a6-ceb9b232b7ef} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5972 18d88d1f858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.8.1578528333\1121416091" -childID 7 -isForBrowser -prefsHandle 5112 -prefMapHandle 5088 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3e95684-6e96-401c-bec1-b7e7cb48abae} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5140 18d89858258 tab

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --squirrel-install 1.0.9148

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9148 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x530,0x534,0x538,0x528,0x53c,0x7ff7d2d33108,0x7ff7d2d33114,0x7ff7d2d33120

C:\Users\Admin\AppData\Local\Discord\Update.exe

C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2128 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2268 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\",-1" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\" --url -- \"%1\"" /f

Network

Country Destination Domain Proto
US 8.8.8.8:53 winderbox.pl udp
US 8.8.8.8:53 winderbox.pl udp
US 172.67.181.166:443 winderbox.pl tcp
US 172.67.181.166:443 winderbox.pl tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
GB 191.101.209.39:80 tcp
GB 191.101.209.39:80 tcp
GB 191.101.209.39:80 tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
IE 20.190.159.71:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 2.22.144.11:443 aefd.nelreports.net tcp
US 2.22.144.11:443 aefd.nelreports.net udp
GB 35.214.52.246:443 quantpie.co.uk tcp
GB 35.214.52.246:443 quantpie.co.uk tcp
GB 35.214.52.246:443 quantpie.co.uk tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 151.101.1.91:443 www.wikihow.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net tcp
PL 18.244.102.107:443 c.aps.amazon-adsystem.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net tcp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
PL 18.66.233.67:443 config.aps.amazon-adsystem.com tcp
PL 18.244.149.66:443 c.amazon-adsystem.com tcp
PL 18.244.149.66:443 c.amazon-adsystem.com tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 107.102.244.18.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.102.244.18.in-addr.arpa udp
DE 184.30.211.26:443 secure.cdn.fastclick.net tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com udp
US 34.202.202.73:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
PL 18.244.146.68:443 tags.crwdcntrl.net tcp
PL 18.244.146.68:443 tags.crwdcntrl.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
BE 23.14.90.88:80 apps.identrust.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
PL 18.244.109.225:443 cdn.prod.uidapi.com tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 35.190.39.111:443 esp.rtbhouse.com tcp
IE 34.246.197.125:443 bcp.crwdcntrl.net tcp
PL 18.244.95.68:443 aax.amazon-adsystem.com tcp
IE 34.246.197.125:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 wikihow-d.openx.net udp
DE 141.95.33.120:443 id5-sync.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
PL 18.244.102.54:443 hb.yellowblue.io tcp
US 35.244.159.8:443 wikihow-d.openx.net tcp
DE 18.194.121.118:443 btlr.sharethrough.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
IE 54.170.43.5:443 ads.yieldmo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 172.217.20.196:443 www.google.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
FR 216.58.214.161:443 992d907255b5c149856ac76ecea24a76.safeframe.googlesyndication.com tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 5.43.170.54.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 54.102.244.18.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
US 151.101.0.176:443 checkout.stripe.com tcp
PL 18.244.146.120:443 m.stripe.network tcp
IE 34.241.202.139:443 api.stripe.com tcp
FR 172.217.20.195:443 www.recaptcha.net tcp
US 151.101.0.176:443 checkout.stripe.com tcp
FR 172.217.20.195:443 www.recaptcha.net udp
US 198.202.176.201:443 merchant-ui-api.stripe.com tcp
US 54.187.119.242:443 r.stripe.com tcp
US 54.187.119.242:443 r.stripe.com tcp
US 54.187.119.242:443 r.stripe.com tcp
US 54.187.119.242:443 r.stripe.com tcp
US 54.187.119.242:443 r.stripe.com tcp
US 54.187.119.242:443 r.stripe.com tcp
US 54.187.119.242:443 r.stripe.com tcp
US 52.11.91.164:443 m.stripe.com tcp
PL 18.244.102.74:443 b.stripecdn.com tcp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 198.202.176.201:443 merchant-ui-api.stripe.com tcp
US 198.137.150.81:443 checkout-cookies.link.com tcp
US 198.137.150.201:443 checkout-cookies.stripe.com tcp
PL 18.66.231.215:443 d1wqzb5bdbcre6.cloudfront.net tcp
PL 18.66.231.215:443 d1wqzb5bdbcre6.cloudfront.net tcp
US 198.137.150.11:443 payments.stripe.com tcp
US 198.202.176.211:443 files.stripe.com tcp
US 151.101.2.133:443 api.cash.app tcp
US 151.101.2.133:443 api.cash.app tcp
GB 184.25.204.33:443 tcp
NL 23.62.61.99:443 r.bing.com tcp
NL 23.62.61.99:443 r.bing.com tcp
NL 23.62.61.99:443 r.bing.com tcp
NL 23.62.61.99:443 r.bing.com tcp
NL 23.62.61.99:443 r.bing.com tcp
NL 23.62.61.99:443 r.bing.com tcp
US 20.189.173.9:443 browser.pipe.aria.microsoft.com tcp
N/A 127.0.0.1:50827 tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.232.194.163:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net udp
N/A 127.0.0.1:50834 tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
FR 172.217.20.174:443 youtube-ui.l.google.com tcp
FR 172.217.20.174:443 youtube-ui.l.google.com udp
FR 142.250.179.110:443 youtube-ui.l.google.com tcp
FR 142.250.179.110:443 youtube-ui.l.google.com tcp
FR 142.250.179.110:443 youtube-ui.l.google.com tcp
FR 142.250.179.110:443 youtube-ui.l.google.com udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com udp
US 104.18.34.227:443 cdn.prod.website-files.com tcp
US 104.18.34.227:443 cdn.prod.website-files.com tcp
US 104.18.34.227:443 cdn.prod.website-files.com tcp
FR 172.217.20.170:443 ajax.googleapis.com tcp
FR 172.217.20.170:443 ajax.googleapis.com tcp
US 104.18.5.175:443 global.localizecdn.com tcp
PL 18.244.96.92:443 d3e54v103j8qbb.cloudfront.net tcp
US 104.18.34.227:443 cdn.prod.website-files.com udp
FR 172.217.20.170:443 ajax.googleapis.com udp
US 104.18.5.175:443 global.localizecdn.com udp
PL 108.138.51.120:443 d1r5qv5z4elg7c.cloudfront.net tcp
PL 108.138.51.120:443 d1r5qv5z4elg7c.cloudfront.net tcp
PL 108.138.51.120:443 d1r5qv5z4elg7c.cloudfront.net tcp
PL 108.138.51.120:443 d1r5qv5z4elg7c.cloudfront.net tcp
PL 108.138.51.120:443 d1r5qv5z4elg7c.cloudfront.net tcp
PL 108.138.51.120:443 d1r5qv5z4elg7c.cloudfront.net tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
FR 142.250.179.110:443 youtube-ui.l.google.com tcp
FR 142.250.179.110:443 youtube-ui.l.google.com udp
US 35.186.247.156:443 sentry.io tcp
US 35.186.247.156:443 sentry.io udp
US 104.18.48.115:443 dl.discordapp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
FR 142.250.178.142:443 youtube-ui.l.google.com tcp
FR 142.250.178.142:443 youtube-ui.l.google.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0c705388d79c00418e5c1751159353e3
SHA1 aaeafebce5483626ef82813d286511c1f353f861
SHA256 697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d
SHA512 c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

\??\pipe\LOCAL\crashpad_1272_UZMLLPNELJFSOHYY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0d84d1490aa9f725b68407eab8f0030e
SHA1 83964574467b7422e160af34ef024d1821d6d1c3
SHA256 40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e
SHA512 f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 15f819536754a2ecfaa5ec36773539d8
SHA1 457823c76de67b52c2af3ea5b776a55c9517d083
SHA256 1347bba7c05a41ddeb202ceeae5683eee34da2964ae4c1b8b5d1f5fffd997b4e
SHA512 c931d028e4684374029c1b1c24035b21d142c56cc7e3208762475bf42fe9df5ff6d0dbc4035244309d26e47d689c3dd17446762dac85a7587519aa5c3e64e6f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8066bfa945c2a7d2a5e99411e93172dc
SHA1 5988441698eecbf6d89a0d3ebb8509856493bbda
SHA256 14cc892dea5836e8ffdb8065b0aa1ad237b6f60304b76bb26d22d9fb83c146f5
SHA512 28cf65ba59216bed0629cd1a0d39a42f330e617eb4b2654a5b732f40c15a8e9a125ea3ebad4c6749458392c873846a9175d59f37ffbff163e6b1a62a46e93d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c28a40243e7692d1118855e3b7ccd44
SHA1 33f1f5405273f58e8be98dad061d569a76220ee3
SHA256 31a41a3b28695fb300fd87df106f6cdafb299514be041ca7eb1dc025cc87c14a
SHA512 06b5f983f657feeffb81e47934779a065def6cbc1eddc5af0df3ee34c172a5613abef140bf33d325fa92383a499c200cb06d62cfeb4335824f6fc129837f2c0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 88680fb89f9210ec416b2da239b58b5b
SHA1 d0e7034c4ce7a100ebfba6f5ae73d2cfc5cf01db
SHA256 f3e85184b9da403ef7277231046f43fcfe9d08f2bc21bf09967c43576d6a66ff
SHA512 fb9e301ac1e7990a2f4c2f109e135c78a275d6feb07ad8aa7765ad3a5e8fd5c77085334ff1b3bab4222090bba6cf4b6b9b3a1e5da3bbf8958d64ed7143d31b39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 b48e876e91ec89fbaaef68677fac8058
SHA1 90d1ec84f062ed577f423c44dc8bf04bde44d514
SHA256 41b601617afa569c0a42d592341bdbc062b2480bc61f6ab89d85c43c1b2987ac
SHA512 2d07f78ffdb9ed12e560c9ebf64fdccc4ddf89b7866d28f5c8ccb862ddd56977d2aed1e82158f6f7f444664b4417e96a7923994c51052acc8ca1d6739f7ab5d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d123167b79e7a415361ee08ac60ac77
SHA1 e9f133de88da395c424c5b9a62ee64756ae1d44b
SHA256 f185755bd21d211b68054b8a61f38f9fe23d028cded6f43be95466d63b472d0d
SHA512 968387ab6c09aee8c1cd0fa90bf035083114e45155678b023ebcebf58f4e9a490cfa9606a76de62b680fcbde8abf40f008d3e561859f819682d84e233c54ff3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 341b5da3d20aed419e09adcbb5b0b198
SHA1 3f0d42a38331aa0ae759f9e481a738d30ec1851b
SHA256 9c665789906188f506089b89797f990a8e5d011f547f036d53615bdda4d14355
SHA512 396d16177a217ca572b9ebb71dc08c91d180e984a656df7f22e96aeb9603062f5ce78376908c9e8af94580945b89f7781cb74744d3f4a720c3603ecf9b6a5e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 ddcffefac58f205ea194e1612e7c22a7
SHA1 4db6276eccafc0030490f970824b55dc327bfebd
SHA256 5f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a
SHA512 4b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15f17fcda814629087c0e807cbcd5c5d
SHA1 8c39ea94d88079f74ee197f231d5c681684e2cee
SHA256 81daa0d0aa11f2ee03a12406bf22bad8898dae61da4cbcf36ad89f740784e69a
SHA512 565bcbc0094b24a0a042d7ee3dbac23f3751287c1113aad3d59f18dbb49c296908079cd5cfdb27f1c1ffcaa8f1243ee3bbaa92c098b021a971a972677ee8ebb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a6ab.TMP

MD5 6c42e76160ffd267f83694d67323610a
SHA1 28ac10f4db65fc7d0629a18dc8cba17533024e28
SHA256 12e05cacc2fd6e1c2023e87a152f88b939088e7a619297497ceeb93a9a3b28a6
SHA512 e06069dd6efba6f3217f77cbace9720c527f3eb34874246a8b42f07217147bb3822fea7785b67dfc0e2d0d241784d309930fbc8a9f681a11688d5abcec666f25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46f7f94d1087c4c84d96574781bd5567
SHA1 45ee53a2cc783aec8ca1260a6e40db506ca853f3
SHA256 0552bd1e5ca7b742104e27a0fa7a7469492971a19b0b6ded968628387de6328c
SHA512 4550c7421872d5ecbc7773f3355403146859656e22e22fb582643e919de89dc53a793b02bf89f92f748fe3b90affd01a3c3ac5f938b5898cebb09a83700f2361

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2677083711f8a3c8d6ae9457836c65bb
SHA1 f071f6841b446da284620e9b2d7708d8b052c92f
SHA256 aa5ac433a555362118ef0bf18cb5f8fe336a981d8f8cced6511cd9f31e63ec92
SHA512 a0f9e4d4978640f6bd4d9d70f2b33298daec2e8ba50a5095925c2688e463f3e685b5d054bc516c13bf3eae12f62327a636b736c61853061c38f25e4c721b9b58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f76bec6944666ada19a9fe9caea062ac
SHA1 abea7a94577e44e351a506ebb56b05404b953d30
SHA256 996b8a9f52e23f16cea5e2a0d115201394e13856adfca4b69d392d9fbba2dfdc
SHA512 6959932ec73ecf7844c0d3271a0e593652b0568baa79715ba3fb9d99390b22f61aa9e3fd4ca59cb936602f4f5bafd06238f4f4427d0a67554fd25604f839ba8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 31d786f7ddf688ee97eb1a8462547dac
SHA1 dccc81490a104610059353ff69682698dd16859d
SHA256 e9f23f30fdb55d95e69e1930049a098f964092ad3811f7f6703fa5fe9c2216ad
SHA512 1ee26a14cd855ed82d4f5ea642fdcc4c4e09eacc6a5a495234842045c3ee9dd8a16bc03527715bfb6f96e2f8d275d9b992b774dd897270966526522cd42473e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dface1f959df327faf6c2df08bedd195
SHA1 979cc3687c3184cd0ddfa82f27433ed54c51bd95
SHA256 94c43282b118b8af2f37613b7499fc9f4d6ac954d2c8ea2a0f776cee3ee7ecbf
SHA512 be1ce44492501210fcfacfd833ebc42d6367b19e491c836170b097fcd43bec51a4bffaea192c2efaac46593ff8a59b3fed365cc155120119b67fb51c06ba45d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 90c99a70b32e7c4744faa2f4ac69f75a
SHA1 3552f7bd196c752fd002d35f71df0cf5b97d1483
SHA256 6f78f86043d3e8f1e9b36243ba6fb635b80a6ade46f5e24bc68d6c1126c6d4aa
SHA512 9e813e63133502cad9ea40a246d6f1695426848f8df350c0a9c28bf817f92d82c75641091343f3ca8080e9736df35e70747425d63e2add82ce3eb39984c678af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45a47c01b243f442c9a2da07f86ca09a
SHA1 7d5cff3e018c8966c3d42ee9ed3b62779ed945e1
SHA256 3c9ff1c135db3499ec11301bb142adcbfe07537957610fbe41654fbba47927cb
SHA512 e444c96d02cd6e743b4b37e6efe51de18dc5bae2c9712d4413ec6c956ec787f61292255b2083d2aee7a9b1e0aec722f391a2f7bdc4b9b4e1f68131f9a747ca35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 674bba33f820e06951cdaf49222a9e23
SHA1 e461f26b708051584571b3cb2ebca98457dcd77d
SHA256 d03508361cc4e9814b3d4c20eedf6956e31fa1af8487f3b7a72615c0f16d79ec
SHA512 6b96fc15122e385aa8c6f9f8b9520f742f9a066ddd29124ad415ca48202b8ff7e8f6b74e3cb7cdc52aa6c915e2eb2b8d7f3d802e1138d8e99f1d2bac4f70e1fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 78066e2ce42ee12de90bd94c80d8c161
SHA1 b4282258fc5ed6213475df1c05caaa87528d6471
SHA256 87cfe6c0d2e833d51c4b0745b7a3d5cc169c3b90a13b5a4fe01c8da99d75f1c7
SHA512 f87123bbaadebed5efdb89208e34e0d1b5dc1dde569cf0374729f79691d5482ded6c0fa37dcbe1ddec366684db2f6f69ab5be3b4a969306ecee7b593d83697a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

MD5 d032c762d7373fa2684ef0067f28740e
SHA1 23214b90b66fe9d9f7157a0b22d7706200506030
SHA256 a6486700ff734b288a460b6cb234995b64e3ee32cf8a1136b31b516153b7229f
SHA512 8229784566d621829b0cc0e392fe4751de1a729827ad0c9b9cc626c1f9dcbd8aebbc86c1f6147e03980ed219c94973fa1e9b551dae275567da8e3c9ebf1f6e8f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 cd114da5934c38af5195654da0ee8bb5
SHA1 211409cfaab1136dd3b72eff55b884a1167646dd
SHA256 4125a6fe491d8ae67bc8f8e1dea2d2ac88539cbf93a242d3d1308026f0da5c01
SHA512 97f4059334319d5ec2774bec9ea2a3d49583487c13f0a1490c9a51143d630df558397f84eccb01980f378e3d53208f3782decdd0f3fbc8d1bfefd5c77893e4c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 deeb61604c9ab319d18e7eb1bd6d9a24
SHA1 fad0fb21d09ccd8508e80249dcee305df0b639ca
SHA256 986bf51522e6e33ea14d54cd5322aa55ee56c95e7f01bc81c96ff7befaee5bba
SHA512 25f72a49b3c6823a4b31f44db18da2b074fd1bf114f977a8865fcfdffa44b2ee0e89b7dd2756d95a8014031694e9932c95de9b2d2ea41e78683f8c80c18ece0e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\11272

MD5 01ca156a762fb6da999207a84d2a7743
SHA1 a07ca0c878926b05fd79c9b3a33eb26258fd3c16
SHA256 51abbbdc0d9efdb1d9268d268ea96202a001e6dba6c9b8b026c6275bd73df26d
SHA512 32d84a86e022c54e18d8ab00f83b24259c892c076a8d04f75ec690cc2beec6e6fee9c00f3fd4b4a75b3589b2c21a012c6333878ecf965d8934df25a06ea6a646

C:\Users\Admin\Downloads\DiscordSetup.XNxET0lq.exe.part

MD5 be5703fc72b1ffed90f587a13266738d
SHA1 0aad50c44f204aec18ba7e553d604b88f48c3621
SHA256 7e9dae07c1eba63d9b65e0b2f0241902a6406e4e329c5ddba617da2f856dd351
SHA512 daf5fac58eed1673f4fb8b53c2248d561fb14e093cf53a960aca8e701111d6ec34ac80b7c39c5137e2aef883da5a2d62b28f018a4ae9287a13884999a007c3ab

C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier

MD5 632baae7961971b45182ed7f60b09466
SHA1 ca8bb0a1ee6d319a67b67d94e2246ad44cec67e7
SHA256 a532726f2b49df41913f3d96f21c930d69efc1c270955d12f03f634f3499bb6e
SHA512 1904d1a4b2fa3413ed6d89ad01a05e721646d0c30c066f79b851fc5a38c1bbd14e590c294deb243ff9d8948ddc278a6bddf42a49c591472ab99afe184a505bae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 de2318ed1f4867bb6d736c2d06d8bb7a
SHA1 16009969d16ab39691b85c32b9b6d4c22fa34779
SHA256 1043582351bf29344f92f2cb9448db326b725716ffe984aaf76b2c6e11f3476d
SHA512 8194249f3f3114106450de0d0126b838908314a139a53b8b26f9cc16c214b3637718e7fbb17fdd8664e64861e543a38748e57ea186bd14b6109adea57880720d

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 172a25012639d2177d4218d386953f6d
SHA1 f7a937a8d9fa267cf2cfd9f7ebfbbef0618c91f5
SHA256 59b4c3fd71a9d602778ac9479c101c87c9ec0ef28d9a986c6222ed965cad21c8
SHA512 c8d318e3eb81928d1e781182fc59a57395353443e9d33548316238f3cafcbb2de40e0978d17147a5a3a021b168f24144222246d2749dca1a4a10bff3662a0a80

memory/4504-1272-0x0000000000800000-0x0000000000976000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 a7657c3d29ffa0c38fa0710c4a057a18
SHA1 5300f1c026ad4858951eb8b38c1eda03369f2161
SHA256 732fca23c9deaab2aec377e2bbba5905983a5545c2a8c7eecdded379b59699b6
SHA512 886bee5b25822ada19a411eda1b5bbb98b83740a1b17d96e915dcdc0c835d81bd2d9e83cb49fc4299aac52722c51007d3ceee3229f070fa7a0accafec2c7a07c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 0abbcd5e5a195deefc2aca3723b4ce49
SHA1 bda98cce0dafdfa52da2891a175ef0a22f98b1c4
SHA256 a05c4d08851fb95e5a87baa7bbf9418f03511ab0e66c3347a7df82e1de2208ca
SHA512 794e4ba15b29afe8e450706b33ffee8fe90d30bea511990ee762590b305ee77ce9fbeed9bf39fb02a985ee3c02a8009de7a82490dcb5b448605c681ce97441ed

memory/4504-1464-0x0000000012570000-0x0000000012578000-memory.dmp

memory/4504-1466-0x00000000125D0000-0x00000000125DE000-memory.dmp

memory/4504-1465-0x00000000125F0000-0x0000000012628000-memory.dmp

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\ffmpeg.dll

MD5 3c3f780ec6dddfc5803d19dcf0b4a0c1
SHA1 e27813b9c36539d67daba118a58038ba751c2ee5
SHA256 f51ba46aa90587df7294c216d3e0d45f5cbf3a062b04971d96d87647556fa02c
SHA512 332aa9bff4db2458b7a1742f732e501dec165236b87a062a9fef4b09b734d901d13966b18d5fbe7461b50990585a240fd8b2593def254a7d03e92269f40b8ccc

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\v8_context_snapshot.bin

MD5 1e4da0bc6404552f9a80ccde89fdef2b
SHA1 838481b9e4f1d694c948c0082e9697a5ed443ee2
SHA256 2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918
SHA512 054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\icudtl.dat

MD5 e0f1ad85c0933ecce2e003a2c59ae726
SHA1 a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256 f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources\app.asar

MD5 91a273dc1d39acad8781fecd5f57933d
SHA1 918ae121eafdae53fa029f1aece4e7dfce752112
SHA256 f819a0553fe7e04e331119cfcd6ed399a05865ff05f0434d0b2e5ef660bef2d2
SHA512 b406f7f686b56014c198e3df8d80f104cbacb3593ecd21c35003e6820b53092f7269f35d3045b7de9ea370ae258efb0d30639a494af1b59eea3f6563cbb83ef4

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources\build_info.json

MD5 5a3e7b67737956e1e0e985788775062d
SHA1 b861613a795f268ead8b990a85fda1bb3ba74a01
SHA256 3d3f8ef59d1323705154516e73d62fa0781b19315372ac2332a82029acced2a4
SHA512 86a45e9023b3f82d0f781e64de06d969ef427052063f3e8bf8cb508dc771299af10bcdff6a596e06094a7ad64805c04d3331e98b4d602556b5643f7c5c7546ec

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\app.ico

MD5 084f9bc0136f779f82bea88b5c38a358
SHA1 64f210b7888e5474c3aabcb602d895d58929b451
SHA256 dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA512 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\resources.pak

MD5 e9056386a2b4edac9f0ffa829bc0cfa0
SHA1 f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e
SHA256 546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c
SHA512 c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/1664-1506-0x0000000005460000-0x0000000005480000-memory.dmp

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\locales\en-US.pak

MD5 809b600d2ee9e32b0b9b586a74683e39
SHA1 99d670c66d1f4d17a636f6d4edc54ad82f551e53
SHA256 0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb
SHA512 9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\chrome_200_percent.pak

MD5 47668ac5038e68a565e0a9243df3c9e5
SHA1 38408f73501162d96757a72c63e41e78541c8e8e
SHA256 fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32
SHA512 5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\chrome_100_percent.pak

MD5 4fc6564b727baa5fecf6bf3f6116cc64
SHA1 6ced7b16dc1abe862820dfe25f4fe7ead1d3f518
SHA256 b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb
SHA512 fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 518bcb341793086a662a4d3052e81591
SHA1 62ddda41f10204681a0c7a9bef6c692e4f19f766
SHA256 7c43d4d029fef583e1980bb5b65b41b8bd6233cd50f2fa31dc07522f1b6c22a2
SHA512 415f2189230a8ae61ae19f184c6b692a136c182316411711e53066ca61b7caa442e8a62c1ecf0153004c3c0894dbeb1d8a99448c16223563b2af5f9b40026cf9

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

MD5 24a95d55e3c3f5cbc4e778dbaa7d6e9e
SHA1 fb66247c8b034d5783c174b5ee93474dfbbf9362
SHA256 802307b407adbd87130c0c2255969ddbba635e1a3c14653733b3dbddaeac776a
SHA512 7ed56b10d22e2feac461ca5662c86669f872b1978a34a658d377b171532bad5fd030639db5d975a97873945044c134c1c59ea665c9023e393ffd76070d6ed429

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 659e8760c0c3e9acf6931867bbfe6f7f
SHA1 1041ded2d06e79bd8bb04e51318f2b4c8e26b2d2
SHA256 4d62a333cb1045de0aeff1984de5f57dbe18b99e24aa7f7a0689cf84e9370a73
SHA512 ee4144bb5159b673592cbaab93e32837b669cef58b79ed958492d2ab5537fe674a972e7f3c1489e4d8548a9de349d6596437c6b8298a72f59dc25a8e57e5d408

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

MD5 b646c84c5991e176f7e137ff8f515f7b
SHA1 52dd56c58a28ded672942d0bf38bc94ba0168705
SHA256 beeda1c19d1ca22c41d0882ad22d9a221282eb9969d8e058d1d42ecf9ca0efa1
SHA512 e0e90535fa75d5dc65b96953ea537b0f11fac66c4daab07ccb34146f5247417dfb934cea6c63b4e8cb549a8d8629370d5baef5e9bcb1a072e098d47d364b137b