Malware Analysis Report

2025-05-28 15:56

Sample ID 250518-m4z41sck2x
Target https://github.com/NebulaExplorer1/Discord-Token-Joiner
Tags
mercurialgrabber defense_evasion discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/NebulaExplorer1/Discord-Token-Joiner was found to be: Known bad.

Malicious Activity Summary

mercurialgrabber defense_evasion discovery stealer

Mercurialgrabber family

Mercurial Grabber Stealer

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Legitimate hosting services abused for malware hosting/C2

Maps connected drives based on registry

Looks up external IP address via web service

Drops file in Windows directory

Browser Information Discovery

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

NTFS ADS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-18 11:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-18 11:01

Reported

2025-05-18 11:03

Platform

win11-20250502-en

Max time kernel

62s

Max time network

64s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NebulaExplorer1/Discord-Token-Joiner

Signatures

Mercurial Grabber Stealer

stealer mercurialgrabber

Mercurialgrabber family

mercurialgrabber

Looks for VirtualBox Guest Additions in registry

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A

Looks for VMWare Tools registry key

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip4.seeip.org N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133920397287676006" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-330179853-1108322181-418488014-1000\{67F7C5AE-8AB7-480E-9128-5CA663ADD948} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Discord-Token-Joiner-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5208 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 5648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5208 wrote to memory of 4272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NebulaExplorer1/Discord-Token-Joiner

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x348,0x7ff8630ff208,0x7ff8630ff214,0x7ff8630ff220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1984,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4672,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe

cookie_exporter.exe --cookie-json=1140

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:14

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6164,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6736,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6508,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7320,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7488,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=7188 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7140,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7192,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6184,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1

C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe

"C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,17752106249875763809,15042969796643046622,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:14

C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe

"C:\Users\Admin\Downloads\Discord-Token-Joiner-main\Discord-Token-Joiner-main\Preview.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 20.26.156.215:443 github.com tcp
US 150.171.27.11:80 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com udp
N/A 224.0.0.251:5353 udp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 204.79.197.203:443 ntp.msn.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.18.190.103:443 assets.msn.com tcp
GB 2.18.190.103:443 assets.msn.com tcp
GB 2.18.190.103:443 assets.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.190.103:443 assets.msn.com udp
US 150.171.27.10:443 c.bing.com tcp
IE 13.74.129.1:443 c.msn.com tcp
GB 2.18.27.76:443 www.bing.com tcp
DE 18.244.18.27:443 sb.scorecardresearch.com tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.18.27.76:443 www.bing.com udp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
GB 51.104.15.252:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 51.104.15.252:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 204.79.197.203:443 srtb.msn.com tcp
US 204.79.197.203:443 srtb.msn.com tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 2.18.27.76:443 www.bing.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
US 8.8.8.8:53 uncoverit.org udp
US 8.8.8.8:53 uncoverit.org udp
US 8.8.8.8:53 uncoverit.org udp
US 8.8.8.8:53 uncoverit.org udp
US 104.21.55.153:443 uncoverit.org udp
US 8.8.8.8:53 www.uncoverit.org udp
US 8.8.8.8:53 www.uncoverit.org udp
US 104.21.55.153:443 www.uncoverit.org udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
GB 142.250.179.228:443 www.google.com tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 api.uncoverit.org udp
US 8.8.8.8:53 api.uncoverit.org udp
US 172.67.149.47:443 api.uncoverit.org udp
BE 64.233.166.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13447756d7707118cd3e40454b039e36
SHA1 a82f9ab994ad0297eeb840bc993e3a051c0a445a
SHA256 f9961e441ddd30712be94dde057c3d0f7857a04fc7c36a6ca677823f087eb34f
SHA512 6147e78eb865f0a56dc21c18040110af21a18d8caf22eb211bcc5afe476b443d538eb27d91c788f0b24bf9cf438795a47a1a817cda3ceff61f274f653772d30a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 abed9e3e2618edc08b0b4a9bf347482b
SHA1 4b8e21f266a1b3861e89185599ab6b265e0c308b
SHA256 c1db9209bc374a2f86cd95b7346b358838349df213bbf2e5a06533baaa399d8b
SHA512 11ac46f03cb60b91cc665ca07d95cef83b62e58ef3e2c0e57aad330a2f44ddffcc94b6bc031f690502171ae756869ec4b1c8cfd689529ed13915f42ea2cc1bc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 b4d66b46e37f7b05bdd9655ef874773f
SHA1 3b650d494957ac668f942519f9c8898091458708
SHA256 e1673dd677343d194d245ff14943441fed9b13bd3836b134fa99bc8ab2aeb985
SHA512 d2567cd3561e979bfcb7e7e26a7219eed7d438522710c9e937926b6073691d98d8b9d4e51ba692e8ea20fb349dc599d21916bc58b0e01780391d7aff1d8bc8a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee8be804b9f3b98e43598e5d0b0fd5aa
SHA1 bbe74ea2e3a1905484d2ff0d46a27bcf60589169
SHA256 6a44e4432af4d9dc996776cdcb5b0d12cbee78fbba7e72fea9f3af3386519a36
SHA512 68ddf3030a8d6196eab993c2da6d8b1f16d17bb5a087ba53d8cf3c476bb5a61afecfc2b28c87c850b54cb0d14369ef734e60ffbc33dc983e0ab29d733ee0e191

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90c96561588a20be2f7d06d64e1b7be5
SHA1 717bb4e6e5b3b067da5bc146d7ac9415459522e3
SHA256 fa0798047a8926dfd63455805e97b67e5d6c9bd00106a98a52b6089628270ad5
SHA512 e3d054b3c6cea82e18f2da9b0f8423a5bc122c723b9bf4313b3a6ec7dea6a69a76b234b8e75d36fd0eca13244c331c9a937aadcced3c963a391d90ec589cfdcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f0fd4fa2dc178d4b11b5cd3f74999982
SHA1 8350835bc2928d8a1b2d21823ed303f49b7cb9be
SHA256 49eb2a91aa2456b600a596f5806ebd75c3d2edbdf042a3f5637c010e5e9386d0
SHA512 3dd4e21a82f6b1d0f3dc6c237a5930c7a62f1c0d4ffde9f93c04df48c55e4a54cdbc15f1d10be16497e2c084c334bdc677fb236af972853316a4ebf50b3f4173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ec7d80fcfd0fa5b695a79d168efebf16
SHA1 b0f88a72905cf683ae4ce7e24dde8c7d955e2ad5
SHA256 7667694ef1c6872d7b5b7f21d440d049bc13ade5964db98f1330c92f34a969e4
SHA512 85dbb4ba730da3a30f56aa0af14661aad35eac19af4defc0e2c04060e48ef813abcfb24c78826c0274698b5402d36a4dc19b6ba43693a49f78ba5e6cff256a2b

C:\Users\Admin\Downloads\Discord-Token-Joiner-main.zip.crdownload

MD5 47dc005b37cef0c8bc773f16243b9416
SHA1 5c0c791e37d57d78cdad67cf85e34d6396eace50
SHA256 fe3a812d32a1611690f53dbb642e720b314ff8793dc026a092b34c7e8eb58098
SHA512 ba92852c7a2b5791eb1718d161b84dde864bc63e6b8da8cb49c67842dc84f5f37fa1e64459160e0000cc050733fc80aa29f120dbd678b5aed89ee449d2e28729

C:\Users\Admin\Downloads\Discord-Token-Joiner-main.zip:Zone.Identifier

MD5 1eecb73f8da5d905bde995dedddc6360
SHA1 b50d07ca7f0062da503f15061543df5efa13de0e
SHA256 2d150d5140f00057476e98c6e2470580f538d97a493fe6556fa00f483da33dab
SHA512 d3739fd52b64e0e54127ac4501043678779bfdce8bcf5b1e2380b031225ef52db05cbe275e20c04691dbe329070a76335c523961d0a11f3943a5068e6c6e852c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 b433eeb2d746272cd117d76362f98111
SHA1 b719791d8bdfd4674979c78b31800f435d8408a5
SHA256 de63dc1479d16e70d3a97847c18be3e5bab7c50fd17070c620d556ce94c493ab
SHA512 d1f9e666af7a3401485a7ef96d537ed1353a46f6535d569de08a678dd8a6dc126d49851409152a8c7b4f430f9f6fedc2d659f34fceb6950019373e97bccce0c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 545edb1abe5f4d13a47a2ab2eb2f9ee6
SHA1 24d857c70ac53ca440f3941a119ea10c7d9fa7f0
SHA256 25b904d07cf379b7f89f2b687fb1dac231bc7c3c660f0e2b4fc2f0bbba7d70fb
SHA512 5b1a1e28894cdbdcefa43677ed7e21111f0eb4da4d684aa6fc05cd48dad32964d10d1929d48ae9215993466242b49566f9bda1e5e8e9fc1ab982174871e90d38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 99a77ca523d741640fc587737f60f700
SHA1 bea373d339f1e40482460ed0e969153943d97826
SHA256 7e0d1248056d639332bfd37097bfb9d34d6cbdf4266cfbc0d6244bede533e0df
SHA512 7c2e701bacb6f1f9d49ffa02d50b6af5175b998848d340939c23d0da6789fe5f83ef081bb557bb5b3fe64d2fa4751231cf07dcd2c151e329461d995dc1b657ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 3321f9d4c290462d69304b72b57b9a8c
SHA1 aac457cf5ce9dd5a4014ac36c3a87cb43c7418be
SHA256 0bbdeab5e430142bc987488390c846cc6dd4fe67009a863554b95aaf446761b0
SHA512 1269bffc1929ab3d1cacec90c8b678e532d2f9a1a68ac024386d07679d364b50f0a7b9e2c9e98e5d1023c2dc330ac8f0cf5c1fce01969e446ab840e813e41bc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57ef71.TMP

MD5 08efc73d5aa9a9728e9f709e2992093e
SHA1 2ba99ae10364245d01b2d2808989cbfcb411a5eb
SHA256 e3c7f8abb8a145c32cd675295afc4ed8d21930deb05e51c9c991e374205eb26f
SHA512 661f175763a7610b9d3c8687725e31899d15d4d8ec9a1150ba5205affc70e3de2ffc6c0abaa059b8a58c8ae79fd050ce5eccfd52f36799aa5761382a50951f00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37432495-bf01-4d2e-8f20-5346491b28d5\index-dir\the-real-index

MD5 447c7fa19922558d8e6559eb556840f9
SHA1 9bd096c3f86a417776ba286e39d3112ab086203d
SHA256 774c8a4ce08b7e456e8fd0a2346b3e8d875e82f32df91098fc612a2bcc224db5
SHA512 1854753669e76e4b1bc6cd5a81d1c2674de1390b431f429c55fc9fd6bd4e2e2ca94621c76b666e39b19c981e2af31cca2347f0eb8a22fb6b261f6e42f11a2997

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37432495-bf01-4d2e-8f20-5346491b28d5\index-dir\the-real-index~RFe581cab.TMP

MD5 ebc7a89228693a7b2abddd0c4cce74d0
SHA1 8832fae92765b028cc4e09db74c3d3b3622de898
SHA256 24138fda8a437bfb51f7a042e7c09190ffa2ecf17f7ca3a47347fe9f3339de55
SHA512 ebffb58dc78f7224f458cb4c1477cb09762a7428a73d840dfbfb4ae590514441bf6940de9d88b30a556dd6b2bc48b6303f479aa9fd5f33a6fb412592ddba58d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b69b8602-856b-4bf3-bf8a-d58b434d1f77\index-dir\the-real-index

MD5 0cb92e1fa3774b377aa5df066063b5a1
SHA1 3a1dce3a1a70167c2a7683dd23938f78865cd2c3
SHA256 6f4b04721cf1f8ca1846494a085b15d4720201c9354f0acab80318f18b510612
SHA512 88ae0fe07e1e29853961807350d9650867ecb315d3c922e9bde6658aa427be8d23585f0ad8335968a31c48f942e4e871fee28739da6b68314b67e64aec03685a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b69b8602-856b-4bf3-bf8a-d58b434d1f77\index-dir\the-real-index~RFe5820a2.TMP

MD5 7243a30e898ce4a0603f019cd7db5ffe
SHA1 6383c493aed8ef63f156b8aaefb5e0e67a621665
SHA256 f8d86587d283b73f68ee28993768cbcc36a4a98694415a059be6055cf6f0b6c8
SHA512 154e44ecb2bd255b18ebbc7df9d39c3a705531f1662e85b7af267c897b8f90d6a1aa725d1e6d9b47d660978ee802ccb6d3987ba43bb6d490e37279152ea81461

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe583285.TMP

MD5 f5fe2635bfa3259b75be3e10769ecce3
SHA1 93863c0e45541a1f4142de86473b7de4e8d8c415
SHA256 955f71b8adedb09706c02f36219584e69485e3757cb470b215cec88e9eabc7f2
SHA512 53e633e3e7cd2c3e46b1f5e77cf00f15bbe68622370f2e2210294e4982621b496feb1e3038a2805b730fb55370a1cb49b891a50aaa860fb7cf53a16344c0ce86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 011f9d7c8d15b2f9c7d8ab7ac636ab86
SHA1 a7b815d6cd9b4f6cc6ff140c90319949f4db07a4
SHA256 642efa92e602b66e2a37078f7eea35984b2c1e09a838c761e00803ba32a28aae
SHA512 035dbba074a94c3b86f5773dffb319d29ad6be5f9a122d07fad81016108ef28b972822e61690a815d75265bc82c43e8c9c11fa0aaacf54b3c0b7d79ab0cfd055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 108a6796721069be385b8c377826c843
SHA1 5357fc734338f62eb62ef48ee0a52c9da2fdecb9
SHA256 7202c4ae8cfe63bcc000c6f424b172aa11d647a026f4bc42b4d2aa0e426ce27c
SHA512 19aa77b628f63119d0070e7af62ace583f60aec0e3277202fd69a3abb8edc1d733cd7f567821cf102c30317a7f48c83a6244543f1ea073c724ce4d4e169e4541

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58338e.TMP

MD5 bf25c13715750d2854f80611d02ff000
SHA1 a1040af254194d8838a5efce000bb1af47477f23
SHA256 0b386c8e5f1de5bdc36f3b00e4ed4da87ee6623c7ced88257fad22e8071499e6
SHA512 f06e702d4960774ba836e8a9dad6ecc7d6bb6ea94ff7882a97fb75713cf731e2d61c7907ada08c5032ba9cbe03d9fb253f6cd1b52839f7dbf42fe25806033201

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e819d3d5-3d8b-4ca1-9eb8-9b0a32b9b2c6\index-dir\the-real-index~RFe583822.TMP

MD5 3b944bb2b58f2f4c3015b3b4a68d5d38
SHA1 929f341968a09119d456b45c7371e724fb59a894
SHA256 34dda2aa7fda6bcc7e65846cdd2403a090283ba892ecfc146e4a55da0cc6aea3
SHA512 e66cac91464aa3521f09698659c3e9f1c4f0993d02a04673aea7eb08e3b85a03af218d5b10b3f530865f35517c9f15dd6f25bdecaa069fde5ea13bede9c24acc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e819d3d5-3d8b-4ca1-9eb8-9b0a32b9b2c6\index-dir\the-real-index

MD5 48dcdbf7dd7175dedbccef215098b1d7
SHA1 3567ec03cfff28193093407af06136243d671d45
SHA256 46a96f1ddc49c95b98edf7566621761614cc41d42f3a6607399e0fb5f2d51256
SHA512 cc1f92eb5083a3915ba57cf432cd7ea6d631a3055632e9aeb38f89103e9b2b06863efb52d5c833276f18f7cada16892708c7aae80cccdbcec2919ea3ee5d4c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 5477b69bb3137baea9aa0eb5e19722b9
SHA1 f1b44177da6a3a270be8dbcd72648aa65a661d5f
SHA256 524eac81bab35c71ad69273795d5736a2d037af34df1cdf66fe62491889bedb3
SHA512 3835d6e5915fba8e0a50e19df402bde401b4585f629f426eb1c446b55cc3647616e2135c9166a7a0e1f35e5e30f7eefb4064f603e369a57ab30cfd0fdded3b2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

MD5 2428c363ad3ee3460afa681a8a830b3f
SHA1 146b483b4ef4b471cb4cadd8988049f5920d8f09
SHA256 214df30aec64c20ce7d6b1ad37902b1c1029ac41b63439de98140ccba78d3a09
SHA512 5150521c5b1934c4e9086d687e2c016b1c7be7096f52f0d1e10b83ce0d0d6ec0a4d2a101382e63a9ec9db0b2d9557f35e3523ad15e2db28472ab1deee654f69e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fc765862-da04-4aa9-8c8e-9923a6be0c94.tmp

MD5 648b82c6efdf2fd7a769f38cac71facf
SHA1 f183def5d810a4ceb90b645bc870e16611ec50cd
SHA256 54c29f0e1ed7c6700e9fd990f87d416ee5a51ca734218dd25a41c8ee5854c75b
SHA512 9c7a45171ce075ef6e979032b0fd3bf231355c09376d0386b7b84470f6afcecf8da142c6100635db0e1a7f7578f0779ac54c69b7e3ebbd370e44abb14a74cc1a

memory/6104-1406-0x0000000000F00000-0x0000000000F10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 3d7c92f2525a883671a5ce91c78895bc
SHA1 e1d4d8bbb3b156b0021948862467c28594b8537a
SHA256 79b7ce7519f66758e6214942834bc48a34f907d77a1e7c0d97ca50de3cbec76d
SHA512 18b01d64350375cc5f67eab4ca758eac9d36284782b7fafd6590d9389d749c8349fd0cc987c0f4d11194fdb80c1d45734f9404049b2d2af4dd7bc009939e5964

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f788ae43-40d6-47d3-a7f8-7c0253410008.tmp

MD5 ef453447fff54a7f1f5c6de7096f50d5
SHA1 2c8ab99bd2eae835ebde618921602ac0545cf53d
SHA256 46f5a7bba652de1b52b2acb879a3480ed422138db615d76d37fbf9d587c27988
SHA512 edc22648296c40a7c2fc9a0419de5c6d2c59b3781438217388f62d9650ae030841066d5b03f981b256c1c79e82efdfda517862cb2131ca2e35b4f98e2dbfcbc7