ID: 184799Sample Name: Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exeCookbook: default.jbsTime: 16:12:38Date: 23/10/2019Version: 28.0.0 Lapis Lazuli

2555666778888889999999

10

101010101011111111111111111212121212131414141415163838384344444444454545

Table of Contents

Table of ContentsAnalysis Report Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview

AV Detection:Spreading:Networking:Key, Mouse, Clipboard, Microphone and Screen Capturing:System Summary:Data Obfuscation:Persistence and Installation Behavior:Boot Survival:Hooking and other Techniques for Hiding and Protection:Malware Analysis System Evasion:Anti Debugging:HIPS / PFW / Operating System Protection Evasion:Language, Device and Operating System Detection:

Behavior GraphSimulations

Behavior and APIsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs

Joe Sandbox View / ContextIPsDomainsASNJA3 FingerprintsDropped Files

ScreenshotsThumbnails

StartupCreated / dropped FilesDomains and IPs

Contacted DomainsURLs from Memory and BinariesContacted IPsPublicPrivate

Static File InfoGeneralFile IconStatic PE Info

General

Copyright Joe Security LLC 2019 Page 2 of 218

454546464747474848

4848495051515460606061616161618080

151

151151151152

152152152152159159160202

209209209209

210210210210210

210210211211211211

212212212212

212213213

213213

213213

213213

214214

214214

214214

Authenticode SignatureEntrypoint PreviewRich HeadersData DirectoriesSectionsResourcesImportsVersion InfosPossible Origin

Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe PID: 3336 Parent PID: 4416GeneralFile Activities

File CreatedFile DeletedFile WrittenFile Read

Registry ActivitiesKey CreatedKey Value CreatedKey Value Modified

Analysis Process: Guilded.exe PID: 3212 Parent PID: 3040GeneralFile Activities

File CreatedFile DeletedFile MovedFile WrittenFile Read

Registry ActivitiesKey CreatedKey Value CreatedKey Value Modified

Analysis Process: Guilded.exe PID: 2824 Parent PID: 3212GeneralFile Activities

File CreatedFile Read

Analysis Process: Guilded.exe PID: 888 Parent PID: 3212GeneralFile Activities

File CreatedFile WrittenFile Read

Analysis Process: Guilded.exe PID: 4520 Parent PID: 3212GeneralFile Activities

File Read

Analysis Process: cmd.exe PID: 3020 Parent PID: 3212GeneralFile Activities

Analysis Process: conhost.exe PID: 3528 Parent PID: 3020General

Analysis Process: reg.exe PID: 3536 Parent PID: 3020General

Analysis Process: Guilded.exe PID: 2656 Parent PID: 3212General

Analysis Process: cmd.exe PID: 832 Parent PID: 3212General

Analysis Process: conhost.exe PID: 1708 Parent PID: 832General

Analysis Process: reg.exe PID: 5036 Parent PID: 832General

Copyright Joe Security LLC 2019 Page 3 of 218

215215

215215

215215

216216

216216

216216

217217

217217

217217

218218

218218

218218

Analysis Process: Guilded.exe PID: 4888 Parent PID: 3040General

Analysis Process: Guilded.exe PID: 2052 Parent PID: 3040General

Analysis Process: Guilded.exe PID: 3960 Parent PID: 4888General

Analysis Process: Guilded.exe PID: 2172 Parent PID: 3212General

Analysis Process: Guilded.exe PID: 4948 Parent PID: 2052General

Analysis Process: Guilded.exe PID: 4748 Parent PID: 3212General

Analysis Process: Guilded.exe PID: 4924 Parent PID: 4888General

Analysis Process: cmd.exe PID: 4332 Parent PID: 3212General

Analysis Process: conhost.exe PID: 3580 Parent PID: 4332General

Analysis Process: reg.exe PID: 2572 Parent PID: 4332General

Analysis Process: Guilded.exe PID: 4624 Parent PID: 2052General

DisassemblyCode Analysis

Copyright Joe Security LLC 2019 Page 4 of 218

Analysis Report Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

Overview

General Information

Joe Sandbox Version: 28.0.0 Lapis Lazuli

Analysis ID: 184799

Start date: 23.10.2019

Start time: 16:12:38

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 20m 47s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

Cookbook file name: default.jbs

Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

Number of analysed new started processes analysed: 36

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis stop reason: Timeout

Detection: SUS

Classification: sus39.winEXE@39/90@15/13

EGA Information: Failed

HDC Information: Failed

HCA Information: Failed

Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .exe

Copyright Joe Security LLC 2019 Page 5 of 218

Warnings:

Detection

Strategy Score Range Reporting Whitelisted Detection

Threshold 39 0 - 100 false

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 0 0 - 5 true

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Exclude process from analysis (whitelisted): dllhost.exe, TiWorker.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe, svchost.exe, TrustedInstaller.exeExcluded IPs from analysis (whitelisted): 104.90.145.230, 23.0.174.185, 23.0.174.200, 205.185.216.42, 205.185.216.10, 40.90.137.124, 40.90.23.154, 40.90.23.208, 72.21.91.29Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, 2-01-3cf7-0009.cdx.cedexis.net, download.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, a767.dspw65.akamai.net, vs.login.msa.akadns6.net, cdn.onenote.net.edgekey.net, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, login.live.com, e1553.dspg.akamaiedge.net, login.msa.akadns6.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtAllocateVirtualMemory calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtSetInformationFile calls found.

Show All

Classification

Copyright Joe Security LLC 2019 Page 6 of 218

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior

Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Sample searches for specific file, try point organization specific fake files to the analysis machine

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

Initial Access Execution PersistencePrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Command andControl

Valid Accounts Command-LineInterface 1 1

StartupItems 1

StartupItems 1

ModifyRegistry 1

InputCapture 1 1

QueryRegistry 1 1

ApplicationDeploymentSoftware

InputCapture 1 1

DataEncrypted 1

StandardCryptographicProtocol 2

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

Copyright Joe Security LLC 2019 Page 7 of 218

ReplicationThroughRemovableMedia

ServiceExecution

Registry RunKeys / StartupFolder 1 1

ProcessInjection 1

ProcessInjection 1

NetworkSniffing

ProcessDiscovery 1

RemoteServices

Data fromRemovableMedia

Exfiltration OverOther NetworkMedium

Standard Non-ApplicationLayerProtocol 2

Drive-byCompromise

WindowsManagementInstrumentation

AccessibilityFeatures

PathInterception

DLL Side-Loading 1

Input Capture SecuritySoftwareDiscovery 1 1

WindowsRemoteManagement

Data fromNetwork SharedDrive

AutomatedExfiltration

StandardApplicationLayerProtocol 2

Exploit Public-FacingApplication

Scheduled Task SystemFirmware

DLL SearchOrder Hijacking

ObfuscatedFiles orInformation

Credentials inFiles

Remote SystemDiscovery 1

Logon Scripts Input Capture Data Encrypted MultibandCommunication

SpearphishingLink

Command-LineInterface

ShortcutModification

File SystemPermissionsWeakness

Masquerading AccountManipulation

File andDirectoryDiscovery 1 1

SharedWebroot

Data Staged ScheduledTransfer

StandardCryptographicProtocol

SpearphishingAttachment

Graphical UserInterface

Modify ExistingService

New Service DLL SearchOrder Hijacking

Brute Force SystemInformationDiscovery 2

Third-partySoftware

Screen Capture Data TransferSize Limits

CommonlyUsed Port

Initial Access Execution PersistencePrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Command andControl

Signature Overview

• AV Detection

• Spreading

• Networking

• Key, Mouse, Clipboard, Microphone and Screen Capturing

• System Summary

• Data Obfuscation

• Persistence and Installation Behavior

• Boot Survival

• Hooking and other Techniques for Hiding and Protection

• Malware Analysis System Evasion

• Anti Debugging

• HIPS / PFW / Operating System Protection Evasion

• Language, Device and Operating System Detection

Click to jump to signature section

AV Detection:

Antivirus or Machine Learning detection for dropped file

Spreading:

Enumerates the file system

Networking:

IP address seen in connection with other malware

Connects to IPs without corresponding DNS lookups

Found strings which match to known social media urls

Performs DNS lookups

Urls found in memory or binary data

Uses HTTPS

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a raw input device (often for capturing keystrokes)

System Summary:

Copyright Joe Security LLC 2019 Page 8 of 218

Creates mutexes

Enables security privileges

PE file contains strange resources

Reads the hosts file

Sample file is different than original file name gathered from version info

Sample reads its own file content

Tries to load missing DLLs

Uses reg.exe to modify the Windows registry

Classification label

Creates files inside the user directory

Creates temporary files

PE file has an executable .text section and no other executable section

Reads ini files

Reads software policies

Spawns processes

Uses an in-process (OLE) Automation server

Creates a software uninstall entry

PE file has a valid certificate

Submission file is bigger than most known malware samples

Contains modern PE file flags such as dynamic base (ASLR) or NX

Binary contains paths to debug symbols

Data Obfuscation:

PE file contains an invalid checksum

Persistence and Installation Behavior:

Uses cmd line tools excessively to alter registry or file data

Drops PE files

Creates license or readme file

Boot Survival:

Stores files to the Windows start menu directory

Creates an autostart registry key

Hooking and other Techniques for Hiding and Protection:

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Disables application error messsages (SetErrorMode)

Malware Analysis System Evasion:

Checks the free space of harddrives

Enumerates the file system

Found dropped PE file which has not been started or loaded

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Queries a list of all running processes

Anti Debugging:

Checks if the current process is being debugged

HIPS / PFW / Operating System Protection Evasion:

Copyright Joe Security LLC 2019 Page 9 of 218

Creates a process in suspended mode (likely to inject code)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Queries the cryptographic machine GUID

Behavior GraphID: 184799

Sample: Guilded-Win_v_a5162ea0f0da8...

Startdate: 23/10/2019

Architecture: WINDOWS

Score: 39

cdn.onenote.net

Antivirus or MachineLearning detection for

dropped file

Guilded.exe

2 110

started

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

13 327

started

Guilded.exe

started

Guilded.exe

started

api.mixpanel.com

107.178.240.159, 443, 49722, 49731

unknown

United States

192.168.2.2

unknown

unknown

10 other IPs or domains

cmd.exe

1

started

cmd.exe

started

cmd.exe

started

6 other processes

C:\Users\user\AppData\...\SnoreToast.exe, PE32

dropped

C:\Users\user\AppData\Local\...\installer.exe, PE32

dropped

C:\Users\user\AppData\Local\...\nsis7z.dll, PE32

dropped

13 other files (none is malicious)

dropped

192.168.2.7

unknown

unknown

Guilded.exe

started

Guilded.exe

started

192.168.2.5, 443, 49260, 49398

unknown

unknown

192.168.2.6

unknown

unknown

Guilded.exe

started

Guilded.exe

started

Uses cmd line toolsexcessively to alterregistry or file data

conhost.exe

started

reg.exe

started

conhost.exe

started

reg.exe

started

conhost.exe

started

reg.exe

started

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

Time Type Description

16:15:42 Autostart Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run electron.app.Guilded C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

16:15:52 Autostart Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run electron.app.Guilded C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

No Antivirus matches

Behavior Graph

Simulations

Behavior and APIs

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Copyright Joe Security LLC 2019 Page 10 of 218

Source Detection Scanner Label Link

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe

100% Joe Sandbox ML

C:\Users\user\AppData\Local\Programs\Guilded\d3dcompiler_47.dll 0% Virustotal Browse

C:\Users\user\AppData\Local\Programs\Guilded\d3dcompiler_47.dll 0% Metadefender Browse

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libEGL.dll 0% Virustotal Browse

No Antivirus matches

Source Detection Scanner Label Link

cdn.onenote.net 1% Virustotal Browse

Source Detection Scanner Label Link

https://standardjs.com) 0% Avira URL Cloud safe

modp.com/release/base64 0% Virustotal Browse

modp.com/release/base64 0% Avira URL Cloud safe

exslt.org/common 0% Virustotal Browse

exslt.org/common 0% URL Reputation safe

narwhaljs.org) 0% Avira URL Cloud safe

istanbul-js.org/ 0% Virustotal Browse

istanbul-js.org/ 0% Avira URL Cloud safe

lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt 0% Virustotal Browse

lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt 0% Avira URL Cloud safe

html4/loose.dtd 0% Avira URL Cloud safe

harfbuzz.org 0% Virustotal Browse

harfbuzz.org 0% Avira URL Cloud safe

peter.michaux.ca/articles/lazy-function-definition-pattern) 0% Avira URL Cloud safe

publicsuffix.org 0% Virustotal Browse

publicsuffix.org 0% Avira URL Cloud safe

mths.be/fromcodepoint 0% Virustotal Browse

mths.be/fromcodepoint 0% Avira URL Cloud safe

https://crbug.com/v8/8520 0% Virustotal Browse

https://crbug.com/v8/8520 0% Avira URL Cloud safe

hyperelliptic.org/tanja 0% Virustotal Browse

hyperelliptic.org/tanja 0% Avira URL Cloud safe

pajhome.org.uk/crypt/md5 0% Virustotal Browse

pajhome.org.uk/crypt/md5 0% URL Reputation safe

https://dejavu-fonts.github.io/Download.html 0% Virustotal Browse

https://dejavu-fonts.github.io/Download.html 0% Avira URL Cloud safe

juliangruber.com 0% Virustotal Browse

juliangruber.com 0% Avira URL Cloud safe

.jpg 0% Avira URL Cloud safe

No yara matches

No yara matches

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Copyright Joe Security LLC 2019 Page 11 of 218

No yara matches

No yara matches

No yara matches

Match Associated Sample Name / URL SHA 256 Detection Link Context

35.188.42.15 danlin.in.net/G5?POP!= Get hash malicious Browse

https://asafetyconcept.icu/oned/xb/ Get hash malicious Browse

Ada_com.ada.app_1551250000_2.18.0_.apk Get hash malicious Browse

107.178.240.159 Secure VPN.apk Get hash malicious Browse

docu-signen.dynu.net/ Get hash malicious Browse

https://decosurfaceslaval.egnyte.com/dl/t3bwNmJihw Get hash malicious Browse

https://flexgreenlight.egnyte.com/dl/G1BEXxPebE Get hash malicious Browse

https://seginidulu.com/wpgg/gig/Signdrivmt-3556710u91i50j69i57o69i60l33222r01&fieldeourcids/

Get hash malicious Browse

spsetup132.exe Get hash malicious Browse

https://ssactivewears.egnyte.com/dl/ASr14nb9fP Get hash malicious Browse

VpnInstaller.exe Get hash malicious Browse

Report From Fax.htm Get hash malicious Browse

Match Associated Sample Name / URL SHA 256 Detection Link Context

api.mixpanel.com dfsetup222.exe Get hash malicious Browse 35.186.241.51

Audio_Instruction_Eccalon.com.pdf Get hash malicious Browse 35.186.241.51

Secure VPN.apk Get hash malicious Browse 35.190.25.25

docu-signen.dynu.net/ Get hash malicious Browse 107.178.240.159

Hexatech VPN.apk Get hash malicious Browse 35.190.25.25

https://decosurfaceslaval.egnyte.com/dl/t3bwNmJihw Get hash malicious Browse 107.178.240.159

https://decosurfaceslaval.egnyte.com/dl/6ukKT4NiWs Get hash malicious Browse 35.190.25.25

https://flexgreenlight.egnyte.com/dl/G1BEXxPebE Get hash malicious Browse 130.211.34.183

https://flexgreenlight.egnyte.com/dl/G1BEXxPebE Get hash malicious Browse 35.190.25.25

https://flexgreenlight.egnyte.com/dl/G1BEXxPebE Get hash malicious Browse 130.211.34.183

https://flexgreenlight.egnyte.com/dl/G1BEXxPebE Get hash malicious Browse 107.178.240.159

https://ovastor.egnyte.com/dl/RjCuhHb7ef Get hash malicious Browse 35.190.25.25

www.undergraduatelibrary.org/profiles/?login=phishme@psl.com.au

Get hash malicious Browse 35.186.241.51

https://comcast.showpad.com/share/ZEFyQMfMzr3TN05R9MXk8

Get hash malicious Browse 130.211.34.183

https://seginidulu.com/wpgg/gig/Signdrivmt-3556710u91i50j69i57o69i60l33222r01&fieldeourcids/

Get hash malicious Browse 107.178.240.159

https://seginidulu.com/wpgg/gig/Signdrivmt-3556710u91i50j69i57o69i60l33222r01&fieldeourcids/

Get hash malicious Browse 35.190.25.25

spsetup132.exe Get hash malicious Browse 107.178.240.159

https://ssactivewears.egnyte.com/dl/ASr14nb9fP Get hash malicious Browse 107.178.240.159

https://ssactivewears.egnyte.com/dl/ASr14nb9fP Get hash malicious Browse 35.186.241.51

https://bobwagner.egnyte.com/dl/OW1KEYe5i4 Get hash malicious Browse 130.211.34.183

sentry.io danlin.in.net/G5?POP!= Get hash malicious Browse 35.188.42.15

Memory Dumps

Unpacked PEs

Joe Sandbox View / Context

IPs

Domains

Copyright Joe Security LLC 2019 Page 12 of 218

https://asafetyconcept.icu/oned/xb/ Get hash malicious Browse 35.188.42.15

Ada_com.ada.app_1551250000_2.18.0_.apk Get hash malicious Browse 35.188.42.15

Match Associated Sample Name / URL SHA 256 Detection Link Context

Match Associated Sample Name / URL SHA 256 Detection Link Context

unknown www.kaanmed.com.tr/en/wp-content/WYdgTaSsr/ Get hash malicious Browse 181.197.2.80

Nuovo_40.doc Get hash malicious Browse 185.189.151.22

www.kaanmed.com.tr/en/wp-content/WYdgTaSsr/ Get hash malicious Browse 181.197.2.80

Nuovo_40.doc Get hash malicious Browse 185.189.151.22

themesloada.exe Get hash malicious Browse 74.208.68.48

421.exe Get hash malicious Browse 186.0.95.172

PI.xlsx Get hash malicious Browse 151.80.8.7

Invoice_INVUS710601.pdf Get hash malicious Browse 3.3.0.2

toutsurimmo.com/check/ Get hash malicious Browse 172.217.22.226

https://od.lk/f/MTVfMTQyNDEwMzBf Get hash malicious Browse 104.19.195.151

https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fod.lk%2Ff%2FMTVfMTQyNDEwMzBf&data=02%7C01%7Cjfriedman%40cgsinc.com%7Ca8dad99a72d5475342d408d7158b7a64%7C0d1ddb6a0fe849d19be97d917d9b18b7%7C0%7C1%7C637001561633158924&sdata=7kT7CkY4wUxwPlJtlvoWb%2BqL43B1NO5n6rpHK3I%2Fw78%3D&reserved=0

Get hash malicious Browse 172.217.22.226

MFC42u.dll Get hash malicious Browse 2.21.140.74

https://8raboalert.com/bankpas Get hash malicious Browse 190.14.37.150

20191008387733.htm Get hash malicious Browse 166.62.10.51

jobmalawi.com/nn/kk.txt Get hash malicious Browse 202.87.31.222

IMG_17410733319PK.exe Get hash malicious Browse 194.5.99.55

https://storage.googleapis.com/facebook-account-is-blocked/facebook-verified.html?1918422176388451619904

Get hash malicious Browse 172.217.22.206

2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe

Get hash malicious Browse 187.58.56.26

Fattura Pagamento N doc 0016.xls Get hash malicious Browse 185.212.44.189

NWYDQNl2.exe Get hash malicious Browse 47.74.208.138

unknown www.kaanmed.com.tr/en/wp-content/WYdgTaSsr/ Get hash malicious Browse 181.197.2.80

Nuovo_40.doc Get hash malicious Browse 185.189.151.22

www.kaanmed.com.tr/en/wp-content/WYdgTaSsr/ Get hash malicious Browse 181.197.2.80

Nuovo_40.doc Get hash malicious Browse 185.189.151.22

themesloada.exe Get hash malicious Browse 74.208.68.48

421.exe Get hash malicious Browse 186.0.95.172

PI.xlsx Get hash malicious Browse 151.80.8.7

Invoice_INVUS710601.pdf Get hash malicious Browse 3.3.0.2

toutsurimmo.com/check/ Get hash malicious Browse 172.217.22.226

https://od.lk/f/MTVfMTQyNDEwMzBf Get hash malicious Browse 104.19.195.151

https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fod.lk%2Ff%2FMTVfMTQyNDEwMzBf&data=02%7C01%7Cjfriedman%40cgsinc.com%7Ca8dad99a72d5475342d408d7158b7a64%7C0d1ddb6a0fe849d19be97d917d9b18b7%7C0%7C1%7C637001561633158924&sdata=7kT7CkY4wUxwPlJtlvoWb%2BqL43B1NO5n6rpHK3I%2Fw78%3D&reserved=0

Get hash malicious Browse 172.217.22.226

MFC42u.dll Get hash malicious Browse 2.21.140.74

https://8raboalert.com/bankpas Get hash malicious Browse 190.14.37.150

20191008387733.htm Get hash malicious Browse 166.62.10.51

jobmalawi.com/nn/kk.txt Get hash malicious Browse 202.87.31.222

IMG_17410733319PK.exe Get hash malicious Browse 194.5.99.55

https://storage.googleapis.com/facebook-account-is-blocked/facebook-verified.html?1918422176388451619904

Get hash malicious Browse 172.217.22.206

2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe

Get hash malicious Browse 187.58.56.26

Fattura Pagamento N doc 0016.xls Get hash malicious Browse 185.212.44.189

NWYDQNl2.exe Get hash malicious Browse 47.74.208.138

unknown www.kaanmed.com.tr/en/wp-content/WYdgTaSsr/ Get hash malicious Browse 181.197.2.80

Nuovo_40.doc Get hash malicious Browse 185.189.151.22

www.kaanmed.com.tr/en/wp-content/WYdgTaSsr/ Get hash malicious Browse 181.197.2.80

Nuovo_40.doc Get hash malicious Browse 185.189.151.22

themesloada.exe Get hash malicious Browse 74.208.68.48

421.exe Get hash malicious Browse 186.0.95.172

ASN

Copyright Joe Security LLC 2019 Page 13 of 218

PI.xlsx Get hash malicious Browse 151.80.8.7

Invoice_INVUS710601.pdf Get hash malicious Browse 3.3.0.2

toutsurimmo.com/check/ Get hash malicious Browse 172.217.22.226

https://od.lk/f/MTVfMTQyNDEwMzBf Get hash malicious Browse 104.19.195.151

https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fod.lk%2Ff%2FMTVfMTQyNDEwMzBf&data=02%7C01%7Cjfriedman%40cgsinc.com%7Ca8dad99a72d5475342d408d7158b7a64%7C0d1ddb6a0fe849d19be97d917d9b18b7%7C0%7C1%7C637001561633158924&sdata=7kT7CkY4wUxwPlJtlvoWb%2BqL43B1NO5n6rpHK3I%2Fw78%3D&reserved=0

Get hash malicious Browse 172.217.22.226

MFC42u.dll Get hash malicious Browse 2.21.140.74

https://8raboalert.com/bankpas Get hash malicious Browse 190.14.37.150

20191008387733.htm Get hash malicious Browse 166.62.10.51

jobmalawi.com/nn/kk.txt Get hash malicious Browse 202.87.31.222

IMG_17410733319PK.exe Get hash malicious Browse 194.5.99.55

https://storage.googleapis.com/facebook-account-is-blocked/facebook-verified.html?1918422176388451619904

Get hash malicious Browse 172.217.22.206

2019-10-21-Trickbot-gtag-mor27-retreived-by-Emotet-infected-host.exe

Get hash malicious Browse 187.58.56.26

Fattura Pagamento N doc 0016.xls Get hash malicious Browse 185.212.44.189

NWYDQNl2.exe Get hash malicious Browse 47.74.208.138

Match Associated Sample Name / URL SHA 256 Detection Link Context

No context

Match Associated Sample Name / URL SHA 256 Detection Link Context

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\SpiderBanner.dll

XMind-ZEN-Update-2019-for-Windows-64bit-9.2.1-201906120058.exe

Get hash malicious Browse

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

JA3 Fingerprints

Dropped Files

Screenshots

Copyright Joe Security LLC 2019 Page 14 of 218

Startup

Copyright Joe Security LLC 2019 Page 15 of 218

System is w10x64

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe (PID: 3336 cmdline: 'C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe' MD5:

2B957878EF2B321086B0D4F520EA4383)Guilded.exe (PID: 3212 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 2824 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1728,10815023912630156839,16051

418799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=3828075260392862811 --mojo-platform-channel-handle=1752 --ignored=' --type=renderer ' /prefetch:2 MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 888 cmdline: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe --no-rate-limit --no-upload-gzip --type=crash-handler '--crashes-directory=C:\Users

\user\AppData\Local\Temp\Guilded Crashes' '--database=C:\Users\user\AppData\Local\Temp\Guilded Crashes' '--metrics-dir=C:\Users\user\AppData\Local\Temp\Guilded Crashes' --initial-client-data=0x934,0x914,0xb94,0x990,0xb98,0x145c524d8,0x145c524e8,0x145c524f8 MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 4520 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1728,10815023912630156839,16051418

799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --background-color=#00FFFFFF --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9992040580958664645 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1 MD5: C977E562267A016639C757CF82A38F6D)

cmd.exe (PID: 3020 cmdline: C:\Windows\system32\cmd.exe /d /s /c '%windir%\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v

MachineGuid' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)conhost.exe (PID: 3528 cmdline: C:\Windows\system32\conhost.exe 0x4 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

reg.exe (PID: 3536 cmdline: C:\Windows\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid MD5:

E3DACF0B31841FA02064B4457D44B357)Guilded.exe (PID: 2656 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1728,10815023912630156839,16051

418799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=17680003858392036450 --mojo-platform-channel-handle=2984 /prefetch:2 MD5: C977E562267A016639C757CF82A38F6D)

cmd.exe (PID: 832 cmdline: C:\Windows\system32\cmd.exe /d /s /c '%windir%\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v

MachineGuid' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)conhost.exe (PID: 1708 cmdline: C:\Windows\system32\conhost.exe 0x4 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

reg.exe (PID: 5036 cmdline: C:\Windows\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid MD5:

E3DACF0B31841FA02064B4457D44B357)Guilded.exe (PID: 2172 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1728,10815023912630156839,16051418

799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --preload='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar\preload.js' --background-color=#212124 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17956803505755404334 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1 MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 4748 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=utility --field-trial-handle=1728,10815023912630156839,160514187

99537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --no-sandbox --service-request-channel-token=2573616115676272192 --mojo-platform-channel-handle=3752 /prefetch:8 MD5: C977E562267A016639C757CF82A38F6D)

cmd.exe (PID: 4332 cmdline: C:\Windows\system32\cmd.exe /d /s /c '%windir%\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v

MachineGuid' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)conhost.exe (PID: 3580 cmdline: C:\Windows\system32\conhost.exe 0x4 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

reg.exe (PID: 2572 cmdline: C:\Windows\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid MD5:

E3DACF0B31841FA02064B4457D44B357)Guilded.exe (PID: 4888 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 3960 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1744,5573674308552818754,128364

52795403766593,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=9207653285252888424 --mojo-platform-channel-handle=1776 --ignored=' --type=renderer ' /prefetch:2 MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 4924 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1744,5573674308552818754,128364527

95403766593,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --background-color=#00FFFFFF --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5957444724175207007 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1 MD5: C977E562267A016639C757CF82A38F6D)Guilded.exe (PID: 2052 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 4948 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1720,3612721374803848552,564494

3552135916724,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=415695429432039378 --mojo-platform-channel-handle=1732 --ignored=' --type=renderer ' /prefetch:2 MD5: C977E562267A016639C757CF82A38F6D)

Guilded.exe (PID: 4624 cmdline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1720,3612721374803848552,564494355

2135916724,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --background-color=#00FFFFFF --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11502117636683457093 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1 MD5: C977E562267A016639C757CF82A38F6D)

cleanup

C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exeProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32+ executable (GUI) x86-64, for MS Windows

Size (bytes): 99935952

Entropy (8bit): 6.681898049050364

Encrypted: false

MD5: C977E562267A016639C757CF82A38F6D

Created / dropped Files

Copyright Joe Security LLC 2019 Page 16 of 218

SHA1: DF5BF8579BC18249391C9FD30741541117EF7032

SHA-256: 4A8472C591C5C9F3C91BB3A68CD09F6AB442FC7FB5B457F5BB939E6243B205CF

SHA-512: 967D6CC13AA28B58B580F4D58D583AEA7A493904B9F14E978DA56F8EB180BD242230CB421CA250BBE1EE4FA25717248CAE43AC41F44FA54D5D0F3D77A1140493

Malicious: false

Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........."...........)................@..........................................`..........................................|.......)...........D.......m,......F......H...........................0N..(....|...............L... ..0e.......................text.............................. ..`.rdata..............................@..@.data...X........2...~..............@....pdata...m,......n,.................@..@.00cfg..............................@..@.retplne`.... ....... ...................rodata.`....0......."..............@..@.tls....q....P.......:..............@...CPADinfo8....`.......<..............@...prot.........p.......>..............@..@.rsrc....P.......F...@..............@..@.reloc..H...........................@..B/4.......#.......$...z..............@..B................................................................................................

C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

C:\Users\user\AppData\Local\Programs\Guilded\LICENSE.electron.txtProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

Size (bytes): 8549067

Entropy (8bit): 6.470341500319728

Encrypted: false

MD5: 0ED1A2874BF19006B64452B544183418

SHA1: 4D07679FA4D5FD993BAAFB2B9A554BA1630E4955

SHA-256: 10150F22DCC3F5783FC6900B72DB66291E6C50261DA04F03461A7C1235DFC76E

SHA-512: 5991D8E531C26701E70F356202F3F1AFA821E2F663B4236D0AF266F4997324F1124EB650AA0F6D38EEF81E6B15BF8C2CC5685B8C27E06AE234D50411FC2E4572

Malicious: false

Preview:Copyright (c) 2013-2019 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION.WITH

C:\Users\user\AppData\Local\Programs\Guilded\Uninstall Guilded.exeProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Size (bytes): 171256

Entropy (8bit): 7.407918894368883

Encrypted: false

MD5: 648575739F312024C8367CC629EE3728

SHA1: 97951B2A70FA4FE394F4C3902C4A4CC6A43260C9

SHA-256: 22093BDE998918178B49DE48F6020A25619FEC1213EFFC35B10489CAEFC1679D

SHA-512: 0E3BF4004C7EBBC4B86CEA993713BB89791E694010F98368C75E9305A72A777412D48C3BBDA54188EE7CDF4A09E360C03D07761A84770509ADDB54B6FE43285B

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...|.oZ.................h...8...@...3............@.................................l.....@..........................................0..............(V...F...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Programs\Guilded\d3dcompiler_47.dll

Process: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32+ executable (DLL) (console) x86-64, for MS Windows

Size (bytes): 4493352

Entropy (8bit): 6.380975419180188

Encrypted: false

MD5: 57D829F7D174D1A8067612C09CF6566B

SHA1: 79ED06500DCEE028885B00301F7A9A9155C69B62

SHA-256: DCA0CD7272A56801DD74D0B253DF33A8829BEE61F5FA0C6D8E2ED5B62F440DFF

SHA-512: 16936CE02B7445B56D67ADF43D896D2DD9BF1F713D5A765FE97C73C72F22EF8915372DD7B04CFDCFAD72447924B6E03D8AE0E0565927A2F862433B2860BCFD64

Malicious: false

Antivirus: Antivirus: Virustotal, Detection: 0%, BrowseAntivirus: Metadefender, Detection: 0%, Browse

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p&..4G..4G..4G.......G......5G..Q!..6G..=?..;G..4G...C..Q!..0G..Q!../G..Q!..:G..Q!..5G..Q!...G..Q!a.6G..Q!c.5G..Q!..5G..Rich4G..........................PE..d....(HL.........." .....`3..t......`m&.......................................E......_E...`A........................................@.A.x.....A......pD.@....`B......LD.(D....D......>.T...................8.6.(...0.6.............`.6..............................text....^3......`3................. ..`.rdata......p3......d3.............@..@.data....#...0A......"A.............@....pdata.......`B.......A.............@..@.rsrc...@....pD.......C.............@..@.reloc.......D.......C.............@..B........................................................................................................................................................................................................................

Copyright Joe Security LLC 2019 Page 17 of 218

C:\Users\user\AppData\Local\Programs\Guilded\ffmpeg.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32+ executable (DLL) (console) x86-64, for MS Windows

Size (bytes): 2254336

Entropy (8bit): 6.5999703181464335

Encrypted: false

MD5: 6AEF31EC63ABB901343E36035058284B

SHA1: 69A714AB23A6ED9F95BC28D663C97EC1F7FAFEE9

SHA-256: DAF236ED469B62431A46E4D865FED074917444B44783F12D64214273E3EAE078

SHA-512: 2E25E556B31851FD9F8303DDE969070A17ECB8806B3B446C5230925FE83E57B6BE9D565C0D022A4DACE246322D9D5E3F6B48D2116895E19FCC56E8006EB0BDEB

Malicious: false

Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." .....<...&................................................3...........`..........................................B.......H..(............@2.<.............2......A...............................Q..............xK...............................text...V;.......<.................. ..`.rdata...;...P...<...@..............@..@.data...........0...|..............@....pdata..<....@2.....................@..@.00cfg........2......4 .............@..@.reloc........2..0...6 .............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Programs\Guilded\icudtl.datProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: data

Size (bytes): 6215968

Entropy (8bit): 5.943737988138456

Encrypted: false

MD5: 8632528B17D6225890BC3771CAE69089

SHA1: FAE92B2D8223F01EC0146AE0B38CCD23D864D404

SHA-256: 05E51AEB0900109D8B1919C0F4879260FAB65C3E7395B784CF7166DBDDF26AFE

SHA-512: 3CD092555C5F15BA2FE83C03BF588B91C8342059C687AC4EB555A0399DA202C85C8B444AB21A667714680CF1898B5FBC5679FFBD1437B5C7F2996C8CEE2A52B5

Malicious: false

Preview:p.p.p.p.p.p.p.p.p.p.p.p.p.p.p.p.p.X.0.0.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.......................................................................................................................................................................................................Z...x...................j...............y.................

C:\Users\user\AppData\Local\Programs\Guilded\installer_user_data.datProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: ASCII text, with no line terminators

Size (bytes): 50

Entropy (8bit): 4.383465189601647

Encrypted: false

MD5: 4FB3048162E7ED7098F0876997E313BE

SHA1: D46DC62692F32B10B8F3AC8C9722EB56C7D42803

SHA-256: 93CF8FE21634B2E8824237668E6D3D93B5361CA355E985144F4DB125E4E3C9F8

SHA-512: A39BDA1842866EC45A165D2D8C02EF6DF080BA1DD2E778601548A4F246B752A8B93C7AC094188D184FC8E1E6AD696CD7EDFE7EE18D31D5B0051AE1BCB9C79161

Malicious: false

Preview:Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

C:\Users\user\AppData\Local\Programs\Guilded\libGLESv2.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32+ executable (DLL) (console) x86-64, for MS Windows

Size (bytes): 6979904

Entropy (8bit): 6.339169397434184

Encrypted: false

MD5: 32241AB2C1877C5C3C696D90A56F6592

SHA1: F081BE7AB4C2F3BD7BD5A28171D8A08B8BCFE187

SHA-256: FF2A00B4C45010BD0EC4A12C2EB144347E689DEC55162AAA03595D41F6E20A97

SHA-512: 5E11ADA7774FE6F6DA44CB76BCF38E6F97B0349A3D3E93F7ECC6176DCDABAEEEBF6CB0DE878DCEBD3FA9525DC556D499F36480BB46742863E7ACDB586FCC8554

Malicious: false

Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." ......G... ......#D......................................P............`.........................................].^.......`.x....`..8...................p........^.......................^.(....].............X.`.......^.@....................text.....G.......G................. ..`.rdata.......0G.......G.............@..@.data....5l..Pa......<a.............@....pdata.............."d.............@..@.00cfg.......@........f.............@..@.tls.........P........f.............@....rsrc...8....`........f.............@..@.reloc.......p........f.............@..B........................................................................................................................................................................................................................................................................................................

Copyright Joe Security LLC 2019 Page 18 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\am.pakProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: data

Size (bytes): 9799085

Entropy (8bit): 7.025978798656945

Encrypted: false

MD5: 5931DF1EAD2D9C11CFB13C91A78D8159

SHA1: 624230B9052EF96E49E745C9BE6CBF0E79A98B45

SHA-256: 6447BF62B78B076EB6AA13084E851A9A78321CC56516A2145A9A7E8D910A3EE1

SHA-512: 927EF16EBACB674D733B9D90D0AF18E3AB13A7B7017775F1CB09EA2674E19A9BF849F727BEB7F23E8E2663AF886CB9D9558A445B4F9C6BAF5FD143D3789982FA

Malicious: false

Preview:........a...|.8)..}.G)..~.R)....Z)...._)....l)....r).....).....).....).....).....).....).....).....).....).....).....).....).....*.....*.....*.....*....$*....%*....&*....B*....X*.....*.....*.....*.....*.....*.....*.....*.....+.....+.....+.....+....%+....1+....>+....Z+....|+.....+.....+..!..+.."..+...:.+...:.+...:",...:I,...;.,...;.,...;.-...;#-...;6-...;u-...;.-...;.-...;.-...;M....;.....;./...;//...;N/...;W/...;./.. ;./..!;./..";./..#;./..%;H0..&;w0..';.0..(;.0..);.0..*;.0..+;D1..,;.2..-;.2..0;.3..1;.3..2;.3..3;.3..4; 4..5;.5..6;.6..7;B6..8;.6..9;.6..:;.7..;;.7..=;.8..>;e9..@;.:..A;&:..B;5:..C;E:..D;[:..E;.:..F;.:..G;.:..I;0;..J;.;..K;.<..L;.<..M;.=..N;E=..O;d?..P;.@..Q;\A..R;.A..T;.B..V;.B..W;9B..X;LB..Y;eB..^;.B.._;.B..`;.C..a;.C..b;.D..c;{D..d;.D..g;.E..i;dE..j;sE..k;yE..l;.E..m;.E..n;.E..o;.F..p;.F..q;$F..r;'F..s;3F..t;@F..v;PF..w;.F..x;OG..y;.G..z;.G..{;.G..|;.G..};.G..~;.H...;.H...;.H...;.H...;.H...;&H...;)H...;7H...;;H...;DH...;FH...;OH...;[H...;nH...;zH...;.H...;.H...;.H...;.H

C:\Users\user\AppData\Local\Programs\Guilded\resources.pakProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators

Size (bytes): 4286024

Entropy (8bit): 5.460394192719324

Encrypted: false

MD5: 2BE983CD25DA5F47C91C7C5B28F63C46

SHA1: 8D720DCF37A5B4E78B9BE08F31838330C9272693

SHA-256: DB74AD3535D1845803223D729BD3AACFE327B4F40BB7A1DC9EB385237D55C358

SHA-512: 2D2E4E945046D6353ACE1FAA3E093C3D46EC5BF1E64BB40BB5F191520DA44A1A18D669ECF38F71FCA98AD9F87D06610D3038712E5F1173108735ED62266E4E4D

Malicious: false

Preview:{"name":"text-size-adjust","inherited":true},{"name":"text-transform","inherited":true},{"name":"text-underline-position","inherited":true},{"name":"top"},{"name":"touch-action"},{"name":"transform"},{"name":"transform-box"},{"name":"transform-origin"},{"name":"transform-style"},{"longhands":["transition-property","transition-duration","transition-timing-function","transition-delay"],"name":"transition"},{"name":"transition-delay"},{"name":"transition-duration"},{"name":"transition-property"},{"name":"transition-timing-function"},{"name":"translate"},{"name":"unicode-bidi"},{"name":"unicode-range"},{"name":"user-select","inherited":true},{"name":"user-zoom"},{"svg":true,"name":"vector-effect"},{"name":"vertical-align"},{"name":"viewport-fit"},{"name":"visibility","inherited":true},{"name":"white-space","inherited":true},{"name":"widows","inherited":true},{"name":"width"},{"name":"will-change"},{"name":"word-break","inherited":true},{"inherited":true,"name":"word-spacing"},{"name":"writ

C:\Users\user\AppData\Local\Programs\Guilded\resources\app-update.ymlProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: data

Size (bytes): 4194451

Entropy (8bit): 5.576427899759072

Encrypted: false

MD5: 000DBFA2E676251A4423DA90E153FCC9

SHA1: FC46A243C433B7BCE4E6F7315167902D68822187

SHA-256: D859C7A1AAD0933CF23DFF2FA00294835A9F0F32DFFBFCCB5F6DF83B56895C70

SHA-512: FA2E597478EA610108BFB6C7CF4564E2E98954F053D0EA3AAB44A23DA0DDF7612BB1D693E1B3D96BCBD0C47BDF36DDA89329C40212BDAF53F114BC672AC10649

Malicious: false

Preview:provider: generic.url: 'https://www.guilded.gg/AppBuilds/win'.channel: release.updaterCacheDirName: guilded-updater.publisherName:. - GUILDED LLC.....Tp..Pp..Kp..{"files":{"electronappbackgroundworker.html":{"size":466,"offset":"0"},"installer.nsh":{"size":156,"offset":"466"},"main.js":{"size":972,"offset":"622"},"package.json":{"size":768,"offset":"1594"},"preload.js":{"size":101,"offset":"2362"},"electron":{"files":{"electronApp.js":{"size":594425,"offset":"2463"},"electronApp.js.map":{"size":2072075,"offset":"596888"},"electronAppBackgroundWorker.js":{"size":195072,"offset":"2668963"},"electronAppBackgroundWorker.js.map":{"size":777379,"offset":"2864035"},"electronAppLoader.js":{"size":104449,"offset":"3641414"},"electronAppLoader.js.map":{"size":345482,"offset":"3745863"}}},"asset":{"files":{"DmgBackground.png":{"size":30124,"offset":"4091345"},"DmgBackground@2x.png":{"size":99596,"offset":"4121469"},"Guilded.icns":{"size":123818,"offset":"4221065"},"Guilded.ico":{"size":29165,"of

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asarProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: data

Size (bytes): 21578026

Entropy (8bit): 6.0437392387697955

Encrypted: false

MD5: 822068A7338974B5FA464CA3E5F63FEE

SHA1: 98C941153E6982623D3257D7F98BCA4D7E265018

SHA-256: A3BC92378C1EB61D7ACD8E59F4FB5E4D6C27BEDA4836E22A5909B5BC112B6E4E

SHA-512: 0C16095DFC40753D03190143FEAE0B3B60E81C4DC33EBE064C5BB5391DDE9BB3BB87E538C8089E03560F9C402B0111EAA959EE624A2CFE5CFCFC230C042CF199

Malicious: false

Copyright Joe Security LLC 2019 Page 19 of 218

Preview:tryEntries[i].completion. This interface could\n // have been (and was previously) designed to take a closure to be\n // invoked without arguments, but in all the cases we care about we\n // already have an existing method we want to call, so there's no need\n // to create a new function object. We can even get away with assuming\n // the method takes exactly one argument, since that happens to be true\n // in every case, so we don't have to touch the arguments object. The\n // only additional allocation required is the completion record, which\n // has a stable shape and so hopefully should be cheap to allocate.\n function tryCatch(fn, obj, arg) {\n try {\n return { type: \"normal\", arg: fn.call(obj, arg) };\n } catch (err) {\n return { type: \"throw\", arg: err };\n }\n }\n\n var GenStateSuspendedStart = \"suspendedStart\";\n var GenStateSuspendedYield = \"suspendedYield\";\n var GenStateExecuting = \"executing\";\n var GenStateCompleted = \"complete

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\.github\ISSUE_TEMPLATE.mdProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: data

Size (bytes): 2454042

Entropy (8bit): 6.142947730298702

Encrypted: false

MD5: F2333999DA2809CFA132CACD7ED6DBFD

SHA1: 5A1ADB90F33F3FD1EEDD5846670168EF97585955

SHA-256: 9F1605A316D1649C70FA58C170940F005ECD8CFC67EEA2718E7D25AD9F5A11FD

SHA-512: E7DCDF2BB29345F814A8738F4E8436A5FC3E61C9477B75742CB6B6893221F4ED19214200D1AB457FCCC24F7A9FAC9B2E0C214D2AED07EEA1151B5362678742B7

Malicious: false

Preview: - Provide a general summary of the issue in the Title above -->..## Expected Behavior. - If you're describing a bug, tell us what should happen -->. - If you're suggesting a change/improvement, tell us how it should work -->..## Current Behavior. - If describing a bug, tell us what happens instead of the expected behavior -->. - If suggesting a change/improvement, explain the difference from current behavior -->..## Possible Solution. - Not obligatory, but suggest a fix/reason for the bug, -->. - or ideas how to implement the addition or change -->..## Steps to Reproduce (for bugs). - Provide a link to a live example, or an unambiguous set of steps to -->. - reproduce this bug. Include code to reproduce, if relevant -->.1..2..3..4...## Context. - How has this issue affected you? What are you trying to accomplish? -->. - Providing context helps us come up with a solution that is most useful in the real world -->..## Your Environment. - Include as man

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu.exeProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

Size (bytes): 263376

Entropy (8bit): 6.457215709572662

Encrypted: false

MD5: FC5F01DAE5B14D726763A9949CAB4CC0

SHA1: 1BEFE2D8B4F804558A17EED3CAFB53467E910EFD

SHA-256: 8D967B6DF2A71B6B97D9EF756AA53CF54E3FBD71DEAB7268226C840C0D945FE7

SHA-512: A7702A651605FC40D16A9A956D765DC4D35C60509F4E3843EF7F6A8AEE49841B9595D0A6B136F49969FD4FBD2802BF3D279FB5B208DCF94D4EA449F201C186A9

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M..x...x...x.......x.......x.....(.x.......x...y...x.......x.......x.......x.Rich..x.........................PE..L...',zK..........................................@....................................................................................................F..........................................PW..@...............(............................text...3........................... ..`.rdata..@...........................@..@.data....B..........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu64.exeProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32+ executable (GUI) x86-64, for MS Windows

Size (bytes): 341712

Entropy (8bit): 6.077936981424117

Encrypted: false

MD5: 68AF293BD59BEC73E1B834FA091A5B41

SHA1: 0E9E282E2699F1E4C3A4AC49895BDB1899B54FAA

SHA-256: B1C922992BB5FAC69C935E1CEC3F3D962DA76CAF4098E9FDC061863808C49EC0

SHA-512: 8033E0395A40E5ECC8682B94265E01ED0806E4567AC76497BB0ED7A344F2D0ECD388E219EB39AC7A18373C706629717DF475576CD6D5A6FCA2836EB2858E9207

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]p:.<.i.<.i.<.i.D.i.<.i.D.i.<.i.D.i.<.i..si.<.i..ei.<.i.<.i.<.i.D.i.<.i.n.i.<.i.D.i.<.iRich.<.i................PE..d...7,zK..........#..........d.................@.............................P.......r.......................................................{.......@...........B.......F..............................................................P............................text.............................. ..`.rdata..............................@..@.data...pU.......&...v..............@....pdata...B.......D..................@..@.rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe

Process: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (console) Intel 80386, for MS Windows

Size (bytes): 513064

Entropy (8bit): 6.3236647449564

Encrypted: false

MD5: E656BDAD6AF91E70B34A3DFBD19BAE59

SHA1: FE221A23566E7D4598F81BA1FF4308F72D5E2171

Copyright Joe Security LLC 2019 Page 20 of 218

SHA-256: D4CF10F6AA5D0F778EB27F41EC2F25422081CFB33DEEA8FD2106A9781FBD9F29

SHA-512: D5E5C632BB58BFF40019FA430BC2E321FC9316953F4760A56741F804ADA5098C50DF54A1FAAF0841378A63FA47421FCD79D99F6C321553357CA99DF4917C2179

Malicious: true

Antivirus: Antivirus: Joe Sandbox ML, Detection: 100%

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+...+...+...&.t.1...&.J.n...&.K....Uz.*....Ue.)....U`.#...".8.....+...A....4J./...&.p.*....4u.*...Rich+...........................PE..L...-.IV.............................Z............@.................................>.....@.................................$............y...........L...F...`...&...................................L..@............................................text............................... ..`.rdata..^...........................@..@.data...`M.......,...~..............@....rsrc....y.......z..................@..@.reloc...&...`...(...$..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libEGL.dll

Process: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32+ executable (DLL) (console) x86-64, for MS Windows

Size (bytes): 341504

Entropy (8bit): 6.173947891964887

Encrypted: false

MD5: C782F160248D92741FF3CF18014D9E44

SHA1: 3E75852FC499F57ABEF0FC7E9E76D34C2813CFAB

SHA-256: 3583DC6A7560CA8130BAFB13428DD6BA7BF575174F43A6A38AC20543A9AEDCE0

SHA-512: 31999ECBAD7F806D7B45C7D71C8C0A13151FE85405C40966C7DB8BF05A7D6B6317429B2B86646CA788F0ABC61D602F6A1494ED5E4C72F3134A2B1E8EF064E920

Malicious: false

Antivirus: Antivirus: Virustotal, Detection: 0%, Browse

Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." .....b..........D.....................................................`..........................................w.......|..P............ ...>...................v.......................G..(....................................................text....`.......b.................. ..`.rdata..4R.......T...f..............@..@.data....;.......$..................@....pdata...>... ...@..................@..@.00cfg.......`......................@..@.tls.........p....... ..............@....rsrc................"..............@..@.reloc...............(..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libGLESv2.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32+ executable (DLL) (console) x86-64, for MS Windows

Size (bytes): 3831808

Entropy (8bit): 6.236453847422202

Encrypted: false

MD5: 56CFCEE642AE5523DC85C117DEA53DDE

SHA1: EBB3F023FBD0AD86BC6F5D57D016292B3BE37854

SHA-256: 5CB979310B9AB0013DF0885D0EFDF082CF58730B1CA962AEEA4A127D9A9198E9

SHA-512: C5124EB8870A692ADB72195170FF57A2A95470F160FBC1836413FA5445F5471A610E1A1E056FF5FF5FDC8B31FBDFD6623B0234276D59B5F850BCF16F42831DFA

Malicious: false

Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." .....r4.........x.1.......................................?...........`..........................................?8.. ...`8.d.....?......0>.@"............?..:...>8.......................8.(.....7..............f8..............................text...6p4......r4................. ..`.rdata...e....4..f...v4.............@..@.data... -....9..4....8.............@....pdata..@"...0>..$....9.............@..@.00cfg.......`?......4:.............@..@.tls....%....p?......6:.............@....rsrc.........?......8:.............@..@.reloc...:....?..<...<:.............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0b929176-d411-491f-9c94-db4616bbe576.tmp.icoProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

Size (bytes): 29165

Entropy (8bit): 6.2088824617163505

Encrypted: false

MD5: A37B8A65B776D1CDEED9D3A8126CF5E9

SHA1: B09AA41BA54385C4C8B87FC31D21C21C52BBEC0B

SHA-256: 45BDC5B549E4714A9D10F07B72E91806D286B40B74DD7E0843EAFCDFB9050B4A

SHA-512: C35C173A9C36B1C07234E5639D8BDD3BBA5C711BA33636035481CA4BB4821F096463C40DB3BA9131586A18134619E67675A1C530F4BE18F803A3D1E450948ECB

Malicious: false

Preview:............ .h...F... .... .........00.... ..%..V......... ..6...:..(....... ..... ..................................................Ib...>..-=..Jd..........................................Wv..7J....9.........;.=P..\z..................................t..........................{.........................................................................................o.........................................x...........Id........e...........................................c.....J_..............................y.....)...5..............................m...............&..................................j...............................p.......................................................:.3?........................................*...Y...........................%...$...$...$...$...$...%...#......................k...c...b...a...a...a...a...a...a...a...b...6.........................................................................................................................

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.datProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 40

Entropy (8bit): 3.1109640474436797

Copyright Joe Security LLC 2019 Page 21 of 218

Encrypted: false

MD5: 3542232BC0D32474254AA0364260A7F1

SHA1: A4FDCEB1583A411217D72B369DAF766F256B0CED

SHA-256: 9FAF678F055B4CDA89FB2FBFB99672D7EE603FAF4AB4D3EE9CBDE05D75AEB7C2

SHA-512: ADA6660A285650B661736CDA02B2BE3C0AEE43F19865780061FF2861D318ED063D9DEC25B6232810D30B392E041B66C857A66D8965DDB7E531E88D39C536170E

Malicious: false

Preview:sdPC......................E....G....g..t

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\SpiderBanner.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Size (bytes): 13824

Entropy (8bit): 5.348947270242185

Encrypted: false

MD5: 1E0E72FCB3295327CBC08750653724B9

SHA1: F67D756D303E13BE85E992D7EDC216AF1118C707

SHA-256: 4EE1A8AF659A01DBF3EC7B4E91AC64EF7180364FBF7161918792A5BCFB728108

SHA-512: 78196CC475DF24CEF9442D4D0510E2D8DB2C7775A2057D815C5BB8DB6DFE67E70BF46A266CDDB32EF5359A8A6A8F219CA9A6598291C4F6B45183E4380DC49988

Malicious: false

Joe Sandbox View:

Filename: XMind-ZEN-Update-2019-for-Windows-64bit-9.2.1-201906120058.exe, Detection: malicious, Browse

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\StdUtils.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (DLL) (console) Intel 80386, for MS Windows

Size (bytes): 102400

Entropy (8bit): 6.729923587623207

Encrypted: false

MD5: C6A6E03F77C313B267498515488C5740

SHA1: 3D49FC2784B9450962ED6B82B46E9C3C957D7C15

SHA-256: B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E

SHA-512: 9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Size (bytes): 11776

Entropy (8bit): 5.890541747176257

Encrypted: false

MD5: 75ED96254FBF894E42058062B4B4F0D1

SHA1: 996503F1383B49021EB3427BC28D13B5BBD11977

SHA-256: A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7

SHA-512: 58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\WinShell.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Size (bytes): 3072

Copyright Joe Security LLC 2019 Page 22 of 218

Entropy (8bit): 3.3907428713435226

Encrypted: false

MD5: 1CC7C37B7E0C8CD8BF04B6CC283E1E56

SHA1: 0B9519763BE6625BD5ABCE175DCC59C96D100D4C

SHA-256: 9BE85B986EA66A6997DDE658ABE82B3147ED2A1A3DCB784BB5176F41D22815A6

SHA-512: 7ACF7F8E68AA6066B59CA9F2AE2E67997E6B347BC08EB788D2A119B3295C844B5B9606757168E8D2FBD61C2CDA367BF80E9E48C9A52C28D5A7A00464BFD2048F

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................[........[....[....[...Rich..........PE..L.....1T.........."!......................... ...............................0..................................................<............................ ..4....................................................................................text...B........................... ..`.reloc..L.... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\WinShell.dll

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z

Process: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: 7-zip archive data, version 0.4

Size (bytes): 49347172

Entropy (8bit): 7.999991824387198

Encrypted: true

MD5: 11B970C1068FC5270035C99797D97BB1

SHA1: 9A503B78AA90C8C3C4C3016F352B7C50C51E9EB1

SHA-256: 64EDE08A3D1F4DA7DF59CFE634FE797A92F33AE0BF0BF9C256ABDADC3FF494FD

SHA-512: A8B6159FE2A3A46FE6FDE61593E5C0139996145BC12C9D4A6E246F2A383C7E41C70B6F1DDA8801489421CC12EAB80BA9206E0CD3106A11A64487F2D8ABEDAE9D

Malicious: false

Preview:7z..'...............&........M'...#..].!....w.f....}.%..sD.)..B.^Y....E...U.. .s;.U-.)..#'.._y..>}....KD[C+e...},..((=.......n.q...^e.u..|.7e..3K1..X.L..&t.:.........t.....$O.B.wxF...z...w].f`....j.}.........W.....kd....Qz_b...)_M3.r.6.W.J.."..f.....b...:..(....8.I\x.T)d"..*oE<w9...[.Y.tF.....WN._X.1.P).9Z_..z....W#..w.i.1a..\C!..^..`.Dw,.......rw.k.].....)..\.}...rG{L.{.rm...{.\....w.yV...e.xw.m_....g...C3f..`..q.oR.W......fd..QY.m.l..?g.X.|....e..2.....b.%&K...... ..J...L..b...X.c...S..].s....T9....,.....OP.S.N../..8..-".....@.?$......tu..+.~...Es.Z.2/..O7.~. 4....3.y..H5p4;y&8........p.....H.:.,/0..D.>.a7..taB^_'KDgJ.0i/...5W..5...ezp..-.....w.>.f.Y.........:]...B.Gl.._.._.ZpHS....._m{p}.s...Q...My(.h...G.'.<....E..8.kVS...........w.X1.&..?.....h`P...T....V`.gN..s..p..z..;.A..MbH.C..V<!d.#TR...>.F.X..{.....*..K.r...^.V..y../...m^..)Y.c4s.A...L...6.h...i.....[4lX.:...]...b@.a.[.+5]......c.7.`q...V.\...s4\s]grD..B.!..........

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsis7z.dllProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Size (bytes): 434176

Entropy (8bit): 6.584811966667578

Encrypted: false

MD5: 80E44CE4895304C6A3A831310FBF8CD0

SHA1: 36BD49AE21C460BE5753A904B4501F1ABCA53508

SHA-256: B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592

SHA-512: C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\guilded-updater\installer.exe

Process: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Size (bytes): 49897360

Entropy (8bit): 7.99993746056578

Encrypted: true

MD5: 2B957878EF2B321086B0D4F520EA4383

SHA1: FBDE2CB4E20F384BFA300558FF66F7DDDEFBE0AF

SHA-256: A7E579B3823785D62B6065FF80775A851124C6C5C696C1568F0BB7C724C87DC8

SHA-512: 5B820593E949BBB0FF60AD11E46F75B1E7D498A84CDC8EFFF2C40B2680C9F35C18B20054B54E227C40B331A56699346E0FC133799129ACFB1AE0CA9782D1D908

Malicious: false

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...|.oZ.................h...8...@...3............@..................................m....@..........................................p...................F...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

Copyright Joe Security LLC 2019 Page 23 of 218

C:\Users\user\AppData\Local\guilded-updater\installer.exe:Zone.IdentifierProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: ASCII text, with CRLF line terminators

Size (bytes): 26

Entropy (8bit): 3.95006375643621

Encrypted: false

MD5: 187F488E27DB4AF347237FE461A079AD

SHA1: 6693BA299EC1881249D59262276A0D2CB21F8E64

SHA-256: 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309

SHA-512: 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E

Malicious: false

Preview:[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Guilded\.updaterIdProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 36

Entropy (8bit): 3.5441104177484006

Encrypted: false

MD5: F7339607C47EF903CC10A1CB1D8F60D1

SHA1: D2E21162DCE6076E7B9EFFB0FB33C7E45A2A6A3B

SHA-256: 607D16A3A05DF57FF886397FA92E1684489947763167E30AF92A1B2298EE5CD0

SHA-512: EEB4B452888AD34DAE7EBA7715D4943794974C16092D7661D931A7C42E2FBA0800A166EF31263CC088593844C89876B3C060D9767351801C11597529FAA52CFC

Malicious: false

Preview:8247c80b-a281-5b30-88a1-d044183dc4ca

C:\Users\user\AppData\Roaming\Guilded\118e6185-f979-4ac0-a0e2-cd63b7ac648d.tmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 111

Entropy (8bit): 4.718418993774295

Encrypted: false

MD5: 285252A2F6327D41EAB203DC2F402C67

SHA1: ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6

SHA-256: 5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026

SHA-512: 11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D

Malicious: false

Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Roaming\Guilded\53de1fe0-20c5-418d-9c46-b90cd3d2af43.tmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 210

Entropy (8bit): 4.776714495117426

Encrypted: false

MD5: 386EB10C0750C88F9006C81533A9D050

SHA1: 62370071E3AE591C24ABB7976EC029E07A0A8B6D

SHA-256: E7AB1ABA6868CFEA420ED4BC05E3E910533E79A3B94D7FD39FDC12518A320AE5

SHA-512: 06888EC7232BE3DA80D85207EFD1AB6EEE0F39E871AE33BB4E93835D4BF23BCBCB843FBE8549D0CC39855DD502B8EE06C70D6C1CCAF684F4527FC22305BE7A06

Malicious: false

Preview:{"net":{"http_server_properties":{"servers":[{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Roaming\Guilded\6b517e9b-eec6-4836-9329-79d239c254fd.tmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 76

Entropy (8bit): 4.688671020495982

Encrypted: false

MD5: 64D502FA42CB38C3F3CA98518E98EDA7

SHA1: 59C2A836271FF852338A24238B638315FD7ACFB2

Copyright Joe Security LLC 2019 Page 24 of 218

SHA-256: 8E8093F3DA380D88DC6EDCFA6CE7A5E57AC635AE019966CCAF8AD89B3FAABDDF

SHA-512: 58F6C1586AA7161D723BF9E08653551B780E6D3A712ED3C17099E4E4A5BCA25410CFEC177334F960A1D171E7DCB8B34D0B8218A2B3DB5BC89A20BCE061ADCE01

Malicious: false

Preview:{"electron":{"media":{"device_id_salt":"28407B133406379BDA82DB7B62112A12"}}}

C:\Users\user\AppData\Roaming\Guilded\6b517e9b-eec6-4836-9329-79d239c254fd.tmp

C:\Users\user\AppData\Roaming\Guilded\87e97a23-f930-40df-add1-e4c70de25a24.tmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 210

Entropy (8bit): 4.776714495117426

Encrypted: false

MD5: DC4B1F6A9B14FF03D62D2BC26F7ECEE5

SHA1: 12148CD86C5CAFE4D886C06FD4241CB4A2E62FC0

SHA-256: 9D014A60FBB73D7B1E20923DDBEE7D44FAE47295F763E67C30AC4CF229107B6B

SHA-512: 3FD34870982F5E13366434F038CEE2D3FF6C5793ACD6F903B65CB0DC23EC1724DD943921E05362BCE9F167EDB4BE4C2BCF2F45897610BF55D684685B084530BE

Malicious: false

Preview:{"net":{"http_server_properties":{"servers":[{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0

Size (bytes): 68788

Entropy (8bit): 2.5400755911363637

Encrypted: false

MD5: A63F37CDC4B5E2BA2C1448549BD2B78B

SHA1: 71CDD444847ED658233C5C61E80C9B26FABE1E08

SHA-256: 8EAE2FE9C063B47ED79BE9C2477A3055F7A36844F5A339FE5B5F4F26F642F710

SHA-512: C1FBEF4C93C1F2F0ED805F6DC3025F3D78D4A5600ED4EFAAEF6E4FE284BBEDC515CFF1241C234C1B72559C08B50D7D4F5CAEA89B1C4D3831A4836DF535C688AD

Malicious: false

Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 50710

Entropy (8bit): 1.721384080599181

Encrypted: false

MD5: 69D56321CD8224D10156EA319CF776F9

SHA1: 9AC2CFC07F10BDB965868E5518121C0140058C26

SHA-256: 581984CAA96BF582A6452C49F8ACA6E1C0C2C3E49E0B0DF60F8F96F6ADE51068

SHA-512: 6594654CFAD66D16B5FD4DA8CD572685D38CD9042A136BEDD222CF23AB2EF09AD6462E607BC4051A998B0AD4AB214F43C0864A8826254DF7B6E857D018D43FED

Malicious: false

Preview:.E.c....................FD.`2.................................................................e*https://www.guilded.gg/..........................................................................................................................................E.c....................FD.`2...............<................................................. .https://www.guilded.gg/..........................................................................................................................................E.c....................FD.`2...............<..................................................`https://www.guilded.gg/..........................................................................................................................................8.%....................A.oe2...)...........................................................N.4.https://www.guilded.gg/bcccbc92/bundle.js...............................................................................................

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: gzip compressed data, max compression, from Unix

Size (bytes): 29822

Entropy (8bit): 6.451633298080625

Encrypted: false

MD5: 77342FE92B7886C408BC224416163E44

SHA1: 309C1025F13F6F3B2EA77DCB50C2812EABDBE394

SHA-256: DB8BB5865BAE5F54DD56B55CF5C57433B8C5C91AC4EF3A262500F5DF685ADBBA

Copyright Joe Security LLC 2019 Page 25 of 218

SHA-512: 0DA2D881229861974CE1147941F15ACBC65642EDDA4FB939CEF5BE5CEAD8A6B6ED8518D7C551BDE320D631B3E18D0738B099E0920632E2A66E8B6AF679CB65B9

Malicious: false

Preview:...........Z.o......O....,[......M.a[...n...%Q2/....ew...G.N$YN.(Eo......}...'?..:....h.....D.C.4ar..Sk.T&.....I7..,.`.O-..W.^...a..4.U.9...$$..-...)Q..pj-(.3....NI....DM....chs...vNC5..dA.....G.8.~B...2.(NL'..l.BO:OK.xY.PX.D9!a..U....h./.%...P..[.l..2.!.se.........D.X.3......G.Lb_\.....g..[$!....E p.l"u<.....@.LQ..@T"5#...I.Y.. .P.!.1R.....c....L.....6.3Y...H.M...f|yU`E..D...........b.rAz;|..S..<...^4.....sR....."...4.....?.z.........G.....p0..z.r..q.%.j.t.Q...d...^......M..?8..0..3.....Pv..I.....Ze....o7c..f.DS.....^.1.5.3.-......+.S..T=...[.x....Eu...'U?L...x.KxW.U....0}P.f.g.4)*...<.9.$.$.i.%..@.G.....[.F.0..V:...%.[k].w.{.-...Z.tw_....'.Z.w.;./G..Z.tw_.>....|..:Z...?W-.....w{_...z.!f.cl.....Q..i..!.|..9..QX..Aog..n*.X....k..."...j......r=....}.2..AfP........*9......K.....k....P....1...._.<..EZ...A.kX.;..&.,)...........%x.8..5..I...cS.A]..._...].....3e.[B2....b"W,@..@..M>Ixn........y..2W.....t..b...=.]. ..Cw.C......q.~....c.L..s......

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 689232

Entropy (8bit): 7.990533974533812

Encrypted: true

MD5: F708C73C0C803E255AD29E2B25ECBF92

SHA1: B97966BF3E96934F19F5A289FE595D540F6E4285

SHA-256: D291DC6FAACC7CEF416A6B760AE926FD1AC992D8A0CBB616746E8FC662715321

SHA-512: 41E12F27905B57FD4C14C4D268BADDE4F8C75D8DA0842C459CF17BD87D26B8D52A92DA3D2E0F04C5077C04D6D65163E19A20BF7F81D714E1B5D17AB4E8C904EC

Malicious: false

Preview:.....eG....`2....f.`2...2...HTTP/1.1 200.status:200.content-type:text/html.content-length:2108.x-amz-id-2:rWJVH2G9QN7E0xjIcuBZRdBu7uc3sP/0HmqyChX/M6N+G3EutlW0U66+1VntanXARd0KFz69zWM=.x-amz-request-id:3AB001E669568705.date:Wed, 23 Oct 2019 14:15:17 GMT.cache-control:no-cache.content-encoding:gzip.last-modified:Wed, 23 Oct 2019 00:50:57 GMT.etag:"73a649edfbab06209319ffd662cd305d".server:AmazonS3.x-cache:RefreshHit from cloudfront.via:1.1 1c84c7c2fefb5121a0719e0b934b3767.cloudfront.net (CloudFront).x-amz-cf-pop:MRS50.x-amz-cf-id:jIqp89VTRVQlS8s1wtno5FIbCmF3pyiwj8-cNI_Ia9wbS6VMXyg5kg==........v...0..r0..Z.........jMC9.z....c.0...*.H........0F1.0...U....US1.0...U....Amazon1.0...U....Server CA 1B1.0...U....Amazon0...190414000000Z..200514120000Z0.1.0...U....www.guilded.gg0.."0...*.H.............0.........8..`.!..$.Y.1.i..).I....j@..d....6@..}.It..D.....F.Z.._GzT.8...U......8...o.v....4....F.N.8e..0w..l....A8...iu.8:..,.,.......g.9..y.gd...i..H-......r4xM.......y.`7..5.+..F~...M.

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000001Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: Web Open Font Format (Version 2), TrueType, length 64385, version 1.19726

Size (bytes): 98663

Entropy (8bit): 7.9486347366197805

Encrypted: false

MD5: 2DDBB7469965210603ED9ED4B4720D3F

SHA1: F34F84D4AFA9F508782A72276D93EC14D7FAE449

SHA-256: 959547060DE81FFD54EB8E3E8E054FAA7C056C49FA05F7F77FEA53311260E589

SHA-512: 843E68E63AB7058EDE1FB77DCFEDAF0A70EAC9923D535327094234412D8C583EB17578164170AF115982A464FEAB7D9BC28EAD40B892A97030D24519C17B5CD0

Malicious: false

Preview:wOF2...............X......M............)...........V..x....`..`..f.L..a.....P..?.....6.$..$..... ..>.....o[...blf..C_....nRU..f.....m.+.mz...}..}'.....oG........1.2l~...-....<7..........W..E...*...S..M..%o...........<..qF..Z:.V..P.;......B.....}{.}.h.cU.3M".......4.............,...4n....*....3r.....^.p.>...=RJ_.M. ..f...g.OV...rM+.....}k6O|t...A'..Q\s......2.o...3.Tp.q.{......8....-N.}/..}?.`2....9.A..x)..)...Q.....\....a..Q.|.k.j.4}......a.0.....<.pW......^..(z......x.({%.E..`[.:..E..3...g...wx.... .`OI;!....B..K....F7.."J...-N.tiq............$........aS.QQ.( a.........#r...b........J.....F.H...J.)3.....d...X..6.}Y..]d.n.w..,`#..$J..$UBy%.F.b.b!.......~[3.q..;<......4..s.....Z'h....*.B..(.9.-..L.*P.T.j.P.*.....9/.G.....sC.!.......FT..]g+T......R..F......". ..$P.tX.I....3+9i...FN[%M..L.....x..J...<.u.....9,..^.+i.T..F.v_.qh.J...K*.-.\n[eu......,..G...]._......... [.......4.{.......327r .6.....r1B.,...#,.....B.R.{.K...k6KR4...r.xQ.?.2....X.m

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000002Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: gzip compressed data, max compression, from Unix

Size (bytes): 22275

Entropy (8bit): 7.982810067371668

Encrypted: false

MD5: B37932557C7D7413B35745A55C0BB74E

SHA1: ECD8315741FC92D593DE474885099078AD925E17

SHA-256: AF25B74B258FAB020B3109ECA8E09AC7715FDD14624E65D971126263918B9939

SHA-512: 2EBA38BC69230A15BC820AE4A4476C8AC8D017F1106413B6BA2F0F4FC38AFB4F6AD3D53F470620CEAB02A4FDEADBDCEFB3ADC3765FC792D203D5399B1B2CC23F

Malicious: false

Preview:.............8.&..<E!..[..r.]=.?;gp.......H.r9.].rQ.KDF.......OrHyD..(.F.=r{...*.g&..F..D..\.{...3.5yq.....?.....?.....;...n./......O......?.........:.S.e............o........./,......?.=;.....w._..~h..?....~N....|...?....o...&o;......w(.=...._.............:..O...].e...>.*.....OM}...=.:........~.........o...r...U@..4....x.g.?m..._+...)?..o.../5y..N...E..............ZS..M%...W.._.?;...&..|..F......u|0.NN#.d4.Nf.._'..c.....S~........./...W.n...]^.&MyU.4.U..S..u...8....u.f.sY|...N..:.?7...../4y..F....W.._..m./.f.M..)y..81.f....].`...e)..6...]WI.U.O.y....mn..;.2.;.1.)d..Q....Gf..RLz{.....6..........,.=.LCS[...NVF.H.!h..o.......Qb+.|.....HH..O!CP..o......H...!(>...\.*.?...A@.`.|....ux..-c...).A.)d...!.y...3.U........D.p...[`..[......".P...`%=.....b.|...rt...3.m..,..g.i(*G..........D...?..BA:....?Ym.r.|1>.lA.:....?..x{..X..$2...8....z.E..%....... KQ\.C@...{CK;.8.j.qu.....6.CQ?....lm......g./..x2cvC...y.y...G9.49.yS......P.

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000003

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: Web Open Font Format (Version 2), TrueType, length 62745, version 1.19726

Copyright Joe Security LLC 2019 Page 26 of 218

Size (bytes): 62745

Entropy (8bit): 7.996711296751896

Encrypted: true

MD5: 21EED66CF6C6E86AF2EC7844344F3C97

SHA1: EAA0CA2DE7650881DC47849D279F44E6C72672DD

SHA-256: B0F8A1914237B54698D41E87801D64345740A74347918E778690040A361095F6

SHA-512: DE191B9DB107240F33ECA43EC6838E8144FE2D97B48348D4D282A21D86CAD0E1CCD3AE5FBB6835ADEC46D2AC3B84063CB16C63807D7CC10D2BC40CD936AC02D4

Malicious: false

Preview:wOF2...............T.....M............)...........H..x....`..`..f.R..a.....0..v.....6.$..$..... ..6......[.....O....~.+.......g.B\/r....?G..3......m..,.m...D..1e.........d!k6.....(.>.V.zm.>g.D...b.).T2rD.u...i...X...j..)Z.F.C.lwIDuOm.T...(.p..0.5N./.(.^;_zL]..Z.".H..J{=*&...L...-).,..._v.I...l6....[...k.?......U....a....*.2.Q..<D.#........k4.b..J)..k./........WA..:Wr.:......v.L{...S.... ..H.zKR.=.?'..l.N..k...$..).aT...-U/....S_....8.3.#...?...h...../.g.g.)mx..y.w..g..~.[.[..}...F.*..."3.fIe..XiE.M7......So*.>P...^;.jVyN..S.....Yt.n...Q..'...t..|....rM......k...."w.c.bh4#+..=.2"T.9 ....jB.B...v9..p....~~....}.;~........"..3hx..;0..Y.Mi#.....l.3]..PW..8....U.h...[1.%..n..../.U~.>.......G......c.l..&9@e.M..... . (.D......8.?3w-d.)8Iu.#t3............m.xQ..%.E.I...\........P.FM..iM.^...B<3kf...2<.....\.jR..2.. g.;..>.N.......8i7...y.... T.L\....*.Y$....ds.nv.".9..Zg.J^.'?.C..{KY&MIw..g^......p:....@..7WUC.;.....>..3j..FD.Cmj......u./J.n./V...[....&O,b

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000003

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000004

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: Web Open Font Format (Version 2), TrueType, length 64257, version 1.19726

Size (bytes): 64257

Entropy (8bit): 7.996653718009763

Encrypted: true

MD5: 4E023AA57993B004015190CC10F1B3EA

SHA1: 7A9D9D01E52C4F2D588092F713F70561CE2E7240

SHA-256: 983598A67A9B8CF4A6301A61072FB0B70F90E052F901EC35D57AEB5FC9D16B3E

SHA-512: 324A160A1F3C57C0199EFFDB2C257FE938F544D01CF0764493EB73FB0971E164529E6869B4D29C6C223669302806A8653B5B8A7BCD3D69B248D2A33A5BE35D54

Malicious: false

Preview:wOF2......................M............)...........J..x....`..`..f.J..a.....0..`.....6.$..$..... ..6.....e[g.........6..Q..T.`.~..r..u..l...nb>z..ss.B.w...l.V...........%...tvN...P..[..>.:......d..%.6ef...'...]*.gr.....%..L.sUdX,.'..uJ.M.]|.....^.....3Y..!c.cof.{Q.H.s0....V.7==..E..A.x.q.}...BD!b.rU.x.\(...H..J...L/.I.8..\.j.^|..la!d.n8..O...~.%tB...r..)...)Z..`.....$...l....... .wp...6..u...GH..7.g!T.1'.X...>...~..F.A....[...z.....w....j..Ua|..t..K}..<.V.J.i.'....~..@.WR)[y..`.3.,..5.....p....m....4B..... +.x..:._CG.D...3.:O........<UJ..dis.....m.;..'T..0`..-......tCG6...`.7...[.<.....[.E....!..t.'.F..$...(&...>.;.'.DS.f..j....3.~.......p..5.1G.rXc....+10.......Ht...6.,..(.-Q...a...=..bLW..o_D.V.~U_.s_zHg..LwS.).9./....3.E'6..o_...%.j.mz.>$.F...P..e..8,F#t.......NT..j..b.....k.....:...B..*dX.......?E].Uo....._W_...a...g.XC........}..J....H.Z..E....-..M..n.....`Z..f]b.N....s.R..@}...nS.n..mg9..a,J/..............}c4.?.~.%Qix(x..h.G..V.Lej.>........<

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000005

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: Web Open Font Format (Version 2), TrueType, length 67262, version 1.19726

Size (bytes): 67262

Entropy (8bit): 7.9966852329365

Encrypted: true

MD5: 078BA28F2E25BB5D3D50D54F65E77CBB

SHA1: 9C22D31BCF2C6DA6923B59DDE20F13A1F8C1AF3D

SHA-256: 97B084E5BE7ABAB8934365AA83CA749699028C971D39609D49E72608E4BE4217

SHA-512: B4803C424ED132F32024342F25C52CB792BAA88A939186C8563D5125E87417112AFD154DE62F59473B1E18AD54648BC1623D6575927A9BBB300EEA3234330B77

Malicious: false

Preview:wOF2...................R..M............)...........f..x....`..`..f.L..a........C.....6.$..$..... ..X.....}["....;....v.Q.VD.mk8..........}[..3...`....T..............-.!.$._....Z.S...... 53.U)...P..'...X.T:.Ju.O..q.....4.-..oNF.l.C.T........#..?.X...f:8.plLmo.^..3..NnT.-.......B....W..6..L.*.g.........Q..#H.<.t..l.#N.....~g=......q..Uz.@|.d..2.....n...{.5._..8..i4.....,ye..>E@...B..K.= .k..!.7.._{.(.iz_.../.w......B...A=....a.p..b...0...g....=-.5T...:-....l.....w.....Th...u.wi.6..x.VI....I~E0...w.Y.Q...........|.2.....\.wU.Y..o..c...23;<..(e.F..$c...." .gMn6IM4Xz[h...JH..i...Z.t....O.m .a.....1:5-..p....?Os....w..Pz...>.......L.z..h.{`...C..E...3*.Z_..C$....t.i..'.p..A.......I..f..U...$H.N....t./..07..D.X....:X...rD...Q.7./..}...x..r_%C4.......Q%.. 8.-..F!&`Q....`.F.:.....6H....j..e.....R.,.F%.GH?.s...Iv.=.V...F............t*.x.2....I..z..*...M!6..l....Rw.O;D....X.9..R.*..Z....].P.z.M..A.9.x.~?...D..0&(.......1.....?...y....F.a%..........j.w...

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000006

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: Web Open Font Format (Version 2), TrueType, length 67454, version 1.19726

Size (bytes): 67454

Entropy (8bit): 7.996932814043148

Encrypted: true

MD5: E225C352A6CF7329E3C0D2FD22D94A62

SHA1: 7F37239FB94E72DDC6A14D3EBB6FFB577C636E81

SHA-256: 9B754B5F86DC051E9D25D9ECABDE6922AC0E8970A3752956CA9BBAC12C8AD29C

SHA-512: 5CA3B5BFA7D8AB8C42D8F52A0432295CE7F2A15A2796039A754B13B5D818DD850635AED240A75C59D8084609BDE9BA7E0783BC4B7A8213F5B8C4AC6FC278675C

Malicious: false

Preview:wOF2.......~..............M....|.......)...........@..x....`..`..f.J..a.....<..A.....6.$..$..... ..P.....s[.....~..."dU|[U..l47.m...,...S.....-.._oV....}........._.,.6w...=y0....h...V..=.d.s*M[J.....W.ba.....m.K..m..v.w+0xq.DE>s.../6...,'9_ ;47..w.1F=.+dAg7.F8..Y.x3.....z..C....o../.g...b.]..~....L.J...4].P.CN.FWQ.Xu/....dyW)<....f#.~.9.M...^...P.v...7..d....X/+...Z.O}Z.6.U.h Y.c...A.XE..N..........Af....u>..$7..P[.{..1U.YY.;.,..=.\/.neM.*S.......oVE_..%J+...Y.*.G....O..|...d5....i}.+.2.Q1*C4.4.....2..0.....E>.m]v*F..Lv2.K)."&#j.{y.o..#..s...R.......X.S."D......10..7@.B..0-;.#....|....."...N./?1..x.....v7k..n.I....H...A..B....\..*P.S...'".....],.X...8N.$..$AI.uY&.J.4.....H.^../..y.....v.:.L......g.Y(........0...X>2*q......RE'.zY...........HD.......A0..#..7.lT.Tp...U.VQm.i.r.~..f.A..........Z[3.....F.$f.[$^.4.._.<..+.O{......6.Ca...q.D.....A..{.%.......R.Z._J.+._.5...>......`...H..!.....{.,.J3...x...^..3../4|_5...v..)S5...C.1oF._.w...Zr>..

Copyright Joe Security LLC 2019 Page 27 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000007

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: Web Open Font Format (Version 2), TrueType, length 66218, version 1.19726

Size (bytes): 66218

Entropy (8bit): 7.997073283535847

Encrypted: true

MD5: F80B57A8E306AE93002D7BDCEA2D8D55

SHA1: 4621D95AB4A4C4C4CCE468C3AD1B1239B6264645

SHA-256: 5CA7F8EBE1191C643040B281DC212E24032919A31F20AAF2F01DC8D87DB17999

SHA-512: 4248455C3F55B12A90613C557906AF19D3B7938045A5F0193AD7FD8206C970F2BC03C41A7C7FDD2C281C9567ED2F55678EBDF6CC81EEA16A5DC57146F01169A4

Malicious: false

Preview:wOF2...............\...=..M............)...........r..x....`..`..f.R..a.....t..2.....6.$..$..... ..P......[9.......o/..C.4#)..X.iV?.m.L+.....w..pg....@.*..C<.........[..5..$.....b.*...=.b1J.L.I...0K1.....HK.2..TTv....Z... I^ Nrl6.j..[z!..p.U=....k.L..t.....{....,...B).'VI%UR...Y...V3..............j<...>/.Q>k.V..Z_./.$.8e."Ik......F.."...b.$KT7...gw.7.).....pVw....6..yPs`.F.1?..6ru6w.M..+..yx.N.#.....(-...~...NL.0....Tp.c..{.gV.^..yh.O.....'...F....H..?..o.6Q.B..4.NT'...~.L-.?...)..fT.L...O...WjF...8.$... ..m.Ko..B.KY.TU5.u.9......;<.OjS..8....i.....F.>K.....#=.._By.(pl..L.#W.|...2.U...{..{...H5<...[1b#..1`...5zL2mRDP.,....."...b4a.`.*.....`.n..fX...Xd..E4.cTH.h....6.....D..}..H~o<.q..........,....=..-E,...............M.....`d-.;.N........{=a..`G....}.%...hsL2..K...F3...5.....7..ZR+.V.if4Y;.....Y...Y...........O.M..Xn.bl..7h4.,..2..'=--...^7...?-cN.Ca1...E. 5>.v[=..3..I.....+........*.8.....3..........Z..}g.J.Vddz)/.......@3......3.y.6...^F...`Z..

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000008

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: gzip compressed data, max compression, from Unix

Size (bytes): 152767

Entropy (8bit): 7.998182064995742

Encrypted: true

MD5: 83560AF7E6C2E3580A53752243014063

SHA1: 1FD7F3CA7E307C51A35563A22799D4E3B235AFF3

SHA-256: 942384CE2BB90D047E93AD249AC438329E93D9648113BA26746718C140D1AB51

SHA-512: AB7903D14D22BC9FA0D8AAE14399FB3156F5B04F48A76E19083FA753806AC03379E979ECF884568697FD415ACDE59227657DB3833854F1AC8F5F2F68CEA42100

Malicious: false

Preview:...........v.8.(.+.z.[<.i..4.Lb'i..5q.....,J.,&..&)?"k........@.|.V...L..E.(..B.P(..w.]5..pa.>..x.b........X,.i..|..:-.i.g.V...,.Q.xn.......x%.}g.V..._....[k.Y......Y,.....s`..<w,.................<.....,vA.....s.bCz...%.;.....|9./.......Kz...)B......N.E.bo.?...0..&.&V.~...a[..?.;n...JX.V>...[Y.Z8u.....w-l|........V@l\.....o....ZV.^,f7..._,.....ZK....q...q...ozU.s<uf.c...uXe..l...R...%.;.f./.....z.. ..c.g.....,.a..73....o..1..A....x..V..e...o.c|.8.L}.....1....|....+M.....d...$VU.......hs..../j....x.......^..T...~.f.[U.u...C.j.^.F.-..k/..7_x.|...:~c.&.e |~.x.b.xy..q,....`.;...).b1....-.......~._.A.9|..=.`..=..f......zr..}..=.K.#.z.`_...#Z..X.{-..k-|s"....u.....+z.`......^.Z....}...x...:....[<.F..q?...V.....U..S0....0...a...7.X.o...mcf.....~..Oc..........o...e>.....S.w>#7.U{S...s.|.@.Q...|\.M..5o.%...p./..Gn.........W..*.\....x5....f.*Y.{Q...q.. ..]. T.N.....p.m+..sN..1........i...#..!.n}..[eS.Oz!...3.....o....Wv8].2.p.M...L.h....%..

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000009

Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: gzip compressed data, max compression, from Unix

Size (bytes): 1277952

Entropy (8bit): 7.9993721248247

Encrypted: true

MD5: E7C1735A282F6FFB38435BCAA4AA355A

SHA1: A21A86ED3B724C8062E8D5B006F3D8571A52F76A

SHA-256: 864679605C27ECCBE911935313FE005DC9798F107C52D5E1312D5F65BFC12801

SHA-512: 701FEBD1FDDC1959B64903615CDF636761880FB4560834A268568A647A8741A7ABB7B169A214E5849D3C44CA2AA5336D80E5EB489E8C6B7311E953DF19B9D790

Malicious: false

Preview:...........}.v.F..P.9.p...$.a...c[.,'Nd=].lI.)@.......z.....y..E4..VW.^.'.b...Yt.~.x......q.g)?...9....u:.....~...8.g...4;....<......Y...iD..p.......v..`S>..J^..68...O...`...L..<.."....Aq...OD-L77.0..\u....Y~..(.V4..z.W......j.gV...8..Q...*z.{.>_.....m.bQz.'<.'..X.L.W.....G4.J}.W..]...tch.V..zc_..1.....a\.4-".`......a.l^3......5:.k...8tx-.I...p.....,......Y....o....._.g...s..g,....um.N+.q&k.A=....D.z0=...4X..........n..rP.F.....*?^p.(.)..e....4-... ...$....*..3V.g...y.1/N.d......g..3......*.GIp.YY...[..N..Uv...I.;......vg..I..m....h...f...7......,;.=....J...$xr.qxc}o....$X...U..'...r'..k.U..{S.|..gl.......X..?...x'.}.d..P..lr.+.kk.+.....%........~.=..n...b....]..l.*(.)........$.P..]..8.'...c.@..T.S.....&.5....=.'.......39...R.S.@P.l.W.6...g.f..Y1..kX.G.p...*..W..n.q`...w};....)..B...l.....?..w;....e9.u.^.m....&..M.....&.x>./2@U.........x.*#........Fw...+.../N....]wP~e.{|.]LK..;.|..Y.V.- ..\.p.NJ..w.Sc..nO.O.B|-_..;. X.

C:\Users\user\AppData\Roaming\Guilded\Cache\indexProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0

Size (bytes): 736

Entropy (8bit): 0.35013221458892185

Encrypted: false

MD5: E88A78EA5A08E4BD519B8D7BA67404E6

SHA1: 48FDA1E4512EAB490E3874AB9F4E40765D545F72

SHA-256: 7076B8E9AC1162ABC4F48DAAFE0B4237E64D54AE4B56B2BFF50520F41FE9A6D5

SHA-512: F3C4026B5AF7C259A7D7878911861370135451D3CAFFAE763FEB0C2777B93310B3D786538DA6F5B126E8454390DCCAEDC66CCA1F6C43959616A3F579403A37AB

Malicious: false

Preview:..........................................`2..............................................................................................................................................................................................................................................................................................................................................................................g2...................................................................................................................................................................................................................................................................................................................................

Copyright Joe Security LLC 2019 Page 28 of 218

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 194

Entropy (8bit): 5.549969991214491

Encrypted: false

MD5: AE5A7819B20815BF1922224A5DE1C935

SHA1: 8DE4F9C2B913EA5879092432FDE165091E8EC9A7

SHA-256: 75448B72FCD0FA0FCC7B96F49BD0DC402C334AA7D60DD9AED530956D83663B71

SHA-512: 0A6FF884B72942C32751C1F24BBB1C6943939931C490839B776F59E67621F4A2E588453EF6AA8CAC4114A6D64A199883FF6DC76D0B78DB6BAFB0AE9AA12DC7AC

Malicious: false

Preview:0\r..m......B......C...._keyhttps://www.guilded.gg/bcccbc92/bundle.js .https://guilded.gg/..xe2.........X.ta..7l.A.#..g)K....C+g..,.m2N..o.b.....A..Eo...................A..Eo......t...........

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\indexProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ISO-8859 text, with no line terminators, with escape sequences

Size (bytes): 24

Entropy (8bit): 2.1431558784658327

Encrypted: false

MD5: 54CB446F628B2EA4A5BCE5769910512E

SHA1: C27CA848427FE87F5CF4D0E0E3CD57151B0D820D

SHA-256: FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D

SHA-512: 8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0

Malicious: false

Preview:0\r..m..................

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir\temp-indexProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 120

Entropy (8bit): 3.7003701978914076

Encrypted: false

MD5: BFE4A9B71ABDC5E53219517974B75FC9

SHA1: 6FA4D669DF538255260881E335F51C2311DD119B

SHA-256: A92EAFDABD5B932E7F3F132F166F33E42F6C1977A54243ED339BFF46BA3ACDBC

SHA-512: 3DBAD336677B25D80F94CF70C46D895CE54978566A85286345810328A0E975E6F69720AC50ACCF2305B69BB940CFC361ED45461930DF8F511B81A517A9D6E352

Malicious: false

Preview:(.....4.oy retne.........................*._2...@....{..oy retne...........................K.=....g2...........iR.g2...

C:\Users\user\AppData\Roaming\Guilded\CookiesProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: SQLite 3.x database, last written using SQLite version 3028000

Size (bytes): 184320

Entropy (8bit): 1.0250203146757604

Encrypted: false

MD5: E74A568B18C26FC7682E6FA0613773F1

SHA1: 0DFAF55DD6E90C47B17F4E411168505AB5D0CB2A

SHA-256: 32ACF2EE2C00D611A4500E0CE5B6ED7F13BBDE6253C4FA994DE520A3DF63A0F6

SHA-512: 5CD3DBD544A4F2ED28ED9511615D3D8CC376478F58CC2FB390D6D28CD153C03D413E93440C285481EDA6AFE16937982750D8D4868A7C1420754D90D15DF54E2B

Malicious: false

Preview:SQLite format 3......@ ..........................................................................4 ......g..g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\Cookies-journalProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 172020

Entropy (8bit): 1.0415208790959014

Encrypted: false

MD5: E69D58E81710FF3A42D3CA26C99CB2A1

SHA1: AEEF859F005159C10E0F3505A2DF6F63BF9F6BDC

Copyright Joe Security LLC 2019 Page 29 of 218

SHA-256: 7B9A772E4BAC8BBE3B39A1010EFC0C55CB79D21C62E97A45064007112E7601E0

SHA-512: 0248DFDD55C3FD909FC6878B269813861E6B530C70B674D6EAE28F976557F294C0B42ADB031303526A532CA048231BFD2D6E85D8BDF8EDEA5F386AF178719E33

Malicious: false

Preview:.............#..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c...................F\............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0

Size (bytes): 57344

Entropy (8bit): 0.01194042008920423

Encrypted: false

MD5: BE14C92FF6A625D1856933A9FC4FA60E

SHA1: B17F8E469EA84837B0D26C6DE9A58776FE8F6D59

SHA-256: 41BBD0EE49B3F7463D703DB7762120A9395A6E63A51CCC07580101D36E0A9D79

SHA-512: EE301DD8D7DD0C3839779A07DF4434391740E6F2A78FB19B9F5A49D6ABEE4A27E4982C25F06EAA2CE0C6E80A8A180C59DFF3A90F01C01CE67F569B2830EED99C

Malicious: false

Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 888

Entropy (8bit): 0.5340399864369082

Encrypted: false

MD5: 7F0E1DE6D2A6F6BDA6BC11AF89F30AE4

SHA1: E60CCAF32C529C433BF0EE0C9EC1B9FACCCDB66B

SHA-256: F0AD43D8D1BE1CBCFC7C97D19A2BD17B2D70C7A60BA41B2E01671FA3F3D28AEB

SHA-512: C7D03337F002083B98F0795C3E671B1A28D68E5BCB8519587B185C329ED26A055B762CE45B659EECC315ED9677C916E0237957F04D8F262A87D016F6DA580CB3

Malicious: false

Preview:.'..(....................................................................................................................................................................................................................................................................................................'..(...................................................................................................................................................................................................................................................................(3.b2............................'..(...................................................................................................................;...............................................................................................................M..............................."..b2...........................

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 8192

Entropy (8bit): 0.012340643231932763

Encrypted: false

MD5: 41876349CB12D6DB992F1309F22DF3F0

SHA1: 5CF26B3420FC0302CD0A71E8D029739B8765BE27

SHA-256: E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C

SHA-512: E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E

Malicious: false

Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\GPUCache\indexProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0

Size (bytes): 736

Entropy (8bit): 0.3620274421733831

Encrypted: false

MD5: 0B692D278724537DA31A5DD10FC6A448

SHA1: 55401C1B23ED1B7D69F4BDF6E55918E01E458D91

Copyright Joe Security LLC 2019 Page 30 of 218

SHA-256: A7E20E103E1E0C62CCA32B91277AD58DD76F2E7133BE545C10342EFB35EEB04D

SHA-512: B91CAE92092A208531E0B25290861FF81D45AC7132A4055EE838219FE99C27C85EB32231188AA70F0A4F05DFC12484CCF282327F2B8146B2D4F9EE9190A7C957

Malicious: false

Preview:........................................."._2............................................................................................................................................................................................................................................................................................................................................................................ .g2...................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000001.dbtmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 16

Entropy (8bit): 3.2743974703476995

Encrypted: false

MD5: 46295CAC801E5D4857D09837238A6394

SHA1: 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B

SHA-256: 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

SHA-512: 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23

Malicious: false

Preview:MANIFEST-000001.

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000003.logProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 448

Entropy (8bit): 5.312514159339106

Encrypted: false

MD5: 3C9524356F3948E6605B27E2A36DCC26

SHA1: D43DC42D9B364238959865872F0224FCB035D2D5

SHA-256: 86AFEFE52EF535051AF95835B30E4E904249F6FCB27932EFDA22AB58713FD0C7

SHA-512: E79B6AE7370D841CFA98F75C9D3CAF9B2FD119C2981B982773F752B7A0DB544C52B781F09F65486466ADD6124ABACB4FD13D4A36DE1AF03DD270C6E6DA20F7A6

Malicious: false

Preview:.....................VERSION.1..META:https://www.guilded.gg.........=.7_https://www.guilded.gg..didPatchElectronPublisherName2..true.._https://www.guilded.gg..gate-store-mock-gates..{}/..N.................META:https://www.guilded.gg.7_https://www.guilded.gg..didPatchElectronPublisherName2.._https://www.guilded.gg..gate-store-mock-gates.>.<f................META:https://www.guilded.gg............,_https://www.guilded.gg..user-app-load-count..1

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOGProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 248

Entropy (8bit): 4.860686980389325

Encrypted: false

MD5: F2C70FB36D03F0FFE46D92A4F23D0B99

SHA1: E2E651530C44B688B0F335714B7379947C4AD27D

SHA-256: D90352C381B1CA945ECB251683B351F6D589C9D455FA721D64EF10CB8014AD0C

SHA-512: 4B3CD418D1B5172D3F5EB4750890EBC214773DA9E2EDF1D1A29830D94527368DF5AAAB41EDBE70E29F935DBEA69DE890F3CD659291FC0FB0BFF992EBA02286A4

Malicious: false

Preview:2019/10/23-16:17:07.689 3a8 Reusing MANIFEST leveldb/MANIFEST-000001.2019/10/23-16:17:37.292 cc0 Reusing MANIFEST leveldb/MANIFEST-000001.2019/10/23-16:17:37.311 cc0 Recovering log #3.2019/10/23-16:17:37.317 cc0 Reusing old log leveldb/000003.log .

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: PGP\011Secret Key -

Size (bytes): 41

Entropy (8bit): 4.704993772857998

Encrypted: false

MD5: 5AF87DFD673BA2115E2FCF5CFDB727AB

SHA1: D5B5BBF396DC291274584EF71F444F420B6056F1

SHA-256: F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

SHA-512: DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B

Malicious: false

Copyright Joe Security LLC 2019 Page 31 of 218

Preview:.|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000001.dbtmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 16

Entropy (8bit): 3.2743974703476995

Encrypted: false

MD5: 46295CAC801E5D4857D09837238A6394

SHA1: 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B

SHA-256: 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

SHA-512: 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23

Malicious: false

Preview:MANIFEST-000001.

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000003.logProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 30

Entropy (8bit): 3.2514443196269496

Encrypted: false

MD5: 7E957D693BBAB6AD7DEC1D3AA28BD69B

SHA1: 50369F74C280D83046D6B779ECBDE129B8AC3B98

SHA-256: 8BD2EA70A0B70C91DE138A5B87C7936C6A6FA7C4275C54B97F4EF0CCC5B79BB4

SHA-512: 0228357B6C4B73F3EF20A333B7AFE71FB589EFE438BC28A3E04DF3FB64F367B7B463DC9C9792921C531124B7BDE600524827B40F2CC5AEDDBC1DF8B3ED822CBF

Malicious: false

Preview:...5.................VERSION.1

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\LOGProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 86

Entropy (8bit): 5.080050365041431

Encrypted: false

MD5: ED0BA9B7021ECA11B20D6B3CFE7099BB

SHA1: 3A53D5E37FB6FE2ABC702A36F1D2943B3123F856

SHA-256: 733F680314A44EB15438C948471FA79BD19C50231A09BCAD74022394B1D5EBC7

SHA-512: C8845F5FDA04815623C58D3725EB2AD114D52DF8A5D984949FFD6142F250B773B0E9692CBB08BFAFC96235B9FF63FA0C4D733D592DD7FBE73273CC1C0E92D783

Malicious: false

Preview:2019/10/23-16:17:37.136 cc0 Reusing MANIFEST leveldb__tmp_for_rebuild/MANIFEST-000001.

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\MANIFEST-000001Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: PGP\011Secret Key -

Size (bytes): 41

Entropy (8bit): 4.704993772857998

Encrypted: false

MD5: 5AF87DFD673BA2115E2FCF5CFDB727AB

SHA1: D5B5BBF396DC291274584EF71F444F420B6056F1

SHA-256: F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

SHA-512: DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B

Malicious: false

Preview:.|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Roaming\Guilded\QuotaManagerProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: SQLite 3.x database, last written using SQLite version 3028000

Size (bytes): 53248

Entropy (8bit): 0.36224185178769613

Encrypted: false

Copyright Joe Security LLC 2019 Page 32 of 218

MD5: CC4D47653EA16DD5C6BAB9928C82739F

SHA1: 67F2C04132BB41E67C997C9E2CBCB209FAC59BE6

SHA-256: F9733C9FF7101C2398252D8BB927B75AF87E3ADDB10E58FA3324E3C37C737688

SHA-512: 5FBFC2DEDBE830F918C7C5FA20D1D47372E72E2968C120545616A4BCC6B1A89583A3C652609F8BFC37DC9D68C436AC1A8ED52C046AA89A78B6DE060A5DD8F041

Malicious: false

Preview:SQLite format 3......@ ..........................................................................4 .........g.....*.W.L.[......."......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\QuotaManager

C:\Users\user\AppData\Roaming\Guilded\QuotaManager-journalProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 524

Entropy (8bit): 0.2755599236786382

Encrypted: false

MD5: 60B20CCF5D20F31048BEAE7B9C7F4639

SHA1: CA68BCFB1DB027086606DD3ABFF6E34AC18D1620

SHA-256: AD5E4B2379EB3166F2ED6160507B34FAF66C645AD048677BA30E51232EEFEF51

SHA-512: 10D89CBA1334E96D0A90EBF0C11751C0907AC9BAE33B1DCF85D1228AF90F0BD60F1502F1D153234F0759797A402C5801E4DF49AE7BFBD9773BFCFBA554C647DD

Malicious: false

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.....

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000001.dbtmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 16

Entropy (8bit): 3.2743974703476995

Encrypted: false

MD5: 46295CAC801E5D4857D09837238A6394

SHA1: 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B

SHA-256: 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

SHA-512: 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23

Malicious: false

Preview:MANIFEST-000001.

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.logProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 150

Entropy (8bit): 5.0888977140655784

Encrypted: false

MD5: 3F512E0F2A51A73B23773366082CD4E4

SHA1: 154C0A68984FAB1C3DC9F74BF7C836774B55154B

SHA-256: 0B84585D96C85730238182DF0F6B99D5CABA694C4237E95D0088BFBA763C358A

SHA-512: 91AE716DD1EDCDCD21F58FC15B29240C7B3E934DB6224D83C7AE5B9CF1AE8204123B1172E0BBD88D085ACE11D85E5F8FEF2F2C916BE2FF6C139955BA4241283A

Malicious: false

Preview:*...#................version.1..namespace-.\..e................next-map-id.1.Fnamespace-f5049cb4_89f2_4eca_991c_3614df22898b-https://www.guilded.gg/.0

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOGProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 272

Entropy (8bit): 4.8831910641082965

Encrypted: false

MD5: 8D7DFB6F7EED369C2D82A3657F332832

SHA1: EEA7F2AE845E868E593BC30B528BAA30D22202E5

SHA-256: 0851F2B3109F9D4F1EECB7E670FEC7994D0B6B77194A1E4A368F831A11F79384

SHA-512: 19492FC4ACDBEEEF7D6BFDAAE2D9473EB4B88546E8106E876B9553513A5663681BF19D92049296C5C78DEA2A0C5B54A751613DED5297685A478FD807DEC439D8

Copyright Joe Security LLC 2019 Page 33 of 218

Malicious: false

Preview:2019/10/23-16:17:07.032 3a8 Reusing MANIFEST Session Storage/MANIFEST-000001.2019/10/23-16:17:36.991 cc0 Reusing MANIFEST Session Storage/MANIFEST-000001.2019/10/23-16:17:37.030 cc0 Recovering log #3.2019/10/23-16:17:37.044 cc0 Reusing old log Session Storage/000003.log .

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG

C:\Users\user\AppData\Roaming\Guilded\Session Storage\MANIFEST-000001Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: PGP\011Secret Key -

Size (bytes): 41

Entropy (8bit): 4.704993772857998

Encrypted: false

MD5: 5AF87DFD673BA2115E2FCF5CFDB727AB

SHA1: D5B5BBF396DC291274584EF71F444F420B6056F1

SHA-256: F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

SHA-512: DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B

Malicious: false

Preview:.|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000001.dbtmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 16

Entropy (8bit): 3.2743974703476995

Encrypted: false

MD5: 46295CAC801E5D4857D09837238A6394

SHA1: 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B

SHA-256: 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

SHA-512: 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23

Malicious: false

Preview:MANIFEST-000001.

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000003.logProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 157

Entropy (8bit): 4.968257610196965

Encrypted: false

MD5: 666F0591BB2A03CD80CEA4C34CBC5F86

SHA1: C9FFEE68889E793953A074106149AFB990BA3F27

SHA-256: 8D9B97CA3F33050369765E4F41BD2A0710EFB5162115BEDB5F5807B1A6816C4B

SHA-512: FB28159EC85160EBB30615288BC434C2226BD42208F3A4A8FC523EADA6963135F8111CB5390B10CAD55BEBC0B4562B5700446B5810DB17DD46B9AC113D994BAA

Malicious: false

Preview:....V...............Fnamespace-f5049cb4_89f2_4eca_991c_3614df22898b-https://www.guilded.gg/.0.s'..................next-map-id.1F...................version.1

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\LOGProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 94

Entropy (8bit): 5.134130942393895

Encrypted: false

MD5: 28727DF5E17A7547F3CF003AB807F271

SHA1: A21444FE4562E56EFB520B91A9CF11A9E43C6907

SHA-256: 4C5187D360A039D7E7EAE057EBCEDCF1361C4843F059D8D6065E56B7EAF87BA8

SHA-512: F2679BD10A9B40372BCE421E4C9C01DFCD65121B5A8F165C0D0D9D0EDEED0D49B1521A4AA00D4FA5A6A282E4858A485034A052BCAC2FB1A4A6A7753AE2311EC6

Malicious: false

Preview:2019/10/23-16:17:36.450 cc0 Reusing MANIFEST Session Storage__tmp_for_rebuild/MANIFEST-000001.

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\MANIFEST-000001Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: PGP\011Secret Key -

Copyright Joe Security LLC 2019 Page 34 of 218

Size (bytes): 41

Entropy (8bit): 4.704993772857998

Encrypted: false

MD5: 5AF87DFD673BA2115E2FCF5CFDB727AB

SHA1: D5B5BBF396DC291274584EF71F444F420B6056F1

SHA-256: F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

SHA-512: DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B

Malicious: false

Preview:.|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\MANIFEST-000001

C:\Users\user\AppData\Roaming\Guilded\abbd23ed-3189-45f4-a3aa-f4a1fc07f303.tmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 210

Entropy (8bit): 4.776714495117426

Encrypted: false

MD5: 386EB10C0750C88F9006C81533A9D050

SHA1: 62370071E3AE591C24ABB7976EC029E07A0A8B6D

SHA-256: E7AB1ABA6868CFEA420ED4BC05E3E910533E79A3B94D7FD39FDC12518A320AE5

SHA-512: 06888EC7232BE3DA80D85207EFD1AB6EEE0F39E871AE33BB4E93835D4BF23BCBCB843FBE8549D0CC39855DD502B8EE06C70D6C1CCAF684F4527FC22305BE7A06

Malicious: false

Preview:{"net":{"http_server_properties":{"servers":[{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Roaming\Guilded\c3cd7f25-7d6a-400a-9323-0d49a9c2d98b.tmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 59

Entropy (8bit): 4.619434150836742

Encrypted: false

MD5: 2800881C775077E1C4B6E06BF4676DE4

SHA1: 2873631068C8B3B9495638C865915BE822442C8B

SHA-256: 226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974

SHA-512: E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B

Malicious: false

Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Roaming\Guilded\config.json.1113071708Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 2

Entropy (8bit): 1.0

Encrypted: false

MD5: 99914B932BD37A50B983C5E7C90AE93B

SHA1: BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F

SHA-256: 44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A

SHA-512: 27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD

Malicious: false

Preview:{}

C:\Users\user\AppData\Roaming\Guilded\config.json.354666392Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Size (bytes): 2

Entropy (8bit): 1.0

Encrypted: false

MD5: 99914B932BD37A50B983C5E7C90AE93B

SHA1: BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F

SHA-256: 44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A

SHA-512: 27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD

Copyright Joe Security LLC 2019 Page 35 of 218

Malicious: false

Preview:{}

C:\Users\user\AppData\Roaming\Guilded\config.json.354666392

C:\Users\user\AppData\Roaming\Guilded\config.json.4121433941Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 78

Entropy (8bit): 4.299047129509074

Encrypted: false

MD5: 17FB396583604D5EF9043AC6177C565D

SHA1: 6BDADFF4304873E16D5821777CA77D0A3034855E

SHA-256: 30E4C5BC3B1D64A015A79F9B5B927079BBF55A78790A238BCA9E64170CC81A3E

SHA-512: FA2624809CC77CA5FDC085761ADA14369E7069C6CAEF01C186BB18730EF29EF482AE1F879C628C5EC85231D5A4577C92F06094C0899D9A77B9739877A44C04E6

Malicious: false

Preview:{.."windowConfiguration": {..."windowState": {...."x": 0,...."y": 108...}..}.}

C:\Users\user\AppData\Roaming\Guilded\config.json.490875430Process: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text

Size (bytes): 78

Entropy (8bit): 4.299047129509074

Encrypted: false

MD5: 17FB396583604D5EF9043AC6177C565D

SHA1: 6BDADFF4304873E16D5821777CA77D0A3034855E

SHA-256: 30E4C5BC3B1D64A015A79F9B5B927079BBF55A78790A238BCA9E64170CC81A3E

SHA-512: FA2624809CC77CA5FDC085761ADA14369E7069C6CAEF01C186BB18730EF29EF482AE1F879C628C5EC85231D5A4577C92F06094C0899D9A77B9739877A44C04E6

Malicious: false

Preview:{.."windowConfiguration": {..."windowState": {...."x": 0,...."y": 108...}..}.}

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.dbProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: SQLite 3.x database, last written using SQLite version 3028000

Size (bytes): 28672

Entropy (8bit): 0.34075308637763524

Encrypted: false

MD5: AD23D01584C2CDC6CDF10DBDAD432F94

SHA1: 47442B9D1B7901733E6B5565E4A90C2553D466E1

SHA-256: AD2963C95090CF2160A94B7135340DB4693ABDCD06D46EA44F8998DF6B8B4B40

SHA-512: 879C8C04AF3E973015611BB3333910F97D30EF76B88B829127A1FF41673E183CC383E9E6046E97B13543AEE6DE71D20F09926AD58D59037B6BD645726E272CC4

Malicious: false

Preview:SQLite format 3......@ ..........................................................................4 .........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db-journalProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: data

Size (bytes): 524

Entropy (8bit): 0.27937671757176796

Encrypted: false

MD5: 00C0FA97BFAE892C0BB07B3F75BC8418

SHA1: 65AD254B20B3F844B431977DFF9F4C02436C54D8

SHA-256: 68259E5EAAF977608B6446AABE9C5DE56878211DAF5C37480CC425277A80A2A8

SHA-512: 7D0EA2D6407421CF39315D79E0F773CEE361DAAB478E0E19A5EDF0A445F4ACDB58367B57050CD42392FCE08EBCDD24ECD1E0298E1F270850204C570CE4970272

Malicious: false

Preview:............(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.....

C:\Users\user\AppData\Roaming\Guilded\e32ddde7-d6f5-4dd3-a818-e1186261edb2.tmpProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with no line terminators

Copyright Joe Security LLC 2019 Page 36 of 218

Size (bytes): 262

Entropy (8bit): 4.803713315365111

Encrypted: false

MD5: 313ACD67A2B2AF02E547C9CDC7F7707C

SHA1: 017879ADDECC620CD1F193D9C8A907786454DF2B

SHA-256: 4E15F992B881C9ADE7AEB59A824B753E0BE59848B86157768783BFF98C2D9FF0

SHA-512: 7154B480A1EB363D69CE7BCEE9E0280AE38875A4211241E93C504CC24ED4A7B57DBD9984AFEBBCE6DC9865220BB50E0AD4F8B79B05A2EB95CAFBA8505346CBFC

Malicious: false

Preview:{"net":{"http_server_properties":{"servers":[{"https://api.mixpanel.com":{"supports_spdy":true}},{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Roaming\Guilded\e32ddde7-d6f5-4dd3-a818-e1186261edb2.tmp

C:\Users\user\AppData\Roaming\Guilded\log.logProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with CRLF line terminators

Size (bytes): 54

Entropy (8bit): 4.762116382266492

Encrypted: false

MD5: D66A54A13A42DF61342955000CF4DBC1

SHA1: AEB6E76283CFD0BC660987D1F2049ABA3082FDDC

SHA-256: DCDD27B1FC4FD89C5E4C43FB9A2AD2E8309B3ACB3B29A2B46EC742F3B870BBA0

SHA-512: B5857A308B2AC0C7374800201D52C2E1DF3641D617D996BD7A9F50E416DF9B130F42541219105E6EA4E98B9D8C30EDFA427ECDB1520E14E9A026C022C2BA2E7B

Malicious: false

Preview:[2019-10-23 16:16:32.294] [info] Checking for update..

C:\Users\user\AppData\Roaming\Guilded\sentry\scope.jsonProcess: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 122566

Entropy (8bit): 4.898032790049172

Encrypted: false

MD5: B1D97A490FFD4B9180ECC243548ECA2C

SHA1: BFDE054497348E844895B9E472762420B8636CAF

SHA-256: 1368F0F10EC02B3C10E449AFE3AA9B47F7EF96717CBD91D4553E471D0CEB200B

SHA-512: A9762497CFEACBD7245098BB564E0A20664DC5CAF27A64209D1371184FDEC4EA6278030101B9FDAA80F1D7EA0374241551F650375BA788E5FD06BD5F2028488D

Malicious: false

Preview:{"notifyingListeners":true,"scopeListeners":[],"eventProcessors":[],"breadcrumbs":[{"timestamp":1571872537.733,"category":"electron","message":"app.web-contents-created","type":"ui"},{"timestamp":1571872537.811,"category":"electron","message":"app.browser-window-created","type":"ui"},{"timestamp":1571872544.261,"category":"electron","message":"app.browser-window-blur","type":"ui"}],"user":{},"tags":{},"extra":{}}{"notifyingListeners":true,"scopeListeners":[],"eventProcessors":[],"breadcrumbs":[{"timestamp":1571872537.733,"category":"electron","message":"app.web-contents-created","type":"ui"},{"timestamp":1571872537.811,"category":"electron","message":"app.browser-window-created","type":"ui"},{"timestamp":1571872544.261,"category":"electron","message":"app.browser-window-blur","type":"ui"},{"timestamp":1571872550.776,"category":"electron","message":"app.browser-window-focus","type":"ui"}],"user":{},"tags":{},"extra":{}}{"notifyingListeners":true,"scopeListeners":[],"eventProcessors":[],

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guilded.lnkProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Oct 23 22:14:10 2019, mtime=Wed Oct 23 22:14:16 2019, atime=Wed Oct 23 01:05:32 2019, length=99935952, window=hide

Size (bytes): 4453

Entropy (8bit): 3.7566356233295792

Encrypted: false

MD5: 1E4F97E3B7398000BC0B2199021C21AF

SHA1: 293AE4AE52F7AC5760E2B7A20FE51030FDFB1281

SHA-256: 17645CDA3AC737AA3EC40F696DD1C8FD4649EFB6138F760A9452FDACF8270176

SHA-512: 36034F58EEDDCD50F2C307C7F1BEAEF99F1C68E16702273D3D8AE1BBF741B28B4D7591FA5F341580CE40CA683D869A25A9E8ACC555C79B156AB917D1A926CF0E

Malicious: false

Preview:L..................F.@.. ....Z~.....~........~.YF........................... .:..DG..Yr?.D..U..k0.&...&........3L......................t...CFSF..1.....vM....AppData...t.Y^...H.g.3..(.....gVA.G..k...@......vM..WO......nM.....................n..A.p.p.D.a.t.a...B.P.1.....WO...Local.<......vM..WO......N......................`.L.o.c.a.l.....Z.1.....WO....Programs..B......WO..WO.......U.......................P.r.o.g.r.a.m.s.....V.1.....WO...Guilded.@......WO..WO......W........................G.u.i.l.d.e.d.....b.2.....WO.. .Guilded.exe.H......WO.WO.....p.........................G.u.i.l.d.e.d...e.x.e.......h...............-.......g.............N<.....C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe....w.w.w...g.u.i.l.d.e.d...g.g.1.....\.....\.....\.....\.....\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.G.u.i.l.d.e.d.\.G.u.i.l.d.e.d...e.x.e.-.C.:.\.U.s.e.r.s.\.G.u.c.c.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.G.u.i.l.d.e.d.9.C.:.\.U.s.e.r.s.\.G.u.c.c.i.\.A.p.p.D.a.t.a.\.L.o.

C:\Users\user\Desktop\Guilded.lnkProcess: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

Copyright Joe Security LLC 2019 Page 37 of 218

File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Oct 23 22:14:10 2019, mtime=Wed Oct 23 22:14:16 2019, atime=Wed Oct 23 01:05:32 2019, length=99935952, window=hide

Size (bytes): 4437

Entropy (8bit): 3.7606645863576507

Encrypted: false

MD5: F5AB2948EF06476904968B412517BC0F

SHA1: 55C9400AE90E6939771EC9635F1134AD6FF79B93

SHA-256: 5B553F97C4122683B77E4F9038AF81A905BB5FE9ACA8DCB01B62C1750D4940F0

SHA-512: 0A7F60EEA0887D43FD69679389F8A1D470BDE2AAF467DC9EFAC7F872BC041FD9C16A7D44A20B34D328C7BDAAAE6B40F2B6259DBAAB9A1DFD1049C5DAE4A5B725

Malicious: false

Preview:L..................F.@.. ....Z~.....~........~.YF........................... .:..DG..Yr?.D..U..k0.&...&........3L......................t...CFSF..1.....vM....AppData...t.Y^...H.g.3..(.....gVA.G..k...@......vM..WO......nM.....................n..A.p.p.D.a.t.a...B.P.1.....WO...Local.<......vM..WO......N......................`.L.o.c.a.l.....Z.1.....WO....Programs..B......WO..WO......U....................v...P.r.o.g.r.a.m.s.....V.1.....WO...Guilded.@......WO..WO......W.....................f..G.u.i.l.d.e.d.....b.2.....WO.. .Guilded.exe.H......WO.WO.....p.........................G.u.i.l.d.e.d...e.x.e.......h...............-.......g.............N<.....C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe....w.w.w...g.u.i.l.d.e.d...g.g.-.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.G.u.i.l.d.e.d.\.G.u.i.l.d.e.d...e.x.e.-.C.:.\.U.s.e.r.s.\.G.u.c.c.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.G.u.i.l.d.e.d.9.C.:.\.U.s.e.r.s.\.G.u.c.c.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.

C:\Users\user\Desktop\Guilded.lnk

Name IP Active Malicious Antivirus Detection Reputation

sentry.io 35.188.42.15 true false high

awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

35.165.248.244 true false high

api.mixpanel.com 107.178.240.159 true false high

dcb3a3q5nenlj.cloudfront.net 54.192.216.8 true false high

api.guilded.gg unknown unknown false high

cdn.onenote.net unknown unknown false 1%, Virustotal, Browse unknown

www.guilded.gg unknown unknown false high

Name Source Malicious Antivirus Detection Reputation

ctrio.sourceforge.net/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

libevent.org/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://developer.android.com/guide/app-bundle/playcore

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://chromium.googlesource.com/chromium/src.git/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/liblouis/liblouis Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/simplejson/simplejson Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/chromium/dom-distiller Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://www.bluetooth.com/specifications/gatt/services Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1867960141.0000000007340000.00000004.00000001.sdmp

false high

https://github.com/bestiejs/punycode.js.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Copyright Joe Security LLC 2019 Page 38 of 218

https://electronjs.org/docs/tutorial/mac-app-store-submission-guide#limitations-of-mas-build

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

xml.resource.org/public/rfc/bibxml3/reference.I-D.nottingham-http-link-header.xml

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

https://standardjs.com) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false Avira URL Cloud: safe low

github.com/raynos/xtend/raw/master/LICENSE Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://github.com/nodejs/string_decoder Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

sindresorhus.com Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://github.com/shinnn) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://github.com/mysticatea/eslint-plugin-node/pull/110)

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

json-schema.org/draft-03/links# Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error#Error_types

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

www.chromium.org/blink Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

www.opensource.org/licenses/mit-license.php Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

trac.dojotoolkit.org/browser/dojo/trunk/LICENSE#L43 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1867960141.0000000007340000.00000004.00000001.sdmp

false high

https://github.com/karma-runner/karma/pull/2947)) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://github.com/ValveSoftware/openvr Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

modp.com/release/base64 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

https://github.com/ChALkeR Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://boringssl.googlesource.com/boringssl Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

Name Source Malicious Antivirus Detection Reputation

Copyright Joe Security LLC 2019 Page 39 of 218

https://github.com/electron/electron/issues/18397 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1867960141.0000000007340000.00000004.00000001.sdmp

false high

https://github.com/jrmuizel/qcms/tree/v4 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/googlei18n/libphonenumber/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

www.unicode.org/cldr/data/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://chromium.googlesource.com/chromium/src/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

l.twimg.com/i/hpkp_report Guilded.exe, 00000019.00000000.2650739512.0000000144CBB000.00000002.00020000.sdmp

false high

docs.python.org/dev/library/argparse.html#the-parse-args-method

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://bugs.chromium.org/p/v8/issues/detail?id=90 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

exslt.org/common Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1867960141.0000000007340000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseURL Reputation: safe

low

www.yaml.org/spec/1.2/spec.html#id2804923 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

stackoverflow.com/questions/105034/how-to-create-a-guid-uuid-in-javascript/2117523#2117523

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://chromium.googlesource.com/external/webrtc Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/KhronosGroup/SPIRV-Headers.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

lynx.isc.org/current/breakout/lynx_help/keystrokes/environments.html)

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://www.npmjs.com/package/safe-buffer) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

www.nongnu.org/freebangfont/downloads.html#mukti Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

narwhaljs.org) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false Avira URL Cloud: safe low

istanbul-js.org/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

unknown

goo.gl/rRqMUw Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

libpng.org/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

Name Source Malicious Antivirus Detection Reputation

Copyright Joe Security LLC 2019 Page 40 of 218

www.unicode.org/cldr/data/. Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://sqlite.org/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://tools.ietf.org/html/rfc3986#appendix-B Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://github.com/rvagg/bl.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argume

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

https://github.com/ljharb/qs.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://github.com/analog-nico/stealthy-require#readme Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://github.com/jquery/sizzle/blob/master/LICENSE Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

goo.gl/MqrFmX Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://sentry.io/) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

www.cs.ru.nl/~sjakie/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://github.com/joyeecheung/node-dep-codemod#dep005)

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

docs.python.org/dev/library/argparse.html#formatter-class

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://github.com/open-source-parsers/jsoncpp Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

html4/loose.dtd Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1867960141.0000000007340000.00000004.00000001.sdmp

false Avira URL Cloud: safe low

harfbuzz.org Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

unknown

https://github.com/Microsoft/webauthn/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://developer.nvidia.com/nvidia-management-library-nvml

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/karma-runner/karma/commit/3d94b8cf18c695104ca195334dc75ff054c74eec)

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

Name Source Malicious Antivirus Detection Reputation

Copyright Joe Security LLC 2019 Page 41 of 218

www.unicode.org/copyright.html Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/blueimp/JavaScript-MD5 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://opensource.org/licenses/MIT Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

github.com/mhart) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

peter.michaux.ca/articles/lazy-function-definition-pattern) Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false Avira URL Cloud: safe unknown

https://github.com/RyanZim/universalify.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

www.freetype.org/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

llvm.org Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://caniuse.com/#feat=referrer-policy Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://github.com/analog-nico/stealthy-require.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://chromium.googlesource.com/external/github.com/GoogleChrome/custom-tabs-client

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

publicsuffix.org Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

github.com/kriszyp/json-schema Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

https://github.com/google/shaderc Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/isaacs/isexe.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

https://goo.gl/4NeimXOrigin Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1867960141.0000000007340000.00000004.00000001.sdmp

false high

https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillRedirectRequestWil

Guilded.exe, 00000019.00000000.2650739512.0000000144CBB000.00000002.00020000.sdmp

false high

mths.be/fromcodepoint Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

unknown

json-schema.org/draft-00/schema# Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

https://crbug.com/v8/8520 Guilded.exe, 00000019.00000000.2650739512.0000000144CBB000.00000002.00020000.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

Name Source Malicious Antivirus Detection Reputation

Copyright Joe Security LLC 2019 Page 42 of 218

wiki.commonjs.org/wiki/Unit_Testing/1.0 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

hyperelliptic.org/tanja Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

pajhome.org.uk/crypt/md5 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseURL Reputation: safe

low

https://dejavu-fonts.github.io/Download.html Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

https://github.com/rvagg/isstream.git Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false high

https://pagure.io/lohit Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://github.com/getsentry/raven-js/issues/1233 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1828168202.0000000005E40000.00000004.00000001.sdmp

false high

https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1825339124.0000000005240000.00000004.00000001.sdmp

false high

https://github.com/LinuxA11y/IAccessible2 Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

https://www.khronos.org/registry/ Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1805391404.0000000004C60000.00000004.00000001.sdmp

false high

juliangruber.com Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1829456770.0000000006A40000.00000004.00000001.sdmp

false 0%, Virustotal, BrowseAvira URL Cloud: safe

unknown

.jpg Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe, 00000000.00000003.1867960141.0000000007340000.00000004.00000001.sdmp

false Avira URL Cloud: safe low

Name Source Malicious Antivirus Detection Reputation

Contacted IPs

Copyright Joe Security LLC 2019 Page 43 of 218

Static File Info

GeneralFile type: PE32 executable (GUI) Intel 80386, for MS Windows,

Nullsoft Installer self-extracting archive

Entropy (8bit): 7.99993746056578

TrID: Win32 Executable (generic) a (10002005/4) 99.94%Generic Win/DOS Executable (2004/3) 0.02%DOS Executable Generic (2002/1) 0.02%Java Script embedded in Visual Basic Script (1500/0) 0.01%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%

File name: Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

File size: 49897360

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Country Flag ASN ASN Name Malicious

54.192.216.145 United States 16509 unknown false

54.192.216.166 United States 16509 unknown false

35.165.248.244 United States 16509 unknown false

35.188.42.15 United States 15169 unknown false

52.34.144.145 United States 16509 unknown false

107.178.240.159 United States 15169 unknown false

54.192.216.8 United States 16509 unknown false

54.192.216.73 United States 16509 unknown false

54.71.193.49 United States 16509 unknown false

IP

192.168.2.2

192.168.2.7

192.168.2.6

192.168.2.5

Public

Private

Copyright Joe Security LLC 2019 Page 44 of 218

MD5: 2b957878ef2b321086b0d4f520ea4383

SHA1: fbde2cb4e20f384bfa300558ff66f7dddefbe0af

SHA256: a7e579b3823785d62b6065ff80775a851124c6c5c696c1568f0bb7c724c87dc8

SHA512: 5b820593e949bbb0ff60ad11e46f75b1e7d498a84cdc8efff2c40b2680c9f35c18b20054b54e227c40b331a56699346e0fc133799129acfb1ae0ca9782d1d908

SSDEEP: 786432:HdI29zwVmFZMpvjsFKwu7EkHMwMJYLFzjWjQDtyqezMmAan0noIgAGz8kFgVw4Wx:HdI4rovIvupphpzjWOQbMhan0nVgAGzX

File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...|.oZ.................h...8...@.

General

File Icon

Icon Hash: 808e9292c6ec7192

GeneralEntrypoint: 0x40338f

Entrypoint Section: .text

Digitally signed: true

Imagebase: 0x400000

Subsystem: windows gui

Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

DLL Characteristics: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Time Stamp: 0x5A6FED7C [Tue Jan 30 03:58:52 2018 UTC]

TLS Callbacks:

CLR (.Net) Version:

OS Version Major: 4

OS Version Minor: 0

File Version Major: 4

File Version Minor: 0

Subsystem Version Major: 4

Subsystem Version Minor: 0

Import Hash: b34f154ec913d2d2c435cbd644e91687

Signature Valid: true

Signature Issuer: CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB

Signature Validation Error: The operation completed successfully

Error Number: 0

Not Before, Not After 6/23/2019 5:00:00 PM 6/23/2022 4:59:59 PM

Subject Chain CN=GUILDED LLC, O=GUILDED LLC, STREET=100 VAN NESS AVE APT 2705, L=San Francisco, S=California, PostalCode=94102, C=US

Version: 3

Thumbprint MD5: 52A485FF162190FFCB22843E2DC4EC2F

Thumbprint SHA-1: D56DCAF5421FE97F7327F4981B6CFC771CACB708

Thumbprint SHA-256: 921940367DFAC7208229113B3451217427E48AF685789BEB127E30050E5B3F40

Serial: 43BBDD2851CA7A1712ABCA56B971AC3E

Instruction

sub esp, 000002D4h

push ebx

push esi

push edi

push 00000020h

Static PE Info

Authenticode Signature

Entrypoint Preview

Copyright Joe Security LLC 2019 Page 45 of 218

pop edi

xor ebx, ebx

push 00008001h

mov dword ptr [esp+14h], ebx

mov dword ptr [esp+10h], 0040A2E0h

mov dword ptr [esp+1Ch], ebx

call dword ptr [004080A8h]

call dword ptr [004080A4h]

and eax, BFFFFFFFh

cmp ax, 00000006h

mov dword ptr [0047AEECh], eax

je 00007FA0EC5FFB03h

push ebx

call 00007FA0EC602DB5h

cmp eax, ebx

je 00007FA0EC5FFAF9h

push 00000C00h

call eax

mov esi, 004082B0h

push esi

call 00007FA0EC602D2Fh

push esi

call dword ptr [00408150h]

lea esi, dword ptr [esi+eax+01h]

cmp byte ptr [esi], 00000000h

jne 00007FA0EC5FFADCh

push 0000000Ah

call 00007FA0EC602D88h

push 00000008h

call 00007FA0EC602D81h

push 00000006h

mov dword ptr [0047AEE4h], eax

call 00007FA0EC602D75h

cmp eax, ebx

je 00007FA0EC5FFB01h

push 0000001Eh

call eax

test eax, eax

je 00007FA0EC5FFAF9h

or byte ptr [0047AEEFh], 00000040h

push ebp

call dword ptr [00408044h]

push ebx

call dword ptr [004082A0h]

mov dword ptr [0047AFB8h], eax

push ebx

lea eax, dword ptr [esp+34h]

push 000002B4h

push eax

push ebx

push 00440208h

call dword ptr [00408188h]

push 0040A2C8h

Instruction

Programming Language: [EXP] VC++ 6.0 SP5 build 8804

Name Virtual Address Virtual Size Is in Section

IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_IMPORT 0x8608 0xa0 .rdata

IMAGE_DIRECTORY_ENTRY_RESOURCE 0x197000 0x9508 .rsrc

IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0

Rich Headers

Data Directories

Copyright Joe Security LLC 2019 Page 46 of 218

IMAGE_DIRECTORY_ENTRY_SECURITY 0x2f918c0 0x46d0

IMAGE_DIRECTORY_ENTRY_BASERELOC 0x0 0x0

IMAGE_DIRECTORY_ENTRY_DEBUG 0x0 0x0

IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0

IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0

IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0

IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_IAT 0x8000 0x2b0 .rdata

IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x0 0x0

IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0

IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0

Name Virtual Address Virtual Size Is in Section

Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics

.text 0x1000 0x6627 0x6800 False 0.66455078125 data 6.4506752227 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

.rdata 0x8000 0x149a 0x1600 False 0.438032670455 data 5.00707518585 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

.data 0xa000 0x70ff8 0x600 False 0.518229166667 data 4.03711773145 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

.ndata 0x7b000 0x11c000 0x0 False 0 empty 0.0 IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ

.rsrc 0x197000 0x9508 0x9600 False 0.529166666667 data 5.77793906628 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name RVA Size Type Language Country

RT_ICON 0x197538 0x36ef PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

English United States

RT_ICON 0x19ac28 0x25a8 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0

English United States

RT_ICON 0x19d1d0 0x10a8 dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0

English United States

RT_ICON 0x19e278 0x468 GLS_BINARY_LSB_FIRST English United States

RT_DIALOG 0x19e6e0 0x202 data English United States

RT_DIALOG 0x19e8e8 0xf8 data English United States

RT_DIALOG 0x19e9e0 0xee data English United States

RT_DIALOG 0x19ead0 0x1fa data English United States

RT_DIALOG 0x19ecd0 0xf0 data English United States

RT_DIALOG 0x19edc0 0xe6 data English United States

RT_DIALOG 0x19eea8 0x1ee data English United States

RT_DIALOG 0x19f098 0xe4 data English United States

RT_DIALOG 0x19f180 0xda data English United States

RT_DIALOG 0x19f260 0x1ee data English United States

RT_DIALOG 0x19f450 0xe4 data English United States

RT_DIALOG 0x19f538 0xda data English United States

RT_DIALOG 0x19f618 0x1f2 data English United States

RT_DIALOG 0x19f810 0xe8 data English United States

RT_DIALOG 0x19f8f8 0xde data English United States

RT_DIALOG 0x19f9d8 0x202 data English United States

RT_DIALOG 0x19fbe0 0xf8 data English United States

RT_DIALOG 0x19fcd8 0xee data English United States

RT_GROUP_ICON 0x19fdc8 0x3e data English United States

RT_VERSION 0x19fe08 0x2d4 data English United States

RT_MANIFEST 0x1a00e0 0x425 XML 1.0 document, ASCII text, with very long lines, with no line terminators

English United States

DLL Import

Sections

Resources

Imports

Copyright Joe Security LLC 2019 Page 47 of 218

Network Port Distribution

Total Packets: 50

• 53 (DNS)

• 443 (HTTPS)

• 80 (HTTP)

KERNEL32.dll SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW

USER32.dll GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage

GDI32.dll SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor

SHELL32.dll SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW

ADVAPI32.dll AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW

COMCTL32.dll ImageList_Create, ImageList_AddMasked, ImageList_Destroy

ole32.dll OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

DLL Import

Description Data

LegalCopyright Copyright 2019 Guilded, Inc.

FileVersion 1.0.937369-release.Electron App Release_master_20191022.1

CompanyName Guilded, Inc.

ProductName Guilded

ProductVersion 1.0.937369-release

FileDescription www.guilded.gg

Translation 0x0409 0x04e4

Language of compilation system Country where language is spoken Map

English United States

Network Behavior

Version Infos

Possible Origin

Copyright Joe Security LLC 2019 Page 48 of 218

Timestamp Source Port Dest Port Source IP Dest IP

Oct 23, 2019 16:13:49.815217018 CEST 443 49694 40.90.23.206 192.168.2.5

Oct 23, 2019 16:13:55.589050055 CEST 443 49693 40.90.23.206 192.168.2.5

Oct 23, 2019 16:14:02.029048920 CEST 443 49713 13.86.124.191 192.168.2.5

Oct 23, 2019 16:14:20.776377916 CEST 49689 80 192.168.2.5 151.139.128.14

Oct 23, 2019 16:14:20.776556015 CEST 49688 80 192.168.2.5 151.139.128.14

Oct 23, 2019 16:14:20.794049978 CEST 80 49689 151.139.128.14 192.168.2.5

Oct 23, 2019 16:14:20.794099092 CEST 49689 80 192.168.2.5 151.139.128.14

Oct 23, 2019 16:14:20.794630051 CEST 80 49688 151.139.128.14 192.168.2.5

Oct 23, 2019 16:14:20.794770956 CEST 49688 80 192.168.2.5 151.139.128.14

Oct 23, 2019 16:14:33.097230911 CEST 49701 443 192.168.2.5 204.79.197.200

Oct 23, 2019 16:14:33.383044004 CEST 49700 443 192.168.2.5 40.67.254.36

Oct 23, 2019 16:14:33.427742004 CEST 443 49700 40.67.254.36 192.168.2.5

Oct 23, 2019 16:14:33.657442093 CEST 49700 443 192.168.2.5 40.67.254.36

Oct 23, 2019 16:14:34.473510027 CEST 49708 80 192.168.2.5 93.184.221.240

Oct 23, 2019 16:14:34.473653078 CEST 49710 80 192.168.2.5 13.107.4.50

Oct 23, 2019 16:14:34.473845959 CEST 49711 80 192.168.2.5 93.184.221.240

Oct 23, 2019 16:14:34.487147093 CEST 80 49710 13.107.4.50 192.168.2.5

Oct 23, 2019 16:14:34.491246939 CEST 80 49708 93.184.221.240 192.168.2.5

Oct 23, 2019 16:14:34.491272926 CEST 80 49711 93.184.221.240 192.168.2.5

Oct 23, 2019 16:14:34.491369963 CEST 49708 80 192.168.2.5 93.184.221.240

Oct 23, 2019 16:14:34.491430044 CEST 49711 80 192.168.2.5 93.184.221.240

Oct 23, 2019 16:14:34.492418051 CEST 80 49710 13.107.4.50 192.168.2.5

Oct 23, 2019 16:14:34.492575884 CEST 49710 80 192.168.2.5 13.107.4.50

Oct 23, 2019 16:15:12.943135023 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:12.966816902 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:12.966995955 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:12.972630024 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:12.996540070 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.050792933 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.050810099 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.050832033 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.050844908 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.050859928 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.051170111 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:13.676649094 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:13.685193062 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:13.688422918 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:13.700431108 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.700719118 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.700771093 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.700867891 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:13.705113888 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:13.709017038 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.730196953 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.830027103 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:13.946707010 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.946731091 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:13.946861982 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:16.884310007 CEST 49695 443 192.168.2.5 40.90.137.126

Oct 23, 2019 16:15:16.988372087 CEST 443 49695 40.90.137.126 192.168.2.5

Oct 23, 2019 16:15:16.988440990 CEST 49695 443 192.168.2.5 40.90.137.126

Oct 23, 2019 16:15:18.536582947 CEST 49697 80 192.168.2.5 104.89.32.74

Oct 23, 2019 16:15:18.556466103 CEST 80 49697 104.89.32.74 192.168.2.5

Oct 23, 2019 16:15:18.556636095 CEST 49697 80 192.168.2.5 104.89.32.74

Oct 23, 2019 16:15:20.525017023 CEST 49698 443 192.168.2.5 40.90.23.153

Oct 23, 2019 16:15:20.629173040 CEST 443 49698 40.90.23.153 192.168.2.5

Oct 23, 2019 16:15:20.629354000 CEST 49698 443 192.168.2.5 40.90.23.153

Oct 23, 2019 16:15:30.428837061 CEST 49718 443 192.168.2.5 20.36.218.70

Oct 23, 2019 16:15:30.537195921 CEST 443 49718 20.36.218.70 192.168.2.5

Oct 23, 2019 16:15:30.537343979 CEST 49718 443 192.168.2.5 20.36.218.70

Oct 23, 2019 16:15:33.396068096 CEST 49700 443 192.168.2.5 40.67.254.36

Oct 23, 2019 16:15:33.397381067 CEST 49703 443 192.168.2.5 40.67.254.36

TCP Packets

Copyright Joe Security LLC 2019 Page 49 of 218

Oct 23, 2019 16:15:33.436749935 CEST 443 49700 40.67.254.36 192.168.2.5

Oct 23, 2019 16:15:33.437021017 CEST 443 49703 40.67.254.36 192.168.2.5

Oct 23, 2019 16:15:33.501734018 CEST 49703 443 192.168.2.5 40.67.254.36

Oct 23, 2019 16:15:33.519273043 CEST 49700 443 192.168.2.5 40.67.254.36

Oct 23, 2019 16:15:39.156209946 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.180322886 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.180573940 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.183936119 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.207628965 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.212795973 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.212821007 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.212835073 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.212932110 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.212949991 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.213088036 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.655246973 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.661995888 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.664230108 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.678987980 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.679210901 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.679290056 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.679529905 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.686338902 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:39.692039967 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:39.716428995 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:40.088263988 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:40.088308096 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:40.088323116 CEST 443 49721 54.192.216.166 192.168.2.5

Oct 23, 2019 16:15:40.094019890 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:45.134082079 CEST 49722 443 192.168.2.5 107.178.240.159

Oct 23, 2019 16:15:45.147949934 CEST 443 49722 107.178.240.159 192.168.2.5

Oct 23, 2019 16:15:45.148107052 CEST 49722 443 192.168.2.5 107.178.240.159

Oct 23, 2019 16:15:45.207236052 CEST 49721 443 192.168.2.5 54.192.216.166

Oct 23, 2019 16:15:45.207809925 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:45.226056099 CEST 49722 443 192.168.2.5 107.178.240.159

Oct 23, 2019 16:15:45.233238935 CEST 443 49720 54.192.216.8 192.168.2.5

Oct 23, 2019 16:15:45.233520985 CEST 49720 443 192.168.2.5 54.192.216.8

Oct 23, 2019 16:15:45.237953901 CEST 443 49721 54.192.216.166 192.168.2.5

Timestamp Source Port Dest Port Source IP Dest IP

Timestamp Source Port Dest Port Source IP Dest IP

Oct 23, 2019 16:14:33.429857969 CEST 56580 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:14:33.452202082 CEST 53 56580 8.8.8.8 192.168.2.5

Oct 23, 2019 16:15:12.899662018 CEST 49526 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:15:12.924057961 CEST 53 49526 8.8.8.8 192.168.2.5

Oct 23, 2019 16:15:39.073349953 CEST 55384 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:15:39.139278889 CEST 53 55384 8.8.8.8 192.168.2.5

Oct 23, 2019 16:15:44.920823097 CEST 60015 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:15:44.934747934 CEST 53 60015 8.8.8.8 192.168.2.5

Oct 23, 2019 16:15:47.528634071 CEST 62002 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:15:47.584163904 CEST 53 62002 8.8.8.8 192.168.2.5

Oct 23, 2019 16:16:15.576586008 CEST 53698 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:16:15.590164900 CEST 53 53698 8.8.8.8 192.168.2.5

Oct 23, 2019 16:16:39.888633013 CEST 49398 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:16:39.930399895 CEST 53 49398 8.8.8.8 192.168.2.5

Oct 23, 2019 16:16:57.077586889 CEST 61206 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:16:57.127938986 CEST 53 61206 8.8.8.8 192.168.2.5

Oct 23, 2019 16:17:08.028498888 CEST 62729 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:17:08.042110920 CEST 53 62729 8.8.8.8 192.168.2.5

Oct 23, 2019 16:17:35.801492929 CEST 65311 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:17:35.815412045 CEST 53 65311 8.8.8.8 192.168.2.5

Oct 23, 2019 16:17:37.298072100 CEST 64959 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:17:37.362588882 CEST 53 64959 8.8.8.8 192.168.2.5

UDP Packets

Copyright Joe Security LLC 2019 Page 50 of 218

Oct 23, 2019 16:18:52.001250982 CEST 65002 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:18:52.024199963 CEST 53 65002 8.8.8.8 192.168.2.5

Oct 23, 2019 16:19:51.427660942 CEST 57153 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:19:51.450359106 CEST 53 57153 8.8.8.8 192.168.2.5

Oct 23, 2019 16:19:52.315908909 CEST 58817 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:19:52.347657919 CEST 53 58817 8.8.8.8 192.168.2.5

Oct 23, 2019 16:19:52.432612896 CEST 57153 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:19:52.455884933 CEST 53 57153 8.8.8.8 192.168.2.5

Oct 23, 2019 16:19:53.433303118 CEST 57153 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:19:53.447504997 CEST 53 57153 8.8.8.8 192.168.2.5

Oct 23, 2019 16:19:55.433737993 CEST 57153 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:19:55.448394060 CEST 53 57153 8.8.8.8 192.168.2.5

Oct 23, 2019 16:19:59.435539961 CEST 57153 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:19:59.452119112 CEST 53 57153 8.8.8.8 192.168.2.5

Oct 23, 2019 16:20:52.902642965 CEST 52183 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:20:52.925328970 CEST 53 52183 8.8.8.8 192.168.2.5

Oct 23, 2019 16:21:53.187350988 CEST 57047 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:21:53.234783888 CEST 53 57047 8.8.8.8 192.168.2.5

Oct 23, 2019 16:22:12.413455009 CEST 49260 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:22:12.469630003 CEST 53 49260 8.8.8.8 192.168.2.5

Oct 23, 2019 16:22:12.884099960 CEST 57436 53 192.168.2.5 8.8.8.8

Oct 23, 2019 16:22:12.897535086 CEST 53 57436 8.8.8.8 192.168.2.5

Timestamp Source Port Dest Port Source IP Dest IP

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Oct 23, 2019 16:14:33.429857969 CEST 192.168.2.5 8.8.8.8 0x8b07 Standard query (0)

cdn.onenote.net A (IP address) IN (0x0001)

Oct 23, 2019 16:15:12.899662018 CEST 192.168.2.5 8.8.8.8 0x6ddb Standard query (0)

www.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:15:39.073349953 CEST 192.168.2.5 8.8.8.8 0x4ee5 Standard query (0)

www.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:15:44.920823097 CEST 192.168.2.5 8.8.8.8 0xd2da Standard query (0)

api.mixpanel.com A (IP address) IN (0x0001)

Oct 23, 2019 16:15:47.528634071 CEST 192.168.2.5 8.8.8.8 0x7303 Standard query (0)

api.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:16:15.576586008 CEST 192.168.2.5 8.8.8.8 0x157c Standard query (0)

sentry.io A (IP address) IN (0x0001)

Oct 23, 2019 16:16:39.888633013 CEST 192.168.2.5 8.8.8.8 0x370d Standard query (0)

www.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:16:57.077586889 CEST 192.168.2.5 8.8.8.8 0x288f Standard query (0)

www.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:17:08.028498888 CEST 192.168.2.5 8.8.8.8 0xf38c Standard query (0)

api.mixpanel.com A (IP address) IN (0x0001)

Oct 23, 2019 16:17:35.801492929 CEST 192.168.2.5 8.8.8.8 0x593c Standard query (0)

sentry.io A (IP address) IN (0x0001)

Oct 23, 2019 16:17:37.298072100 CEST 192.168.2.5 8.8.8.8 0x90b7 Standard query (0)

api.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:18:52.001250982 CEST 192.168.2.5 8.8.8.8 0xe1d7 Standard query (0)

api.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:19:52.315908909 CEST 192.168.2.5 8.8.8.8 0xc94b Standard query (0)

api.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:20:52.902642965 CEST 192.168.2.5 8.8.8.8 0x31bb Standard query (0)

api.guilded.gg A (IP address) IN (0x0001)

Oct 23, 2019 16:21:53.187350988 CEST 192.168.2.5 8.8.8.8 0xe8c2 Standard query (0)

api.guilded.gg A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Oct 23, 2019 16:14:33.452202082 CEST

8.8.8.8 192.168.2.5 0x8b07 No error (0) cdn.onenote.net cdn.onenote.net.edgekey.net

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:15:12.924057961 CEST

8.8.8.8 192.168.2.5 0x6ddb No error (0) www.guilded.gg dcb3a3q5nenlj.cloudfront.net

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:15:12.924057961 CEST

8.8.8.8 192.168.2.5 0x6ddb No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.8 A (IP address) IN (0x0001)

DNS Queries

DNS Answers

Copyright Joe Security LLC 2019 Page 51 of 218

Oct 23, 2019 16:15:12.924057961 CEST

8.8.8.8 192.168.2.5 0x6ddb No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.73 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:12.924057961 CEST

8.8.8.8 192.168.2.5 0x6ddb No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.166 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:12.924057961 CEST

8.8.8.8 192.168.2.5 0x6ddb No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:39.139278889 CEST

8.8.8.8 192.168.2.5 0x4ee5 No error (0) www.guilded.gg dcb3a3q5nenlj.cloudfront.net

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:15:39.139278889 CEST

8.8.8.8 192.168.2.5 0x4ee5 No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.166 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:39.139278889 CEST

8.8.8.8 192.168.2.5 0x4ee5 No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.73 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:39.139278889 CEST

8.8.8.8 192.168.2.5 0x4ee5 No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:39.139278889 CEST

8.8.8.8 192.168.2.5 0x4ee5 No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.8 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:44.934747934 CEST

8.8.8.8 192.168.2.5 0xd2da No error (0) api.mixpanel.com

107.178.240.159 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:44.934747934 CEST

8.8.8.8 192.168.2.5 0xd2da No error (0) api.mixpanel.com

130.211.34.183 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:44.934747934 CEST

8.8.8.8 192.168.2.5 0xd2da No error (0) api.mixpanel.com

35.186.241.51 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:44.934747934 CEST

8.8.8.8 192.168.2.5 0xd2da No error (0) api.mixpanel.com

35.190.25.25 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:47.584163904 CEST

8.8.8.8 192.168.2.5 0x7303 No error (0) api.guilded.gg awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:15:47.584163904 CEST

8.8.8.8 192.168.2.5 0x7303 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

35.165.248.244 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:47.584163904 CEST

8.8.8.8 192.168.2.5 0x7303 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

52.34.144.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:15:47.584163904 CEST

8.8.8.8 192.168.2.5 0x7303 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

54.71.193.49 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:15.590164900 CEST

8.8.8.8 192.168.2.5 0x157c No error (0) sentry.io 35.188.42.15 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:39.930399895 CEST

8.8.8.8 192.168.2.5 0x370d No error (0) www.guilded.gg dcb3a3q5nenlj.cloudfront.net

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:16:39.930399895 CEST

8.8.8.8 192.168.2.5 0x370d No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:39.930399895 CEST

8.8.8.8 192.168.2.5 0x370d No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.73 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:39.930399895 CEST

8.8.8.8 192.168.2.5 0x370d No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.8 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:39.930399895 CEST

8.8.8.8 192.168.2.5 0x370d No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.166 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:57.127938986 CEST

8.8.8.8 192.168.2.5 0x288f No error (0) www.guilded.gg dcb3a3q5nenlj.cloudfront.net

CNAME (Canonical name)

IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Copyright Joe Security LLC 2019 Page 52 of 218

Oct 23, 2019 16:16:57.127938986 CEST

8.8.8.8 192.168.2.5 0x288f No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.73 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:57.127938986 CEST

8.8.8.8 192.168.2.5 0x288f No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.166 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:57.127938986 CEST

8.8.8.8 192.168.2.5 0x288f No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.8 A (IP address) IN (0x0001)

Oct 23, 2019 16:16:57.127938986 CEST

8.8.8.8 192.168.2.5 0x288f No error (0) dcb3a3q5nenlj.cloudfront.net

54.192.216.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:08.042110920 CEST

8.8.8.8 192.168.2.5 0xf38c No error (0) api.mixpanel.com

107.178.240.159 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:08.042110920 CEST

8.8.8.8 192.168.2.5 0xf38c No error (0) api.mixpanel.com

130.211.34.183 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:08.042110920 CEST

8.8.8.8 192.168.2.5 0xf38c No error (0) api.mixpanel.com

35.186.241.51 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:08.042110920 CEST

8.8.8.8 192.168.2.5 0xf38c No error (0) api.mixpanel.com

35.190.25.25 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:35.815412045 CEST

8.8.8.8 192.168.2.5 0x593c No error (0) sentry.io 35.188.42.15 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:37.362588882 CEST

8.8.8.8 192.168.2.5 0x90b7 No error (0) api.guilded.gg awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:17:37.362588882 CEST

8.8.8.8 192.168.2.5 0x90b7 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

35.165.248.244 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:37.362588882 CEST

8.8.8.8 192.168.2.5 0x90b7 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

54.71.193.49 A (IP address) IN (0x0001)

Oct 23, 2019 16:17:37.362588882 CEST

8.8.8.8 192.168.2.5 0x90b7 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

52.34.144.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:18:52.024199963 CEST

8.8.8.8 192.168.2.5 0xe1d7 No error (0) api.guilded.gg awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:18:52.024199963 CEST

8.8.8.8 192.168.2.5 0xe1d7 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

35.165.248.244 A (IP address) IN (0x0001)

Oct 23, 2019 16:18:52.024199963 CEST

8.8.8.8 192.168.2.5 0xe1d7 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

54.71.193.49 A (IP address) IN (0x0001)

Oct 23, 2019 16:18:52.024199963 CEST

8.8.8.8 192.168.2.5 0xe1d7 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

52.34.144.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:19:52.347657919 CEST

8.8.8.8 192.168.2.5 0xc94b No error (0) api.guilded.gg awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:19:52.347657919 CEST

8.8.8.8 192.168.2.5 0xc94b No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

35.165.248.244 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Copyright Joe Security LLC 2019 Page 53 of 218

Oct 23, 2019 16:19:52.347657919 CEST

8.8.8.8 192.168.2.5 0xc94b No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

52.34.144.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:19:52.347657919 CEST

8.8.8.8 192.168.2.5 0xc94b No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

54.71.193.49 A (IP address) IN (0x0001)

Oct 23, 2019 16:20:52.925328970 CEST

8.8.8.8 192.168.2.5 0x31bb No error (0) api.guilded.gg awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:20:52.925328970 CEST

8.8.8.8 192.168.2.5 0x31bb No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

54.71.193.49 A (IP address) IN (0x0001)

Oct 23, 2019 16:20:52.925328970 CEST

8.8.8.8 192.168.2.5 0x31bb No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

52.34.144.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:20:52.925328970 CEST

8.8.8.8 192.168.2.5 0x31bb No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

35.165.248.244 A (IP address) IN (0x0001)

Oct 23, 2019 16:21:53.234783888 CEST

8.8.8.8 192.168.2.5 0xe8c2 No error (0) api.guilded.gg awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

CNAME (Canonical name)

IN (0x0001)

Oct 23, 2019 16:21:53.234783888 CEST

8.8.8.8 192.168.2.5 0xe8c2 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

52.34.144.145 A (IP address) IN (0x0001)

Oct 23, 2019 16:21:53.234783888 CEST

8.8.8.8 192.168.2.5 0xe8c2 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

35.165.248.244 A (IP address) IN (0x0001)

Oct 23, 2019 16:21:53.234783888 CEST

8.8.8.8 192.168.2.5 0xe8c2 No error (0) awseb-awseb-13xcrckeo29ed-1085730840.us-west-2.elb.amazonaws.com

54.71.193.49 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Oct 23, 2019 16:15:13.050859928 CEST

54.192.216.8 443 192.168.2.5 49720 CN=www.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sun Apr 14 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu May 14 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

HTTPS Packets

Copyright Joe Security LLC 2019 Page 54 of 218

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Oct 23, 2019 16:15:39.212949991 CEST

54.192.216.166 443 192.168.2.5 49721 CN=www.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sun Apr 14 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu May 14 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Oct 23, 2019 16:15:45.241118908 CEST

107.178.240.159 443 192.168.2.5 49722 CN=*.mixpanel.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Thu Jan 11 01:00:00 CET 2018 Mon Nov 06 13:23:33 CET 2017

Fri May 01 14:00:00 CEST 2020 Sat Nov 06 13:23:33 CET 2027

771,4865-4866-4867-49199-49195-49200-49196-52393-52392-49161-49171-49162-49172-156-157-47-53-10,0-23-65281-10-11-35-13-51-45-43,29-23-24,0

dda262729e5413660ec0e6a8d4279860

CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Mon Nov 06 13:23:33 CET 2017

Sat Nov 06 13:23:33 CET 2027

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Copyright Joe Security LLC 2019 Page 55 of 218

Oct 23, 2019 16:15:48.020637035 CEST

35.165.248.244 443 192.168.2.5 49723 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Oct 23, 2019 16:15:48.138765097 CEST

35.165.248.244 443 192.168.2.5 49724 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Oct 23, 2019 16:16:15.853811026 CEST

35.188.42.15 443 192.168.2.5 49725 CN=sentry.io, O="Functional Software, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 24 01:00:00 CET 2017 Fri Mar 08 13:00:00 CET 2013

Sun Jun 21 14:00:00 CEST 2020 Wed Mar 08 13:00:00 CET 2023

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Copyright Joe Security LLC 2019 Page 56 of 218

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 08 13:00:00 CET 2013

Wed Mar 08 13:00:00 CET 2023

Oct 23, 2019 16:16:15.913975954 CEST

35.188.42.15 443 192.168.2.5 49726 CN=sentry.io, O="Functional Software, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 24 01:00:00 CET 2017 Fri Mar 08 13:00:00 CET 2013

Sun Jun 21 14:00:00 CEST 2020 Wed Mar 08 13:00:00 CET 2023

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 08 13:00:00 CET 2013

Wed Mar 08 13:00:00 CET 2023

Oct 23, 2019 16:17:08.091303110 CEST

107.178.240.159 443 192.168.2.5 49731 CN=*.mixpanel.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Thu Jan 11 01:00:00 CET 2018 Mon Nov 06 13:23:33 CET 2017

Fri May 01 14:00:00 CEST 2020 Sat Nov 06 13:23:33 CET 2027

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Mon Nov 06 13:23:33 CET 2017

Sat Nov 06 13:23:33 CET 2027

Oct 23, 2019 16:17:08.225308895 CEST

107.178.240.159 443 192.168.2.5 49732 CN=*.mixpanel.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Thu Jan 11 01:00:00 CET 2018 Mon Nov 06 13:23:33 CET 2017

Fri May 01 14:00:00 CEST 2020 Sat Nov 06 13:23:33 CET 2027

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Mon Nov 06 13:23:33 CET 2017

Sat Nov 06 13:23:33 CET 2027

Oct 23, 2019 16:17:41.008871078 CEST

35.165.248.244 443 192.168.2.5 49736 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Copyright Joe Security LLC 2019 Page 57 of 218

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Oct 23, 2019 16:20:53.310241938 CEST

54.71.193.49 443 192.168.2.5 49764 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Oct 23, 2019 16:20:53.362199068 CEST

54.71.193.49 443 192.168.2.5 49765 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Copyright Joe Security LLC 2019 Page 58 of 218

Oct 23, 2019 16:20:53.407466888 CEST

54.71.193.49 443 192.168.2.5 49766 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Oct 23, 2019 16:21:53.636924982 CEST

52.34.144.145 443 192.168.2.5 49773 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Copyright Joe Security LLC 2019 Page 59 of 218

Code Manipulations

Statistics

Behavior

• Guilded-Win_v_a5162ea0f0da8daef…

• Guilded.exe

• Guilded.exe

• Guilded.exe

• Guilded.exe

• cmd.exe

• conhost.exe

• reg.exe

• Guilded.exe

• cmd.exe

• conhost.exe

• reg.exe

• Guilded.exe

• Guilded.exe

• Guilded.exe

• Guilded.exe

• Guilded.exe

• Guilded.exe

• Guilded.exe

• cmd.exe

• conhost.exe

• reg.exe

• Guilded.exe

Click to jump to process

Oct 23, 2019 16:21:53.736725092 CEST

52.34.144.145 443 192.168.2.5 49774 CN=*.guilded.gg CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Sat May 04 02:00:00 CEST 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Thu Jun 04 14:00:00 CEST 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53-10,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0

66918128f1b9b03303d77c6f2eefd128

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025

CN=Amazon Root CA 1, O=Amazon, C=US

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Copyright Joe Security LLC 2019 Page 60 of 218

System Behavior

File ActivitiesFile Activities

Start time: 16:13:55

Start date: 23/10/2019

Path: C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

Wow64 process (32bit): true

Commandline: 'C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe'

Imagebase: 0x400000

File size: 49897360 bytes

MD5 hash: 2B957878EF2B321086B0D4F520EA4383

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\ read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 40587A CreateDirectoryW

C:\Users\user\AppData\Local\Temp\nsb93B3.tmp read attributes | synchronize | generic read

normal synchronous io non alert | non directory file

success or wait 1 405E1E GetTempFileNameW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp read attributes | synchronize | generic read

normal synchronous io non alert | non directory file

success or wait 1 405E1E GetTempFileNameW

C:\Users read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 40587A CreateDirectoryW

C:\Users\user read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 40587A CreateDirectoryW

C:\Users\user\AppData read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 40587A CreateDirectoryW

C:\Users\user\AppData\Local read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 40587A CreateDirectoryW

C:\Users\user\AppData\Local\Temp read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 40587A CreateDirectoryW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 40583A CreateDirectoryW

Analysis Process: Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe PID: 3336Analysis Process: Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe PID: 3336Parent PID: 4416Parent PID: 4416

General

File CreatedFile Created

Copyright Joe Security LLC 2019 Page 61 of 218

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dll read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dll read attributes | synchronize | generic write

archive synchronous io non alert | non directory file

object name collision 4 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dll read attributes | synchronize | generic write

archive synchronous io non alert | non directory file

object name collision 8 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\StdUtils.dll read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\SpiderBanner.dll read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dll read attributes | synchronize | generic write

archive synchronous io non alert | non directory file

object name collision 124 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\StdUtils.dll read attributes | synchronize | generic write

archive synchronous io non alert | non directory file

object name collision 5 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsProcess.dll read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 40587A CreateDirectoryW

C:\Users\user read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 40587A CreateDirectoryW

C:\Users\user\AppData read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 40587A CreateDirectoryW

C:\Users\user\AppData\Local read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 40587A CreateDirectoryW

C:\Users\user\AppData\Local\Programs read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 40587A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 40587A CreateDirectoryW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsis7z.dll read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 62 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 49 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 48 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 47 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 35 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\.github

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 30 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 63 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 64 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 65 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 66 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\.vuepress

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\src

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 67 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 10 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 7 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 4 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 3 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\MacOS

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 68 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\LICENSE.electron.txt read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\LICENSES.chromium.html

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\chrome_100_percent.pak

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\chrome_200_percent.pak

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\icudtl.dat read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 53 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\locales\am.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ar.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\bg.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\bn.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ca.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\cs.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\da.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\de.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\el.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\en-GB.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\en-US.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\es-419.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\es.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 69 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\et.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\fa.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\fi.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\fil.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\fr.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\gu.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\he.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\hi.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\hr.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\hu.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\id.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\it.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ja.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\kn.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ko.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\lt.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\lv.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ml.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\mr.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ms.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\nb.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\nl.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\pl.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\pt-BR.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\pt-PT.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ro.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 70 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\ru.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\sk.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\sl.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\sr.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\sv.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\sw.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\ta.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\te.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\th.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\tr.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\uk.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\vi.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\zh-CN.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\locales\zh-TW.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\natives_blob.bin read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources.pak read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 49 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app-update.yml

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 46 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 46 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 29 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 71 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\.github

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\.github\ISSUE_TEMPLATE.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\.github\PULL_REQUEST_TEMPLATE.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\CMakeLists.txt

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\LICENSE

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\_config.yml

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\build.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 10 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 72 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 73 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 74 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build\Release\iohook.node

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\deploy-docs.sh

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 8 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\.vuepress

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\.vuepress\config.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\.vuepress\override.styl

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\README.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\faq.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\installation.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\manual-build.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\os-support.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\usage.md

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\index.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\install.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\package.json

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\src

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\src\iohook.h

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 17 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\.prettierrc

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\LICENSE

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\index.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 75 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib\checkGrowl.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib\utils.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 5 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\balloon.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\growl.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notificationcenter.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notifysend.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\toaster.js

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\package.json

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 6 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 6 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 6 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Info.plist

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\PkgInfo

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 4 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\Terminal.icns

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 3 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj\Credits.rtf

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 76 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj\InfoPlist.strings

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj\MainMenu.nib

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\snapshot_blob.bin read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\v8_context_snapshot.bin

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\d3dcompiler_47.dll read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\ffmpeg.dll read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\libEGL.dll read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\libGLESv2.dll read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 6 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 5 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 5 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 4 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 4 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build\Release\uiohook.dll

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 77 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build\Release\uiohook.dll

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build\Release\uiohook.dll

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build\Release

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build\Release\uiohook.dll

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 3 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 3 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 3 6D6E051A CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 78 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 3 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 3 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu.exe

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu64.exe

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\MacOS

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\MacOS\terminal-notifier

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\resources\elevate.exe read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 2 6D6E051A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libEGL.dll read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libGLESv2.dll

read attributes | synchronize | generic write

normal synchronous io non alert | non directory file

success or wait 1 6D6E0FD9 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 79 of 218

C:\Users\user\AppData\Local\guilded-updater read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 40587A CreateDirectoryW

C:\Users\user\AppData\Local\Programs\Guilded\Uninstall Guilded.exe read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\WinShell.dll read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\WinShell.dll read attributes | synchronize | generic write

archive synchronous io non alert | non directory file

object name collision 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dll read attributes | synchronize | generic write

archive synchronous io non alert | non directory file

object name collision 1 405DDC CreateFileW

C:\Users\user\AppData\Local\Programs\Guilded\installer_user_data.dat read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 405DDC CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\nsb93B3.tmp success or wait 1 40363E DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp success or wait 1 4059FB DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z success or wait 1 4059AD DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsis7z.dll success or wait 1 4059AD DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsProcess.dll cannot delete 1 4059AD DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\SpiderBanner.dll success or wait 1 4059AD DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\StdUtils.dll success or wait 1 4059AD DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dll success or wait 1 4059AD DeleteFileW

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\WinShell.dll success or wait 1 4059AD DeleteFileW

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\System.dll unknown 11776 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 71 72 2a 92 35 13 44 c1 35 13 44 c1 35 13 44 c1 b6 0f 4a c1 32 13 44 c1 35 13 45 c1 21 13 44 c1 f6 1c 19 c1 32 13 44 c1 61 30 74 c1 31 13 44 c1 56 31 6e c1 34 13 44 c1 ca 33 40 c1 34 13 44 c1 52 69 63 68 35 13 44 c1 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 15 ed 6f 5a 00 00 00 00 00 00 00 00 e0 00 2e 21 0b 01 06 00 00 20 00 00 00 0a 00 00 00 00 00 00 97 29 00 00 00 10 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).....

success or wait 1 405E7C WriteFile

File DeletedFile Deleted

File WrittenFile Written

Copyright Joe Security LLC 2019 Page 80 of 218

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\StdUtils.dll unknown 32768 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c4 a7 71 10 80 c6 1f 43 80 c6 1f 43 80 c6 1f 43 89 be 8c 43 90 c6 1f 43 80 c6 1e 43 ea c6 1f 43 ef d9 1b 43 83 c6 1f 43 03 da 11 43 84 c6 1f 43 89 be 9c 43 83 c6 1f 43 9b 5b b0 43 99 c6 1f 43 9b 5b 84 43 81 c6 1f 43 9b 5b 85 43 81 c6 1f 43 9b 5b 82 43 81 c6 1f 43 52 69 63 68 80 c6 1f 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L..

success or wait 5 405E7C WriteFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\SpiderBanner.dll

unknown 9216 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e1 4e 84 84 a5 2f ea d7 a5 2f ea d7 a5 2f ea d7 ac 57 79 d7 a2 2f ea d7 a5 2f eb d7 94 2f ea d7 f1 0c da d7 a4 2f ea d7 ac 57 69 d7 a7 2f ea d7 ac 57 78 d7 a4 2f ea d7 ac 57 7e d7 a4 2f ea d7 ac 57 7b d7 a4 2f ea d7 52 69 63 68 a5 2f ea d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 54 7b 6d 57 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 09 00 00 14 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../.../.../...Wy../.../.../......./...Wi../...Wx../...W~../...W{../..Rich./..................PE..L...T{mW...........!.......

success or wait 1 405E7C WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 81 of 218

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsProcess.dll unknown 4608 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0d da 73 cf 49 bb 1d 9c 49 bb 1d 9c 49 bb 1d 9c 6e 7d 66 9c 4c bb 1d 9c 49 bb 1c 9c 50 bb 1d 9c 40 c3 9e 9c 4b bb 1d 9c 40 c3 8f 9c 48 bb 1d 9c 40 c3 8c 9c 48 bb 1d 9c 52 69 63 68 49 bb 1d 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5c 87 09 4e 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 09 00 00 06 00 00 00 08 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@...K...@...H...@...H...RichI...........................PE..L...\..N...........!...............

success or wait 1 405E7C WriteFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 32768 37 7a bc af 27 1c 00 04 91 9e 0f a0 1e fa f0 02 00 00 00 00 26 00 00 00 00 00 00 00 9d 4d 27 9f e0 04 23 02 99 5d 00 21 9b ca 07 c9 77 95 66 0f 19 b0 92 7d bc 25 f4 1b 73 44 d8 29 11 18 42 f2 5e 59 17 8f 8b d9 8a 45 88 8f d2 8b 55 ae eb b8 20 c2 73 3b ff 55 2d bd 29 bf d0 23 27 eb 84 e9 9c 90 5f 79 80 a4 3e 7d 0f ef 0a c9 4b 44 5b 43 2b 65 94 f9 eb a9 7d 2c ea ec 28 28 3d 04 14 d7 f2 fd 09 db 6e d9 71 e7 bf 15 b2 5e 65 d9 75 e6 c5 7c c7 37 65 c7 f4 33 4b 31 a8 08 58 ce 4c 0d e2 26 74 1f 3a f4 1c ee 14 da 05 86 92 c4 74 d8 d0 08 f8 80 24 4f c1 42 18 77 78 46 aa b9 15 7a 9a d7 c6 82 77 5d 81 66 60 13 b6 ab c4 6a d0 b0 7d 06 15 a4 bf e1 ac 0a d8 0e 81 57 a3 b4 89 92 a3 6b 64 d5 dc ac b4 99 51 7a 5f 62 98 04 e4 29 5f 4d 33 be 72 91 36 fe 57 01 4a f8 e1 22 ed

7z..'...............&........M'...#..].!....w.f....}.%..sD.)..B.^Y.....E....U... .s;.U-.)..#'....._y..>}....KD[C+e....},..((=.......n.q....^e.u..|.7e..3K1..X.L..&t.:.........t.....$O.B.wxF...z....w].f`....j..}..........W.....kd.....Qz_b...)_M3.r.6.W.J..".

success or wait 1506 405E7C WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 82 of 218

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsis7z.dll unknown 23640 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4c 9d 36 61 08 fc 58 32 08 fc 58 32 08 fc 58 32 6d 9a 5b 33 04 fc 58 32 6d 9a 5d 33 90 fc 58 32 5a 94 5d 33 2b fc 58 32 5a 94 5c 33 18 fc 58 32 5a 94 5b 33 1c fc 58 32 6d 9a 5c 33 1b fc 58 32 6d 9a 59 33 07 fc 58 32 08 fc 59 32 b6 fc 58 32 9a 95 5c 33 23 fc 58 32 9a 95 5d 33 8b fc 58 32 9a 95 58 33 09 fc 58 32 9a 95 a7 32 09 fc 58 32 08 fc cf 32 09 fc 58 32 9a 95 5a 33 09 fc 58

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X

success or wait 17 405E7C WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\LICENSE.electron.txt

unknown 1060 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 33 2d 32 30 31 39 20 47 69 74 48 75 62 20 49 6e 63 2e 0a 0a 50 65 72 6d 69 73 73 69 6f 6e 20 69 73 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 2c 20 66 72 65 65 20 6f 66 20 63 68 61 72 67 65 2c 20 74 6f 20 61 6e 79 20 70 65 72 73 6f 6e 20 6f 62 74 61 69 6e 69 6e 67 0a 61 20 63 6f 70 79 20 6f 66 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 61 6e 64 20 61 73 73 6f 63 69 61 74 65 64 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 69 6c 65 73 20 28 74 68 65 0a 22 53 6f 66 74 77 61 72 65 22 29 2c 20 74 6f 20 64 65 61 6c 20 69 6e 20 74 68 65 20 53 6f 66 74 77 61 72 65 20 77 69 74 68 6f 75 74 20 72 65 73 74 72 69 63 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 0a 77 69 74 68 6f 75 74 20 6c 69 6d 69 74 61 74 69

Copyright (c) 2013-2019 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitati

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 83 of 218

C:\Users\user\AppData\Local\Programs\Guilded\LICENSES.chromium.html

unknown 1048576 3c 21 2d 2d 20 47 65 6e 65 72 61 74 65 64 20 62 79 20 6c 69 63 65 6e 73 65 73 2e 70 79 3b 20 64 6f 20 6e 6f 74 20 65 64 69 74 2e 20 2d 2d 3e 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e 43 72 65 64 69 74 73 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 68 72 6f 6d 65 3a 2f 2f 72 65 73 6f 75 72 63 65 73 2f 63 73 73 2f 74 65 78 74 5f 64 65 66 61 75 6c 74 73 2e 63 73 73 22 3e 0d 0a 3c

Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<

success or wait 4 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\chrome_100_percent.pak

unknown 146043 05 00 00 00 01 00 00 00 c9 00 1a 00 18 01 30 05 00 00 f8 43 8e 06 00 00 f9 43 54 08 00 00 fa 43 b6 0b 00 00 fb 43 41 0e 00 00 fc 43 d3 0f 00 00 fd 43 7e 10 00 00 fe 43 8b 13 00 00 ff 43 32 16 00 00 00 44 2c 18 00 00 01 44 67 1b 00 00 07 44 d1 1d 00 00 08 44 7b 1f 00 00 0a 44 b6 20 00 00 0c 44 dd 21 00 00 0d 44 8f 23 00 00 14 44 2a 24 00 00 15 44 88 2d 00 00 38 63 b7 2f 00 00 39 63 d8 30 00 00 3a 63 98 32 00 00 3b 63 80 35 00 00 3c 63 79 38 00 00 3d 63 10 3a 00 00 3e 63 a8 3b 00 00 00 64 72 3f 00 00 01 64 fa 43 00 00 02 64 0c 45 00 00 03 64 d5 45 00 00 04 64 66 47 00 00 05 64 bb 48 00 00 06 64 ae 49 00 00 07 64 50 4a 00 00 64 64 f2 4a 00 00 65 64 84 a7 00 00 66 64 dd e7 00 00 67 64 31 ee 00 00 78 69 06 f1 00 00 79 69 0b f3 00 00 7a 69 41 fc 00 00 7b 69 3e

..............0....C.....CT...

.C.....CA....C.....C~....C....

.C2....D,....Dg....D.....D{...

.D. ...D.!...D.#...D*$...D.-..8c./..9c.0..:c.2..;c.5..<cy8..=c.:..>c.;...dr?...d.C...d.E...d.E...dfG...d.H...d.I...dPJ..dd.J..ed....fd....gd1...xi....yi....ziA...{i>

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 84 of 218

C:\Users\user\AppData\Local\Programs\Guilded\chrome_200_percent.pak

unknown 209245 05 00 00 00 01 00 00 00 cc 00 17 00 18 01 36 05 00 00 f8 43 8f 07 00 00 f9 43 9e 0b 00 00 fa 43 82 13 00 00 fb 43 47 19 00 00 fc 43 85 1c 00 00 fd 43 80 1d 00 00 fe 43 3e 24 00 00 ff 43 7a 29 00 00 00 44 8a 2c 00 00 01 44 fa 33 00 00 07 44 37 38 00 00 08 44 8f 3a 00 00 0a 44 1d 3c 00 00 0c 44 a1 3d 00 00 0d 44 f1 40 00 00 14 44 9b 41 00 00 15 44 14 56 00 00 38 63 49 5b 00 00 39 63 3e 5f 00 00 3a 63 68 62 00 00 3b 63 5c 65 00 00 3c 63 61 68 00 00 3d 63 04 6a 00 00 3e 63 a8 6b 00 00 00 64 7e 6f 00 00 01 64 06 74 00 00 02 64 18 75 00 00 03 64 e1 75 00 00 04 64 72 77 00 00 05 64 c7 78 00 00 06 64 ba 79 00 00 07 64 5c 7a 00 00 64 64 fe 7a 00 00 65 64 90 d7 00 00 66 64 e9 17 01 00 67 64 3d 1e 01 00 78 69 12 21 01 00 79 69 b5 25 01 00 7a 69 f7 2e 01 00 7b 69 00

..............6....C.....C....

.C.....CG....C.....C.....C>$..

.Cz)...D.,...D.3...D78...D.:..

.D.<...D.=...D.@...D.A...D.V..8cI[..9c>_..:chb..;c\e..<cah..=c.j..>c.k...d~o...d.t...d.u...d.u...drw...d.x...d.y...d\z..dd.z..ed....fd....gd=...xi.!..yi.%..zi....{i.

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\icudtl.dat unknown 1048576 90 00 da 27 14 00 00 00 00 00 02 00 43 6d 6e 44 01 00 00 00 03 00 00 00 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 31 36 20 61 6e 64 20 6c 61 74 65 72 3a 20 55 6e 69 63 6f 64 65 2c 20 49 6e 63 2e 20 61 6e 64 20 6f 74 68 65 72 73 2e 20 4c 69 63 65 6e 73 65 20 26 20 74 65 72 6d 73 20 6f 66 20 75 73 65 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 75 6e 69 63 6f 64 65 2e 6f 72 67 2f 63 6f 70 79 72 69 67 68 74 2e 68 74 6d 6c 20 00 2e 05 00 00 74 29 00 00 c0 9b 00 00 84 29 00 00 10 9c 00 00 94 29 00 00 60 9c 00 00 a4 29 00 00 60 c4 00 00 b4 29 00 00 c0 c4 00 00 c4 29 00 00 60 0b 01 00 d8 29 00 00 b0 0b 01 00 eb 29 00 00 e0 0c 01 00 fe 29 00 00 70 0d 01 00 11 2a 00 00 d0 0d 01 00 24 2a 00 00 a0 0f 01 00 37 2a 00 00 30 10 01 00 4a 2a 00 00 90 10 01 00 5d 2a 00

...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .....t).......).......)..`....)..`....).......)..`....).......).......)..p....*......$*......7*..0...J*......]*.

success or wait 4 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 85 of 218

C:\Users\user\AppData\Local\Programs\Guilded\icudtl.dat unknown 1048576 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 70 00 58 00 30 00 30 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 50 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30

p.p.p.p.p.p.p.p.p.p.p.p.p.p.p.p.p.X.0.0.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.P.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0

success or wait 6 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\am.pak unknown 118447 05 00 00 00 01 00 00 00 61 06 b8 00 7c 00 38 29 00 00 7d 00 47 29 00 00 7e 00 52 29 00 00 80 00 5a 29 00 00 81 00 5f 29 00 00 82 00 6c 29 00 00 83 00 72 29 00 00 84 00 81 29 00 00 85 00 92 29 00 00 86 00 9b 29 00 00 88 00 b0 29 00 00 89 00 bd 29 00 00 8b 00 c3 29 00 00 8c 00 d2 29 00 00 8e 00 d8 29 00 00 8f 00 ea 29 00 00 91 00 f2 29 00 00 92 00 f7 29 00 00 94 00 ff 29 00 00 9d 00 07 2a 00 00 9e 00 0f 2a 00 00 9f 00 16 2a 00 00 a0 00 1d 2a 00 00 a3 00 24 2a 00 00 a4 00 25 2a 00 00 a6 00 26 2a 00 00 a7 00 42 2a 00 00 a8 00 58 2a 00 00 b1 00 87 2a 00 00 b4 00 a6 2a 00 00 b5 00 c5 2a 00 00 b6 00 d1 2a 00 00 b7 00 da 2a 00 00 b8 00 f6 2a 00 00 bc 00 fc 2a 00 00 bd 00 03 2b 00 00 be 00 06 2b 00 00 bf 00 07 2b 00 00 c0 00 0e 2b 00 00 c2 00 25 2b 00 00 c5 00 31

........a...|.8)..}.G)..~.R)..

..Z)...._)....l)....r).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....*.....*.....*.....*..

..$*....%*....&*....B*....X*..

...*.....*.....*.....*.....*..

...*.....*.....+.....+.....+..

...+....%+....1

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 86 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\ar.pak unknown 118886 05 00 00 00 01 00 00 00 5d 06 bc 00 7c 00 30 29 00 00 7d 00 3f 29 00 00 7e 00 4a 29 00 00 80 00 52 29 00 00 81 00 57 29 00 00 82 00 64 29 00 00 83 00 6a 29 00 00 84 00 79 29 00 00 85 00 8a 29 00 00 86 00 93 29 00 00 88 00 a8 29 00 00 89 00 b5 29 00 00 8b 00 bb 29 00 00 8c 00 ca 29 00 00 8e 00 d0 29 00 00 8f 00 e2 29 00 00 91 00 ea 29 00 00 92 00 ef 29 00 00 94 00 f7 29 00 00 9d 00 ff 29 00 00 9e 00 07 2a 00 00 9f 00 0e 2a 00 00 a0 00 15 2a 00 00 a3 00 1c 2a 00 00 a6 00 1e 2a 00 00 a7 00 37 2a 00 00 a8 00 54 2a 00 00 b1 00 8b 2a 00 00 b4 00 a4 2a 00 00 b5 00 d6 2a 00 00 b6 00 e0 2a 00 00 b7 00 ea 2a 00 00 b8 00 f8 2a 00 00 bc 00 02 2b 00 00 bd 00 09 2b 00 00 bf 00 0c 2b 00 00 c0 00 13 2b 00 00 c2 00 29 2b 00 00 c5 00 49 2b 00 00 ce 00 5c 2b 00 00 dc 00 7c

........]...|.0)..}.?)..~.J)..

..R)....W)....d)....j)....y)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*....7*....T*.....*..

...*.....*.....*.....*.....*..

...+.....+.....+.....+....)+..

..I+....\+....|

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\bg.pak unknown 128457 05 00 00 00 01 00 00 00 6b 06 ae 00 7c 00 4c 29 00 00 7d 00 5b 29 00 00 7e 00 66 29 00 00 80 00 6e 29 00 00 81 00 73 29 00 00 82 00 80 29 00 00 83 00 86 29 00 00 84 00 95 29 00 00 85 00 a6 29 00 00 86 00 af 29 00 00 88 00 c4 29 00 00 89 00 d1 29 00 00 8b 00 d7 29 00 00 8c 00 e6 29 00 00 8e 00 ec 29 00 00 8f 00 fe 29 00 00 91 00 06 2a 00 00 92 00 0b 2a 00 00 94 00 13 2a 00 00 9d 00 1b 2a 00 00 9e 00 23 2a 00 00 9f 00 2a 2a 00 00 a0 00 31 2a 00 00 a3 00 38 2a 00 00 a4 00 39 2a 00 00 a6 00 3a 2a 00 00 a7 00 5c 2a 00 00 a8 00 75 2a 00 00 b1 00 92 2a 00 00 b4 00 d5 2a 00 00 b5 00 fa 2a 00 00 b6 00 0e 2b 00 00 b7 00 24 2b 00 00 b8 00 40 2b 00 00 bc 00 52 2b 00 00 bd 00 59 2b 00 00 be 00 5c 2b 00 00 bf 00 5d 2b 00 00 c0 00 6e 2b 00 00 c2 00 91 2b 00 00 c5 00 9b

........k...|.L)..}.[)..~.f)..

..n)....s).....).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

...*.....*....#*....**....1*..

..8*....9*....:*....\*....u*..

...*.....*.....*.....+....$+..

..@+....R+....Y+....\+....]+..

..n+.....+.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 87 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\bn.pak unknown 167927 05 00 00 00 01 00 00 00 5c 06 bd 00 7c 00 2e 29 00 00 7d 00 3d 29 00 00 7e 00 48 29 00 00 80 00 50 29 00 00 81 00 56 29 00 00 82 00 63 29 00 00 83 00 69 29 00 00 84 00 78 29 00 00 85 00 89 29 00 00 86 00 92 29 00 00 88 00 a7 29 00 00 89 00 b4 29 00 00 8b 00 ba 29 00 00 8c 00 c9 29 00 00 8e 00 cf 29 00 00 8f 00 e1 29 00 00 91 00 e9 29 00 00 92 00 ee 29 00 00 94 00 f6 29 00 00 98 00 fe 29 00 00 9d 00 03 2a 00 00 9e 00 0b 2a 00 00 9f 00 12 2a 00 00 a0 00 19 2a 00 00 a3 00 20 2a 00 00 a4 00 21 2a 00 00 a6 00 22 2a 00 00 a7 00 47 2a 00 00 a8 00 6c 2a 00 00 b1 00 97 2a 00 00 b4 00 bf 2a 00 00 b5 00 fc 2a 00 00 b6 00 12 2b 00 00 b7 00 25 2b 00 00 b8 00 50 2b 00 00 bd 00 5c 2b 00 00 be 00 5f 2b 00 00 bf 00 60 2b 00 00 c0 00 77 2b 00 00 c2 00 98 2b 00 00 c5 00 a7

........\...|..)..}.=)..~.H)..

..P)....V)....c)....i)....x)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*.....*.... *....!*...."*....G*....l*.....*.....*.....*.....+....%+....P+....\+...._+....`+....w+.....+.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\ca.pak unknown 84183 05 00 00 00 01 00 00 00 67 06 b2 00 7c 00 44 29 00 00 7d 00 53 29 00 00 7e 00 5e 29 00 00 80 00 66 29 00 00 81 00 6b 29 00 00 82 00 78 29 00 00 83 00 7e 29 00 00 84 00 8d 29 00 00 85 00 9e 29 00 00 86 00 a7 29 00 00 88 00 bc 29 00 00 89 00 c9 29 00 00 8b 00 cf 29 00 00 8c 00 de 29 00 00 8e 00 e4 29 00 00 8f 00 f6 29 00 00 91 00 fe 29 00 00 92 00 03 2a 00 00 94 00 0b 2a 00 00 9d 00 13 2a 00 00 9e 00 1b 2a 00 00 9f 00 22 2a 00 00 a0 00 29 2a 00 00 a3 00 30 2a 00 00 a4 00 31 2a 00 00 a6 00 32 2a 00 00 a7 00 4c 2a 00 00 a8 00 65 2a 00 00 b1 00 85 2a 00 00 b4 00 a0 2a 00 00 b5 00 be 2a 00 00 b6 00 c7 2a 00 00 b7 00 d0 2a 00 00 b8 00 d8 2a 00 00 bc 00 dd 2a 00 00 bd 00 e4 2a 00 00 be 00 e7 2a 00 00 bf 00 e8 2a 00 00 c0 00 ee 2a 00 00 c2 00 00 2b 00 00 c5 00 06

........g...|.D)..}.S)..~.^)..

..f)....k)....x)....~).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*.....*.....*...."*....)*..

..0*....1*....2*....L*....e*..

...*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....+.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 88 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\cs.pak unknown 85792 05 00 00 00 01 00 00 00 65 06 b4 00 7c 00 40 29 00 00 7d 00 4f 29 00 00 7e 00 5a 29 00 00 80 00 62 29 00 00 81 00 67 29 00 00 82 00 74 29 00 00 83 00 7a 29 00 00 84 00 89 29 00 00 85 00 9a 29 00 00 86 00 a3 29 00 00 88 00 b8 29 00 00 89 00 c5 29 00 00 8b 00 cb 29 00 00 8c 00 da 29 00 00 8e 00 e0 29 00 00 8f 00 f2 29 00 00 91 00 fa 29 00 00 92 00 ff 29 00 00 94 00 07 2a 00 00 9d 00 0f 2a 00 00 9e 00 17 2a 00 00 9f 00 1e 2a 00 00 a0 00 25 2a 00 00 a3 00 2c 2a 00 00 a4 00 2d 2a 00 00 a6 00 2e 2a 00 00 a7 00 3e 2a 00 00 a8 00 50 2a 00 00 b1 00 62 2a 00 00 b4 00 7b 2a 00 00 b5 00 90 2a 00 00 b6 00 9d 2a 00 00 b7 00 aa 2a 00 00 b8 00 b1 2a 00 00 bc 00 b9 2a 00 00 bd 00 c0 2a 00 00 be 00 c3 2a 00 00 bf 00 c4 2a 00 00 c0 00 cf 2a 00 00 c2 00 db 2a 00 00 c5 00 e0

........e...|.@)..}.O)..~.Z)..

..b)....g)....t)....z).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....%*..

..,*....-*.....*....>*....P*..

..b*....{*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\da.pak unknown 77846 05 00 00 00 01 00 00 00 6b 06 ae 00 7c 00 4c 29 00 00 7d 00 5b 29 00 00 7e 00 66 29 00 00 80 00 6e 29 00 00 81 00 73 29 00 00 82 00 80 29 00 00 83 00 86 29 00 00 84 00 95 29 00 00 85 00 a6 29 00 00 86 00 af 29 00 00 88 00 c4 29 00 00 89 00 d1 29 00 00 8b 00 d7 29 00 00 8c 00 e6 29 00 00 8e 00 ec 29 00 00 8f 00 fe 29 00 00 91 00 06 2a 00 00 92 00 0b 2a 00 00 94 00 13 2a 00 00 9d 00 1b 2a 00 00 9e 00 23 2a 00 00 9f 00 2a 2a 00 00 a0 00 31 2a 00 00 a3 00 38 2a 00 00 a4 00 39 2a 00 00 a6 00 3a 2a 00 00 a7 00 48 2a 00 00 a8 00 58 2a 00 00 b1 00 6c 2a 00 00 b4 00 7b 2a 00 00 b5 00 94 2a 00 00 b6 00 9b 2a 00 00 b7 00 a4 2a 00 00 b8 00 aa 2a 00 00 bc 00 ad 2a 00 00 bd 00 b4 2a 00 00 be 00 b7 2a 00 00 bf 00 b8 2a 00 00 c0 00 bf 2a 00 00 c2 00 ca 2a 00 00 c5 00 d1

........k...|.L)..}.[)..~.f)..

..n)....s).....).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

...*.....*....#*....**....1*..

..8*....9*....:*....H*....X*..

..l*....{*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 89 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\de.pak unknown 83578 05 00 00 00 01 00 00 00 5a 06 bf 00 7c 00 2a 29 00 00 7d 00 39 29 00 00 7e 00 44 29 00 00 80 00 4c 29 00 00 81 00 51 29 00 00 82 00 5e 29 00 00 83 00 64 29 00 00 84 00 73 29 00 00 85 00 84 29 00 00 86 00 8d 29 00 00 88 00 a2 29 00 00 89 00 af 29 00 00 8b 00 b5 29 00 00 8c 00 c4 29 00 00 8e 00 ca 29 00 00 8f 00 dc 29 00 00 91 00 e4 29 00 00 92 00 e9 29 00 00 94 00 f1 29 00 00 9d 00 f9 29 00 00 9e 00 01 2a 00 00 9f 00 08 2a 00 00 a0 00 0f 2a 00 00 a3 00 16 2a 00 00 a4 00 17 2a 00 00 a6 00 18 2a 00 00 a7 00 29 2a 00 00 a8 00 3c 2a 00 00 b1 00 4e 2a 00 00 b4 00 5e 2a 00 00 b5 00 74 2a 00 00 b6 00 7f 2a 00 00 b7 00 8b 2a 00 00 b8 00 9b 2a 00 00 bc 00 a5 2a 00 00 bd 00 ac 2a 00 00 be 00 af 2a 00 00 bf 00 b0 2a 00 00 c0 00 b9 2a 00 00 c2 00 ca 2a 00 00 c5 00 d1

........Z...|.*)..}.9)..~.D)..

..L)....Q)....^)....d)....s)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....)*....<*..

..N*....^*....t*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\el.pak unknown 143731 05 00 00 00 01 00 00 00 5c 06 bd 00 7c 00 2e 29 00 00 7d 00 3d 29 00 00 7e 00 48 29 00 00 80 00 50 29 00 00 81 00 55 29 00 00 82 00 62 29 00 00 83 00 68 29 00 00 84 00 77 29 00 00 85 00 88 29 00 00 86 00 91 29 00 00 88 00 a6 29 00 00 89 00 b3 29 00 00 8b 00 b9 29 00 00 8c 00 c8 29 00 00 8e 00 ce 29 00 00 8f 00 e0 29 00 00 91 00 e8 29 00 00 92 00 ed 29 00 00 94 00 f5 29 00 00 9d 00 fd 29 00 00 9e 00 05 2a 00 00 9f 00 0c 2a 00 00 a0 00 13 2a 00 00 a3 00 1a 2a 00 00 a4 00 1b 2a 00 00 a6 00 1c 2a 00 00 a7 00 43 2a 00 00 a8 00 68 2a 00 00 b1 00 a2 2a 00 00 b4 00 cb 2a 00 00 b5 00 04 2b 00 00 b6 00 20 2b 00 00 b7 00 3a 2b 00 00 b8 00 4c 2b 00 00 bc 00 5c 2b 00 00 bd 00 63 2b 00 00 be 00 66 2b 00 00 bf 00 67 2b 00 00 c0 00 7a 2b 00 00 c2 00 92 2b 00 00 c5 00 9a

........\...|..)..}.=)..~.H)..

..P)....U)....b)....h)....w)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....C*....h*..

...*.....*.....+.... +....:+..

..L+....\+....c+....f+....g+..

..z+.....+.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 90 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\en-GB.pak

unknown 69968 05 00 00 00 01 00 00 00 73 06 a6 00 7c 00 5c 29 00 00 7d 00 6b 29 00 00 7e 00 76 29 00 00 80 00 7e 29 00 00 81 00 83 29 00 00 82 00 90 29 00 00 83 00 96 29 00 00 84 00 a5 29 00 00 85 00 b6 29 00 00 86 00 bf 29 00 00 88 00 d4 29 00 00 89 00 e1 29 00 00 8b 00 e7 29 00 00 8c 00 f6 29 00 00 8e 00 fc 29 00 00 8f 00 0e 2a 00 00 91 00 16 2a 00 00 92 00 1b 2a 00 00 94 00 23 2a 00 00 9d 00 2b 2a 00 00 9e 00 33 2a 00 00 9f 00 3a 2a 00 00 a0 00 41 2a 00 00 a3 00 48 2a 00 00 a4 00 49 2a 00 00 a6 00 4a 2a 00 00 a7 00 57 2a 00 00 a8 00 66 2a 00 00 b1 00 76 2a 00 00 b4 00 85 2a 00 00 b5 00 96 2a 00 00 b6 00 9e 2a 00 00 b7 00 a6 2a 00 00 b8 00 ad 2a 00 00 bc 00 b2 2a 00 00 bd 00 b9 2a 00 00 be 00 bc 2a 00 00 bf 00 bd 2a 00 00 c0 00 c2 2a 00 00 c2 00 cd 2a 00 00 c5 00 d1

........s...|.\)..}.k)..~.v)..

..~).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

..#*....+*....3*....:*....A*..

..H*....I*....J*....W*....f*..

..v*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\en-US.pak

unknown 70681 05 00 00 00 01 00 00 00 79 06 a0 00 7c 00 68 29 00 00 7d 00 77 29 00 00 7e 00 82 29 00 00 80 00 8a 29 00 00 81 00 8f 29 00 00 82 00 9c 29 00 00 83 00 a2 29 00 00 84 00 b1 29 00 00 85 00 c2 29 00 00 86 00 cb 29 00 00 88 00 e0 29 00 00 89 00 ed 29 00 00 8b 00 f3 29 00 00 8c 00 02 2a 00 00 8e 00 08 2a 00 00 8f 00 1a 2a 00 00 91 00 22 2a 00 00 92 00 27 2a 00 00 94 00 2f 2a 00 00 9d 00 37 2a 00 00 9e 00 3f 2a 00 00 9f 00 46 2a 00 00 a0 00 4d 2a 00 00 a3 00 54 2a 00 00 a4 00 55 2a 00 00 a6 00 56 2a 00 00 a7 00 63 2a 00 00 a8 00 72 2a 00 00 b1 00 82 2a 00 00 b4 00 91 2a 00 00 b5 00 a2 2a 00 00 b6 00 aa 2a 00 00 b7 00 b2 2a 00 00 b8 00 b9 2a 00 00 bc 00 be 2a 00 00 bd 00 c5 2a 00 00 be 00 c8 2a 00 00 bf 00 c9 2a 00 00 c0 00 ce 2a 00 00 c2 00 d9 2a 00 00 c5 00 dd

........y...|.h)..}.w)..~..)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*...."*....'*..

../*....7*....?*....F*....M*..

..T*....U*....V*....c*....r*..

...*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 91 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\es-419.pak

unknown 82050 05 00 00 00 01 00 00 00 66 06 b3 00 7c 00 42 29 00 00 7d 00 51 29 00 00 7e 00 5c 29 00 00 80 00 64 29 00 00 81 00 69 29 00 00 82 00 76 29 00 00 83 00 7c 29 00 00 84 00 8b 29 00 00 85 00 9c 29 00 00 86 00 a5 29 00 00 88 00 ba 29 00 00 89 00 c7 29 00 00 8b 00 cd 29 00 00 8c 00 dc 29 00 00 8e 00 e2 29 00 00 8f 00 f4 29 00 00 91 00 fc 29 00 00 92 00 01 2a 00 00 94 00 09 2a 00 00 9d 00 11 2a 00 00 9e 00 19 2a 00 00 9f 00 20 2a 00 00 a0 00 27 2a 00 00 a3 00 2e 2a 00 00 a4 00 2f 2a 00 00 a6 00 30 2a 00 00 a7 00 42 2a 00 00 a8 00 51 2a 00 00 b1 00 66 2a 00 00 b4 00 80 2a 00 00 b5 00 97 2a 00 00 b6 00 a0 2a 00 00 b7 00 a9 2a 00 00 b8 00 b2 2a 00 00 bc 00 b8 2a 00 00 bd 00 bf 2a 00 00 be 00 c2 2a 00 00 bf 00 c3 2a 00 00 c0 00 ca 2a 00 00 c2 00 db 2a 00 00 c5 00 e1

........f...|.B)..}.Q)..~.\)..

..d)....i)....v)....|).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*.....*.....*.... *....'*..

...*..../*....0*....B*....Q*..

..f*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\es.pak unknown 83909 05 00 00 00 01 00 00 00 65 06 b4 00 7c 00 40 29 00 00 7d 00 4f 29 00 00 7e 00 5a 29 00 00 80 00 62 29 00 00 81 00 67 29 00 00 82 00 74 29 00 00 83 00 7a 29 00 00 84 00 89 29 00 00 85 00 9a 29 00 00 86 00 a3 29 00 00 88 00 b8 29 00 00 89 00 c5 29 00 00 8b 00 cb 29 00 00 8c 00 da 29 00 00 8e 00 e0 29 00 00 8f 00 f2 29 00 00 91 00 fa 29 00 00 92 00 ff 29 00 00 94 00 07 2a 00 00 9d 00 0f 2a 00 00 9e 00 17 2a 00 00 9f 00 1e 2a 00 00 a0 00 25 2a 00 00 a3 00 2c 2a 00 00 a4 00 2d 2a 00 00 a6 00 2e 2a 00 00 a7 00 41 2a 00 00 a8 00 51 2a 00 00 b1 00 66 2a 00 00 b4 00 80 2a 00 00 b5 00 98 2a 00 00 b6 00 a1 2a 00 00 b7 00 aa 2a 00 00 b8 00 b3 2a 00 00 bc 00 b9 2a 00 00 bd 00 c0 2a 00 00 be 00 c3 2a 00 00 bf 00 c4 2a 00 00 c0 00 cb 2a 00 00 c2 00 dc 2a 00 00 c5 00 e2

........e...|.@)..}.O)..~.Z)..

..b)....g)....t)....z).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....%*..

..,*....-*.....*....A*....Q*..

..f*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 92 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\et.pak unknown 74850 05 00 00 00 01 00 00 00 6f 06 aa 00 7c 00 54 29 00 00 7d 00 63 29 00 00 7e 00 6e 29 00 00 80 00 76 29 00 00 81 00 7b 29 00 00 82 00 88 29 00 00 83 00 8e 29 00 00 84 00 9d 29 00 00 85 00 ae 29 00 00 86 00 b7 29 00 00 88 00 cc 29 00 00 89 00 d9 29 00 00 8b 00 df 29 00 00 8c 00 ee 29 00 00 8e 00 f4 29 00 00 8f 00 06 2a 00 00 91 00 0e 2a 00 00 92 00 13 2a 00 00 94 00 1b 2a 00 00 9d 00 23 2a 00 00 9e 00 2b 2a 00 00 9f 00 32 2a 00 00 a0 00 39 2a 00 00 a3 00 40 2a 00 00 a4 00 41 2a 00 00 a6 00 42 2a 00 00 a7 00 52 2a 00 00 a8 00 64 2a 00 00 b1 00 79 2a 00 00 b4 00 87 2a 00 00 b5 00 9d 2a 00 00 b6 00 a6 2a 00 00 b7 00 b0 2a 00 00 b8 00 b6 2a 00 00 bc 00 bb 2a 00 00 bd 00 c2 2a 00 00 be 00 c5 2a 00 00 bf 00 c6 2a 00 00 c0 00 ce 2a 00 00 c2 00 d9 2a 00 00 c5 00 df

........o...|.T)..}.c)..~.n)..

..v)....{).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*....#*....+*....2*....9*..

..@*....A*....B*....R*....d*..

..y*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\fa.pak unknown 115798 05 00 00 00 01 00 00 00 51 06 c8 00 7c 00 18 29 00 00 7d 00 27 29 00 00 7e 00 32 29 00 00 80 00 3a 29 00 00 81 00 3f 29 00 00 82 00 4c 29 00 00 83 00 52 29 00 00 84 00 61 29 00 00 85 00 72 29 00 00 86 00 7b 29 00 00 88 00 90 29 00 00 89 00 9d 29 00 00 8b 00 a3 29 00 00 8c 00 b2 29 00 00 8e 00 b8 29 00 00 8f 00 ca 29 00 00 91 00 d2 29 00 00 92 00 d7 29 00 00 94 00 df 29 00 00 9d 00 e7 29 00 00 9e 00 ef 29 00 00 9f 00 f6 29 00 00 a0 00 fd 29 00 00 a3 00 04 2a 00 00 a6 00 06 2a 00 00 a7 00 20 2a 00 00 a8 00 3c 2a 00 00 b1 00 66 2a 00 00 b4 00 86 2a 00 00 b5 00 ad 2a 00 00 b6 00 be 2a 00 00 b7 00 cf 2a 00 00 b8 00 dd 2a 00 00 bc 00 e5 2a 00 00 bd 00 ec 2a 00 00 bf 00 ef 2a 00 00 c0 00 f6 2a 00 00 c2 00 0a 2b 00 00 c5 00 16 2b 00 00 ce 00 29 2b 00 00 dc 00 40

........Q...|..)..}.')..~.2)..

..:)....?)....L)....R)....a)..

..r)....{).....).....).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.... *....<*....f*..

...*.....*.....*.....*.....*..

...*.....*.....*.....*.....+..

...+....)+....@

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 93 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\fi.pak unknown 77081 05 00 00 00 01 00 00 00 5a 06 bf 00 7c 00 2a 29 00 00 7d 00 39 29 00 00 7e 00 44 29 00 00 80 00 4c 29 00 00 81 00 51 29 00 00 82 00 5e 29 00 00 83 00 64 29 00 00 84 00 73 29 00 00 85 00 84 29 00 00 86 00 8d 29 00 00 88 00 a2 29 00 00 89 00 af 29 00 00 8b 00 b5 29 00 00 8c 00 c4 29 00 00 8e 00 ca 29 00 00 8f 00 dc 29 00 00 91 00 e4 29 00 00 92 00 e9 29 00 00 94 00 f1 29 00 00 9d 00 f9 29 00 00 9e 00 01 2a 00 00 9f 00 08 2a 00 00 a0 00 0f 2a 00 00 a3 00 16 2a 00 00 a4 00 17 2a 00 00 a6 00 18 2a 00 00 a7 00 2a 2a 00 00 a8 00 3b 2a 00 00 b1 00 4e 2a 00 00 b4 00 67 2a 00 00 b5 00 80 2a 00 00 b6 00 89 2a 00 00 b7 00 91 2a 00 00 b8 00 98 2a 00 00 bc 00 9d 2a 00 00 bd 00 a4 2a 00 00 be 00 a7 2a 00 00 bf 00 a8 2a 00 00 c0 00 af 2a 00 00 c2 00 be 2a 00 00 c5 00 c7

........Z...|.*)..}.9)..~.D)..

..L)....Q)....^)....d)....s)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....**....;*..

..N*....g*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\fil.pak unknown 85214 05 00 00 00 01 00 00 00 6a 06 af 00 7c 00 4a 29 00 00 7d 00 59 29 00 00 7e 00 64 29 00 00 80 00 6c 29 00 00 81 00 71 29 00 00 82 00 7e 29 00 00 83 00 84 29 00 00 84 00 93 29 00 00 85 00 a4 29 00 00 86 00 ad 29 00 00 88 00 c2 29 00 00 89 00 cf 29 00 00 8b 00 d5 29 00 00 8c 00 e4 29 00 00 8e 00 ea 29 00 00 8f 00 fc 29 00 00 91 00 04 2a 00 00 92 00 09 2a 00 00 94 00 11 2a 00 00 9d 00 19 2a 00 00 9e 00 21 2a 00 00 9f 00 28 2a 00 00 a0 00 2f 2a 00 00 a3 00 36 2a 00 00 a4 00 37 2a 00 00 a6 00 38 2a 00 00 a7 00 45 2a 00 00 a8 00 5a 2a 00 00 b1 00 70 2a 00 00 b4 00 83 2a 00 00 b5 00 9f 2a 00 00 b6 00 a7 2a 00 00 b7 00 af 2a 00 00 b8 00 ba 2a 00 00 bc 00 bf 2a 00 00 bd 00 c6 2a 00 00 be 00 c9 2a 00 00 bf 00 ca 2a 00 00 c0 00 d3 2a 00 00 c2 00 e4 2a 00 00 c5 00 eb

........j...|.J)..}.Y)..~.d)..

..l)....q)....~).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

...*.....*....!*....(*..../*..

..6*....7*....8*....E*....Z*..

..p*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 94 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\fr.pak unknown 90121 05 00 00 00 01 00 00 00 65 06 b4 00 7c 00 40 29 00 00 7d 00 4f 29 00 00 7e 00 5a 29 00 00 80 00 62 29 00 00 81 00 67 29 00 00 82 00 74 29 00 00 83 00 7a 29 00 00 84 00 89 29 00 00 85 00 9a 29 00 00 86 00 a3 29 00 00 88 00 b8 29 00 00 89 00 c5 29 00 00 8b 00 cb 29 00 00 8c 00 da 29 00 00 8e 00 e0 29 00 00 8f 00 f2 29 00 00 91 00 fa 29 00 00 92 00 ff 29 00 00 94 00 07 2a 00 00 9d 00 0f 2a 00 00 9e 00 17 2a 00 00 9f 00 1e 2a 00 00 a0 00 25 2a 00 00 a3 00 2c 2a 00 00 a4 00 2d 2a 00 00 a6 00 2e 2a 00 00 a7 00 3e 2a 00 00 a8 00 4c 2a 00 00 b1 00 5e 2a 00 00 b4 00 75 2a 00 00 b5 00 84 2a 00 00 b6 00 8c 2a 00 00 b7 00 94 2a 00 00 b8 00 9d 2a 00 00 bc 00 a3 2a 00 00 bd 00 aa 2a 00 00 be 00 ad 2a 00 00 bf 00 ae 2a 00 00 c0 00 b5 2a 00 00 c2 00 c8 2a 00 00 c5 00 ce

........e...|.@)..}.O)..~.Z)..

..b)....g)....t)....z).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....%*..

..,*....-*.....*....>*....L*..

..^*....u*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\gu.pak unknown 162130 05 00 00 00 01 00 00 00 60 06 b9 00 7c 00 36 29 00 00 7d 00 45 29 00 00 7e 00 50 29 00 00 80 00 58 29 00 00 81 00 5d 29 00 00 82 00 6a 29 00 00 83 00 70 29 00 00 84 00 7f 29 00 00 85 00 90 29 00 00 86 00 99 29 00 00 88 00 ae 29 00 00 89 00 bb 29 00 00 8b 00 c1 29 00 00 8c 00 d0 29 00 00 8e 00 d6 29 00 00 8f 00 e8 29 00 00 91 00 f0 29 00 00 92 00 f5 29 00 00 94 00 fd 29 00 00 9d 00 05 2a 00 00 9e 00 0d 2a 00 00 9f 00 14 2a 00 00 a0 00 1b 2a 00 00 a3 00 22 2a 00 00 a4 00 23 2a 00 00 a6 00 24 2a 00 00 a7 00 4c 2a 00 00 a8 00 77 2a 00 00 b1 00 a8 2a 00 00 b4 00 d6 2a 00 00 b5 00 0a 2b 00 00 b6 00 23 2b 00 00 b7 00 3c 2b 00 00 b8 00 67 2b 00 00 bc 00 7a 2b 00 00 bd 00 81 2b 00 00 be 00 84 2b 00 00 bf 00 86 2b 00 00 c0 00 9d 2b 00 00 c2 00 be 2b 00 00 c5 00 ca

........`...|.6)..}.E)..~.P)..

..X)....])....j)....p).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....*.....*.....*.....*..

.."*....#*....$*....L*....w*..

...*.....*.....+....#+....<+..

..g+....z+.....+.....+.....+..

...+.....+.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 95 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\he.pak unknown 101034 05 00 00 00 01 00 00 00 5b 06 be 00 7c 00 2c 29 00 00 7d 00 3b 29 00 00 7e 00 46 29 00 00 80 00 4e 29 00 00 81 00 53 29 00 00 82 00 60 29 00 00 83 00 66 29 00 00 84 00 75 29 00 00 85 00 86 29 00 00 86 00 8f 29 00 00 88 00 a4 29 00 00 89 00 b1 29 00 00 8b 00 b7 29 00 00 8c 00 c6 29 00 00 8e 00 cc 29 00 00 8f 00 de 29 00 00 91 00 e6 29 00 00 92 00 eb 29 00 00 94 00 f3 29 00 00 9d 00 fb 29 00 00 9e 00 03 2a 00 00 9f 00 0a 2a 00 00 a0 00 11 2a 00 00 a3 00 18 2a 00 00 a4 00 19 2a 00 00 a6 00 1a 2a 00 00 a7 00 31 2a 00 00 a8 00 4a 2a 00 00 b1 00 63 2a 00 00 b4 00 7a 2a 00 00 b5 00 97 2a 00 00 b6 00 9f 2a 00 00 b7 00 a7 2a 00 00 b8 00 af 2a 00 00 bc 00 b7 2a 00 00 bd 00 be 2a 00 00 be 00 c1 2a 00 00 bf 00 c2 2a 00 00 c0 00 cb 2a 00 00 c2 00 d9 2a 00 00 c5 00 e1

........[...|.,)..}.;)..~.F)..

..N)....S)....`)....f)....u)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....1*....J*..

..c*....z*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\hi.pak unknown 165686 05 00 00 00 01 00 00 00 54 06 c5 00 7c 00 1e 29 00 00 7d 00 2d 29 00 00 7e 00 38 29 00 00 80 00 40 29 00 00 81 00 45 29 00 00 82 00 52 29 00 00 83 00 58 29 00 00 84 00 67 29 00 00 85 00 78 29 00 00 86 00 81 29 00 00 88 00 96 29 00 00 89 00 a3 29 00 00 8b 00 a9 29 00 00 8c 00 b8 29 00 00 8e 00 be 29 00 00 8f 00 d0 29 00 00 91 00 d8 29 00 00 92 00 dd 29 00 00 94 00 e5 29 00 00 9d 00 ed 29 00 00 9e 00 f5 29 00 00 9f 00 fc 29 00 00 a0 00 03 2a 00 00 a3 00 0a 2a 00 00 a4 00 0b 2a 00 00 a6 00 0c 2a 00 00 a7 00 2e 2a 00 00 a8 00 53 2a 00 00 b1 00 7e 2a 00 00 b4 00 a0 2a 00 00 b5 00 d1 2a 00 00 b6 00 ea 2a 00 00 b7 00 03 2b 00 00 b8 00 34 2b 00 00 bc 00 4a 2b 00 00 bd 00 51 2b 00 00 be 00 54 2b 00 00 bf 00 56 2b 00 00 c0 00 82 2b 00 00 c2 00 a3 2b 00 00 c5 00 af

........T...|..)..}.-)..~.8)..

..@)....E)....R)....X)....g)..

..x).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*.....*.....*.....*....S*..

..~*.....*.....*.....*.....+..

..4+....J+....Q+....T+....V+..

...+.....+.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 96 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\hr.pak unknown 81594 05 00 00 00 01 00 00 00 6c 06 ad 00 7c 00 4e 29 00 00 7d 00 5d 29 00 00 7e 00 68 29 00 00 80 00 70 29 00 00 81 00 75 29 00 00 82 00 82 29 00 00 83 00 88 29 00 00 84 00 97 29 00 00 85 00 a8 29 00 00 86 00 b1 29 00 00 88 00 c6 29 00 00 89 00 d3 29 00 00 8b 00 d9 29 00 00 8c 00 e8 29 00 00 8e 00 ee 29 00 00 8f 00 00 2a 00 00 91 00 08 2a 00 00 92 00 0d 2a 00 00 94 00 15 2a 00 00 9d 00 1d 2a 00 00 9e 00 25 2a 00 00 9f 00 2c 2a 00 00 a0 00 33 2a 00 00 a3 00 3a 2a 00 00 a4 00 3b 2a 00 00 a6 00 3c 2a 00 00 a7 00 48 2a 00 00 a8 00 54 2a 00 00 b1 00 62 2a 00 00 b4 00 7f 2a 00 00 b5 00 90 2a 00 00 b6 00 9b 2a 00 00 b7 00 a7 2a 00 00 b8 00 ac 2a 00 00 bc 00 b3 2a 00 00 bd 00 ba 2a 00 00 be 00 bd 2a 00 00 bf 00 be 2a 00 00 c0 00 c6 2a 00 00 c2 00 d2 2a 00 00 c5 00 d8

........l...|.N)..}.])..~.h)..

..p)....u).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*....%*....,*....3*..

..:*....;*....<*....H*....T*..

..b*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\hu.pak unknown 86570 05 00 00 00 01 00 00 00 63 06 b6 00 7c 00 3c 29 00 00 7d 00 4b 29 00 00 7e 00 56 29 00 00 80 00 5e 29 00 00 81 00 63 29 00 00 82 00 70 29 00 00 83 00 76 29 00 00 84 00 85 29 00 00 85 00 96 29 00 00 86 00 9f 29 00 00 88 00 b4 29 00 00 89 00 c1 29 00 00 8b 00 c7 29 00 00 8c 00 d6 29 00 00 8e 00 dc 29 00 00 8f 00 ee 29 00 00 91 00 f6 29 00 00 92 00 fb 29 00 00 94 00 03 2a 00 00 9d 00 0b 2a 00 00 9e 00 13 2a 00 00 9f 00 1a 2a 00 00 a0 00 21 2a 00 00 a3 00 28 2a 00 00 a4 00 29 2a 00 00 a6 00 2a 2a 00 00 a7 00 3a 2a 00 00 a8 00 50 2a 00 00 b1 00 65 2a 00 00 b4 00 7a 2a 00 00 b5 00 8e 2a 00 00 b6 00 9b 2a 00 00 b7 00 a8 2a 00 00 b8 00 b8 2a 00 00 bc 00 c1 2a 00 00 bd 00 c8 2a 00 00 be 00 cb 2a 00 00 bf 00 cc 2a 00 00 c0 00 d6 2a 00 00 c2 00 ed 2a 00 00 c5 00 f3

........c...|.<)..}.K)..~.V)..

..^)....c)....p)....v).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....!*....(*....)*....**....:*....P*....e*....z*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 97 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\id.pak unknown 75127 05 00 00 00 01 00 00 00 57 06 c2 00 7c 00 24 29 00 00 7d 00 33 29 00 00 7e 00 3e 29 00 00 80 00 46 29 00 00 81 00 4b 29 00 00 82 00 58 29 00 00 83 00 5e 29 00 00 84 00 6d 29 00 00 85 00 7e 29 00 00 86 00 87 29 00 00 88 00 9c 29 00 00 89 00 a9 29 00 00 8b 00 af 29 00 00 8c 00 be 29 00 00 8e 00 c4 29 00 00 8f 00 d6 29 00 00 91 00 de 29 00 00 92 00 e3 29 00 00 94 00 eb 29 00 00 9d 00 f3 29 00 00 9e 00 fb 29 00 00 9f 00 02 2a 00 00 a0 00 09 2a 00 00 a3 00 10 2a 00 00 a4 00 11 2a 00 00 a6 00 12 2a 00 00 a7 00 20 2a 00 00 a8 00 2d 2a 00 00 b1 00 3d 2a 00 00 b4 00 4e 2a 00 00 b5 00 60 2a 00 00 b6 00 68 2a 00 00 b7 00 70 2a 00 00 b8 00 78 2a 00 00 bc 00 7d 2a 00 00 bd 00 84 2a 00 00 be 00 87 2a 00 00 bf 00 88 2a 00 00 c0 00 8e 2a 00 00 c2 00 9a 2a 00 00 c5 00 a0

........W...|.$)..}.3)..~.>)..

..F)....K)....X)....^)....m)..

..~).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

...*.....*.....*.... *....-*..

..=*....N*....`*....h*....p*..

..x*....}*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\it.pak unknown 81676 05 00 00 00 01 00 00 00 66 06 b3 00 7c 00 42 29 00 00 7d 00 51 29 00 00 7e 00 5c 29 00 00 80 00 64 29 00 00 81 00 69 29 00 00 82 00 76 29 00 00 83 00 7c 29 00 00 84 00 8b 29 00 00 85 00 9c 29 00 00 86 00 a5 29 00 00 88 00 ba 29 00 00 89 00 c7 29 00 00 8b 00 cd 29 00 00 8c 00 dc 29 00 00 8e 00 e2 29 00 00 8f 00 f4 29 00 00 91 00 fc 29 00 00 92 00 01 2a 00 00 94 00 09 2a 00 00 9d 00 11 2a 00 00 9e 00 19 2a 00 00 9f 00 20 2a 00 00 a0 00 27 2a 00 00 a3 00 2e 2a 00 00 a4 00 2f 2a 00 00 a6 00 30 2a 00 00 a7 00 43 2a 00 00 a8 00 52 2a 00 00 b1 00 6b 2a 00 00 b4 00 70 2a 00 00 b5 00 81 2a 00 00 b6 00 8f 2a 00 00 b7 00 9a 2a 00 00 b8 00 a4 2a 00 00 bc 00 aa 2a 00 00 bd 00 b1 2a 00 00 be 00 b4 2a 00 00 bf 00 b5 2a 00 00 c0 00 bb 2a 00 00 c2 00 cb 2a 00 00 c5 00 d3

........f...|.B)..}.Q)..~.\)..

..d)....i)....v)....|).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*.....*.....*.... *....'*..

...*..../*....0*....C*....R*..

..k*....p*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 98 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\ja.pak unknown 98753 05 00 00 00 01 00 00 00 3a 06 df 00 7c 00 ea 28 00 00 7d 00 fb 28 00 00 7e 00 04 29 00 00 7f 00 0c 29 00 00 81 00 21 29 00 00 82 00 2e 29 00 00 83 00 34 29 00 00 88 00 43 29 00 00 89 00 50 29 00 00 8b 00 56 29 00 00 8c 00 65 29 00 00 8e 00 6b 29 00 00 8f 00 7d 29 00 00 91 00 85 29 00 00 92 00 8a 29 00 00 93 00 92 29 00 00 94 00 9d 29 00 00 95 00 a5 29 00 00 98 00 b4 29 00 00 9d 00 b9 29 00 00 9e 00 c1 29 00 00 9f 00 c8 29 00 00 a0 00 cf 29 00 00 a3 00 d6 29 00 00 a6 00 d8 29 00 00 a7 00 f1 29 00 00 a8 00 0f 2a 00 00 b1 00 30 2a 00 00 b4 00 3f 2a 00 00 b5 00 60 2a 00 00 b6 00 69 2a 00 00 b7 00 72 2a 00 00 b8 00 78 2a 00 00 bc 00 81 2a 00 00 bd 00 88 2a 00 00 bf 00 8b 2a 00 00 c0 00 98 2a 00 00 c2 00 ab 2a 00 00 c5 00 b1 2a 00 00 ce 00 b7 2a 00 00 dc 00 bd

........:...|..(..}..(..~..)..

...)....!).....)....4)....C)..

..P)....V)....e)....k)....})..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....*....0*....?*....`*....i*....r*....x*.....*.....*.....*.....*.....*.....*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\kn.pak unknown 184476 05 00 00 00 01 00 00 00 65 06 b4 00 7c 00 40 29 00 00 7d 00 4f 29 00 00 7e 00 5a 29 00 00 80 00 62 29 00 00 81 00 67 29 00 00 82 00 74 29 00 00 83 00 7a 29 00 00 84 00 89 29 00 00 85 00 9a 29 00 00 86 00 a3 29 00 00 88 00 b8 29 00 00 89 00 c5 29 00 00 8b 00 cb 29 00 00 8c 00 da 29 00 00 8e 00 e0 29 00 00 8f 00 f2 29 00 00 91 00 fa 29 00 00 92 00 ff 29 00 00 94 00 07 2a 00 00 9d 00 0f 2a 00 00 9e 00 17 2a 00 00 9f 00 1e 2a 00 00 a0 00 25 2a 00 00 a3 00 2c 2a 00 00 a4 00 2d 2a 00 00 a6 00 2e 2a 00 00 a7 00 65 2a 00 00 a8 00 9c 2a 00 00 b1 00 dc 2a 00 00 b4 00 04 2b 00 00 b5 00 50 2b 00 00 b6 00 68 2b 00 00 b7 00 8c 2b 00 00 b8 00 aa 2b 00 00 bc 00 c2 2b 00 00 bd 00 c9 2b 00 00 be 00 cc 2b 00 00 bf 00 ce 2b 00 00 c0 00 e1 2b 00 00 c2 00 0b 2c 00 00 c5 00 1a

........e...|.@)..}.O)..~.Z)..

..b)....g)....t)....z).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....%*..

..,*....-*.....*....e*.....*..

...*.....+....P+....h+.....+..

...+.....+.....+.....+.....+..

...+.....,.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 99 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\ko.pak unknown 83232 05 00 00 00 01 00 00 00 3f 06 da 00 7c 00 f4 28 00 00 7d 00 01 29 00 00 7e 00 09 29 00 00 7f 00 11 29 00 00 81 00 17 29 00 00 82 00 1e 29 00 00 83 00 24 29 00 00 84 00 33 29 00 00 85 00 44 29 00 00 86 00 4d 29 00 00 8b 00 62 29 00 00 8c 00 71 29 00 00 8e 00 77 29 00 00 8f 00 89 29 00 00 91 00 91 29 00 00 92 00 96 29 00 00 93 00 9e 29 00 00 94 00 a9 29 00 00 95 00 b1 29 00 00 98 00 c0 29 00 00 9f 00 c5 29 00 00 a0 00 cc 29 00 00 a3 00 d3 29 00 00 a6 00 d5 29 00 00 a7 00 e1 29 00 00 a8 00 f1 29 00 00 b1 00 04 2a 00 00 b4 00 14 2a 00 00 b5 00 24 2a 00 00 b6 00 2d 2a 00 00 b7 00 36 2a 00 00 b8 00 3c 2a 00 00 bc 00 42 2a 00 00 bd 00 49 2a 00 00 bf 00 4c 2a 00 00 c0 00 56 2a 00 00 c2 00 67 2a 00 00 c5 00 6d 2a 00 00 ce 00 76 2a 00 00 dc 00 8c 2a 00 00 dd 00 9e

........?...|..(..}..)..~..)..

...).....).....)....$)....3)..

..D)....M)....b)....q)....w)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*....$*....-*....6*....<*....B*....I*....L*....V*....g*....m*....v*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\lt.pak unknown 88301 05 00 00 00 01 00 00 00 68 06 b1 00 7c 00 46 29 00 00 7d 00 55 29 00 00 7e 00 60 29 00 00 80 00 68 29 00 00 81 00 6d 29 00 00 82 00 7a 29 00 00 83 00 80 29 00 00 84 00 8f 29 00 00 85 00 a0 29 00 00 86 00 a9 29 00 00 88 00 be 29 00 00 89 00 cb 29 00 00 8b 00 d1 29 00 00 8c 00 e0 29 00 00 8e 00 e6 29 00 00 8f 00 f8 29 00 00 91 00 00 2a 00 00 92 00 05 2a 00 00 94 00 0d 2a 00 00 9d 00 15 2a 00 00 9e 00 1d 2a 00 00 9f 00 24 2a 00 00 a0 00 2b 2a 00 00 a3 00 32 2a 00 00 a4 00 33 2a 00 00 a6 00 34 2a 00 00 a7 00 42 2a 00 00 a8 00 4f 2a 00 00 b1 00 63 2a 00 00 b4 00 7b 2a 00 00 b5 00 8c 2a 00 00 b6 00 96 2a 00 00 b7 00 a1 2a 00 00 b8 00 a8 2a 00 00 bc 00 b1 2a 00 00 bd 00 b8 2a 00 00 be 00 bb 2a 00 00 bf 00 bc 2a 00 00 c0 00 c6 2a 00 00 c2 00 d8 2a 00 00 c5 00 dd

........h...|.F)..}.U)..~.`)..

..h)....m)....z).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

...*.....*.....*....$*....+*..

..2*....3*....4*....B*....O*..

..c*....{*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 100 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\lv.pak unknown 87235 05 00 00 00 01 00 00 00 6e 06 ab 00 7c 00 52 29 00 00 7d 00 61 29 00 00 7e 00 6c 29 00 00 80 00 74 29 00 00 81 00 79 29 00 00 82 00 86 29 00 00 83 00 8c 29 00 00 84 00 9b 29 00 00 85 00 ac 29 00 00 86 00 b5 29 00 00 88 00 ca 29 00 00 89 00 d7 29 00 00 8b 00 dd 29 00 00 8c 00 ec 29 00 00 8e 00 f2 29 00 00 8f 00 04 2a 00 00 91 00 0c 2a 00 00 92 00 11 2a 00 00 94 00 19 2a 00 00 9d 00 21 2a 00 00 9e 00 29 2a 00 00 9f 00 30 2a 00 00 a0 00 37 2a 00 00 a3 00 3e 2a 00 00 a4 00 3f 2a 00 00 a6 00 40 2a 00 00 a7 00 53 2a 00 00 a8 00 66 2a 00 00 b1 00 7c 2a 00 00 b4 00 97 2a 00 00 b5 00 b3 2a 00 00 b6 00 bd 2a 00 00 b7 00 c8 2a 00 00 b8 00 d0 2a 00 00 bc 00 d8 2a 00 00 bd 00 df 2a 00 00 be 00 e2 2a 00 00 bf 00 e3 2a 00 00 c0 00 ea 2a 00 00 c2 00 fc 2a 00 00 c5 00 04

........n...|.R)..}.a)..~.l)..

..t)....y).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*....!*....)*....0*....7*..

..>*....?*....@*....S*....f*..

..|*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\ml.pak unknown 197304 05 00 00 00 01 00 00 00 65 06 b4 00 7c 00 40 29 00 00 7d 00 4f 29 00 00 7e 00 5a 29 00 00 80 00 62 29 00 00 81 00 67 29 00 00 82 00 74 29 00 00 83 00 7a 29 00 00 84 00 89 29 00 00 85 00 9a 29 00 00 86 00 a3 29 00 00 88 00 b8 29 00 00 89 00 c5 29 00 00 8b 00 cb 29 00 00 8c 00 da 29 00 00 8e 00 e0 29 00 00 8f 00 f2 29 00 00 91 00 fa 29 00 00 92 00 ff 29 00 00 94 00 07 2a 00 00 9d 00 0f 2a 00 00 9e 00 17 2a 00 00 9f 00 1e 2a 00 00 a0 00 25 2a 00 00 a3 00 2c 2a 00 00 a4 00 2d 2a 00 00 a6 00 2e 2a 00 00 a7 00 65 2a 00 00 a8 00 ab 2a 00 00 b1 00 eb 2a 00 00 b4 00 13 2b 00 00 b5 00 5f 2b 00 00 b6 00 83 2b 00 00 b7 00 a1 2b 00 00 b8 00 ce 2b 00 00 bc 00 e9 2b 00 00 bd 00 f0 2b 00 00 be 00 f3 2b 00 00 bf 00 f5 2b 00 00 c0 00 11 2c 00 00 c2 00 4c 2c 00 00 c5 00 6a

........e...|.@)..}.O)..~.Z)..

..b)....g)....t)....z).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....%*..

..,*....-*.....*....e*.....*..

...*.....+...._+.....+.....+..

...+.....+.....+.....+.....+..

...,....L,....j

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 101 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\mr.pak unknown 160664 05 00 00 00 01 00 00 00 5b 06 be 00 7c 00 2c 29 00 00 7d 00 3b 29 00 00 7e 00 46 29 00 00 80 00 4e 29 00 00 81 00 53 29 00 00 82 00 60 29 00 00 83 00 66 29 00 00 84 00 75 29 00 00 85 00 86 29 00 00 86 00 8f 29 00 00 88 00 a4 29 00 00 89 00 b1 29 00 00 8b 00 b7 29 00 00 8c 00 c6 29 00 00 8e 00 cc 29 00 00 8f 00 de 29 00 00 91 00 e6 29 00 00 92 00 eb 29 00 00 94 00 f3 29 00 00 9d 00 fb 29 00 00 9e 00 03 2a 00 00 9f 00 0a 2a 00 00 a0 00 11 2a 00 00 a3 00 18 2a 00 00 a4 00 19 2a 00 00 a6 00 1a 2a 00 00 a7 00 3c 2a 00 00 a8 00 5e 2a 00 00 b1 00 7d 2a 00 00 b4 00 a5 2a 00 00 b5 00 f2 2a 00 00 b6 00 08 2b 00 00 b7 00 17 2b 00 00 b8 00 42 2b 00 00 bc 00 55 2b 00 00 bd 00 5c 2b 00 00 be 00 5f 2b 00 00 bf 00 61 2b 00 00 c0 00 78 2b 00 00 c2 00 95 2b 00 00 c5 00 a4

........[...|.,)..}.;)..~.F)..

..N)....S)....`)....f)....u)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....<*....^*..

..}*.....*.....*.....+.....+..

..B+....U+....\+...._+....a+..

..x+.....+.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\ms.pak unknown 76596 05 00 00 00 01 00 00 00 5b 06 be 00 7c 00 2c 29 00 00 7d 00 3b 29 00 00 7e 00 46 29 00 00 80 00 4e 29 00 00 81 00 53 29 00 00 82 00 60 29 00 00 83 00 66 29 00 00 84 00 75 29 00 00 85 00 86 29 00 00 86 00 8f 29 00 00 88 00 a4 29 00 00 89 00 b1 29 00 00 8b 00 b7 29 00 00 8c 00 c6 29 00 00 8e 00 cc 29 00 00 8f 00 de 29 00 00 91 00 e6 29 00 00 92 00 eb 29 00 00 94 00 f3 29 00 00 9d 00 fb 29 00 00 9e 00 03 2a 00 00 9f 00 0a 2a 00 00 a0 00 11 2a 00 00 a3 00 18 2a 00 00 a4 00 19 2a 00 00 a6 00 1a 2a 00 00 a7 00 2d 2a 00 00 a8 00 41 2a 00 00 b1 00 5b 2a 00 00 b4 00 68 2a 00 00 b5 00 7f 2a 00 00 b6 00 89 2a 00 00 b7 00 94 2a 00 00 b8 00 9c 2a 00 00 bc 00 a1 2a 00 00 bd 00 a8 2a 00 00 be 00 ab 2a 00 00 bf 00 ac 2a 00 00 c0 00 b2 2a 00 00 c2 00 be 2a 00 00 c5 00 c5

........[...|.,)..}.;)..~.F)..

..N)....S)....`)....f)....u)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....-*....A*....[*....h*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 102 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\nb.pak unknown 75772 05 00 00 00 01 00 00 00 5f 06 ba 00 7c 00 34 29 00 00 7d 00 43 29 00 00 7e 00 4e 29 00 00 80 00 56 29 00 00 81 00 5b 29 00 00 82 00 68 29 00 00 83 00 6e 29 00 00 84 00 7d 29 00 00 85 00 8e 29 00 00 86 00 97 29 00 00 88 00 ac 29 00 00 89 00 b9 29 00 00 8b 00 bf 29 00 00 8c 00 ce 29 00 00 8e 00 d4 29 00 00 8f 00 e6 29 00 00 91 00 ee 29 00 00 92 00 f3 29 00 00 94 00 fb 29 00 00 9d 00 03 2a 00 00 9e 00 0b 2a 00 00 9f 00 12 2a 00 00 a0 00 19 2a 00 00 a3 00 20 2a 00 00 a4 00 21 2a 00 00 a6 00 22 2a 00 00 a7 00 2d 2a 00 00 a8 00 3c 2a 00 00 b1 00 4f 2a 00 00 b4 00 5e 2a 00 00 b5 00 75 2a 00 00 b6 00 7c 2a 00 00 b7 00 84 2a 00 00 b8 00 8f 2a 00 00 bc 00 93 2a 00 00 bd 00 9a 2a 00 00 be 00 9d 2a 00 00 bf 00 9e 2a 00 00 c0 00 a5 2a 00 00 c2 00 b0 2a 00 00 c5 00 b7

........_...|.4)..}.C)..~.N)..

..V)....[)....h)....n)....})..

...).....).....).....).....)..

...).....).....).....).....)..

...).....*.....*.....*.....*.... *....!*...."*....-*....<*....O*....^*....u*....|*.....*.....*.....*.....*.....*.....*.....*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\nl.pak unknown 79660 05 00 00 00 01 00 00 00 67 06 b2 00 7c 00 44 29 00 00 7d 00 53 29 00 00 7e 00 5e 29 00 00 80 00 66 29 00 00 81 00 6b 29 00 00 82 00 78 29 00 00 83 00 7e 29 00 00 84 00 8d 29 00 00 85 00 9e 29 00 00 86 00 a7 29 00 00 88 00 bc 29 00 00 89 00 c9 29 00 00 8b 00 cf 29 00 00 8c 00 de 29 00 00 8e 00 e4 29 00 00 8f 00 f6 29 00 00 91 00 fe 29 00 00 92 00 03 2a 00 00 94 00 0b 2a 00 00 9d 00 13 2a 00 00 9e 00 1b 2a 00 00 9f 00 22 2a 00 00 a0 00 29 2a 00 00 a3 00 30 2a 00 00 a4 00 31 2a 00 00 a6 00 32 2a 00 00 a7 00 40 2a 00 00 a8 00 52 2a 00 00 b1 00 65 2a 00 00 b4 00 77 2a 00 00 b5 00 8b 2a 00 00 b6 00 98 2a 00 00 b7 00 a5 2a 00 00 b8 00 af 2a 00 00 bc 00 b6 2a 00 00 bd 00 bd 2a 00 00 be 00 c0 2a 00 00 bf 00 c1 2a 00 00 c0 00 cb 2a 00 00 c2 00 dc 2a 00 00 c5 00 e2

........g...|.D)..}.S)..~.^)..

..f)....k)....x)....~).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*.....*.....*...."*....)*..

..0*....1*....2*....@*....R*..

..e*....w*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 103 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\pl.pak unknown 85369 05 00 00 00 01 00 00 00 67 06 b2 00 7c 00 44 29 00 00 7d 00 53 29 00 00 7e 00 5e 29 00 00 80 00 66 29 00 00 81 00 6b 29 00 00 82 00 78 29 00 00 83 00 7e 29 00 00 84 00 8d 29 00 00 85 00 9e 29 00 00 86 00 a7 29 00 00 88 00 bc 29 00 00 89 00 c9 29 00 00 8b 00 cf 29 00 00 8c 00 de 29 00 00 8e 00 e4 29 00 00 8f 00 f6 29 00 00 91 00 fe 29 00 00 92 00 03 2a 00 00 94 00 0b 2a 00 00 9d 00 13 2a 00 00 9e 00 1b 2a 00 00 9f 00 22 2a 00 00 a0 00 29 2a 00 00 a3 00 30 2a 00 00 a4 00 31 2a 00 00 a6 00 32 2a 00 00 a7 00 41 2a 00 00 a8 00 4f 2a 00 00 b1 00 64 2a 00 00 b4 00 69 2a 00 00 b5 00 7e 2a 00 00 b6 00 89 2a 00 00 b7 00 95 2a 00 00 b8 00 9f 2a 00 00 bc 00 a6 2a 00 00 bd 00 ad 2a 00 00 be 00 b0 2a 00 00 bf 00 b1 2a 00 00 c0 00 b8 2a 00 00 c2 00 c9 2a 00 00 c5 00 cf

........g...|.D)..}.S)..~.^)..

..f)....k)....x)....~).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*.....*.....*...."*....)*..

..0*....1*....2*....A*....O*..

..d*....i*....~*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\pt-BR.pak

unknown 81680 05 00 00 00 01 00 00 00 68 06 b1 00 7c 00 46 29 00 00 7d 00 55 29 00 00 7e 00 60 29 00 00 80 00 68 29 00 00 81 00 6d 29 00 00 82 00 7a 29 00 00 83 00 80 29 00 00 84 00 8f 29 00 00 85 00 a0 29 00 00 86 00 a9 29 00 00 88 00 be 29 00 00 89 00 cb 29 00 00 8b 00 d1 29 00 00 8c 00 e0 29 00 00 8e 00 e6 29 00 00 8f 00 f8 29 00 00 91 00 00 2a 00 00 92 00 05 2a 00 00 94 00 0d 2a 00 00 9d 00 15 2a 00 00 9e 00 1d 2a 00 00 9f 00 24 2a 00 00 a0 00 2b 2a 00 00 a3 00 32 2a 00 00 a4 00 33 2a 00 00 a6 00 34 2a 00 00 a7 00 46 2a 00 00 a8 00 56 2a 00 00 b1 00 77 2a 00 00 b4 00 8f 2a 00 00 b5 00 a4 2a 00 00 b6 00 ad 2a 00 00 b7 00 b6 2a 00 00 b8 00 bf 2a 00 00 bc 00 c5 2a 00 00 bd 00 cc 2a 00 00 be 00 cf 2a 00 00 bf 00 d0 2a 00 00 c0 00 d7 2a 00 00 c2 00 e7 2a 00 00 c5 00 ed

........h...|.F)..}.U)..~.`)..

..h)....m)....z).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

...*.....*.....*....$*....+*..

..2*....3*....4*....F*....V*..

..w*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 104 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\pt-PT.pak

unknown 81692 05 00 00 00 01 00 00 00 6c 06 ad 00 7c 00 4e 29 00 00 7d 00 5d 29 00 00 7e 00 68 29 00 00 80 00 70 29 00 00 81 00 75 29 00 00 82 00 82 29 00 00 83 00 88 29 00 00 84 00 97 29 00 00 85 00 a8 29 00 00 86 00 b1 29 00 00 88 00 c6 29 00 00 89 00 d3 29 00 00 8b 00 d9 29 00 00 8c 00 e8 29 00 00 8e 00 ee 29 00 00 8f 00 00 2a 00 00 91 00 08 2a 00 00 92 00 0d 2a 00 00 94 00 15 2a 00 00 9d 00 1d 2a 00 00 9e 00 25 2a 00 00 9f 00 2c 2a 00 00 a0 00 33 2a 00 00 a3 00 3a 2a 00 00 a4 00 3b 2a 00 00 a6 00 3c 2a 00 00 a7 00 4f 2a 00 00 a8 00 60 2a 00 00 b1 00 75 2a 00 00 b4 00 90 2a 00 00 b5 00 a2 2a 00 00 b6 00 ab 2a 00 00 b7 00 b4 2a 00 00 b8 00 bd 2a 00 00 bc 00 c3 2a 00 00 bd 00 ca 2a 00 00 be 00 cd 2a 00 00 bf 00 ce 2a 00 00 c0 00 d5 2a 00 00 c2 00 e6 2a 00 00 c5 00 ee

........l...|.N)..}.])..~.h)..

..p)....u).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*....%*....,*....3*..

..:*....;*....<*....O*....`*..

..u*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\ro.pak unknown 84399 05 00 00 00 01 00 00 00 70 06 a9 00 7c 00 56 29 00 00 7d 00 65 29 00 00 7e 00 70 29 00 00 80 00 78 29 00 00 81 00 7d 29 00 00 82 00 8a 29 00 00 83 00 90 29 00 00 84 00 9f 29 00 00 85 00 b0 29 00 00 86 00 b9 29 00 00 88 00 ce 29 00 00 89 00 db 29 00 00 8b 00 e1 29 00 00 8c 00 f0 29 00 00 8e 00 f6 29 00 00 8f 00 08 2a 00 00 91 00 10 2a 00 00 92 00 15 2a 00 00 94 00 1d 2a 00 00 9d 00 25 2a 00 00 9e 00 2d 2a 00 00 9f 00 34 2a 00 00 a0 00 3b 2a 00 00 a3 00 42 2a 00 00 a4 00 43 2a 00 00 a6 00 44 2a 00 00 a7 00 53 2a 00 00 a8 00 5f 2a 00 00 b1 00 6d 2a 00 00 b4 00 83 2a 00 00 b5 00 95 2a 00 00 b6 00 a1 2a 00 00 b7 00 ad 2a 00 00 b8 00 ba 2a 00 00 bc 00 c2 2a 00 00 bd 00 c9 2a 00 00 be 00 cc 2a 00 00 bf 00 cd 2a 00 00 c0 00 d6 2a 00 00 c2 00 e6 2a 00 00 c5 00 ed

........p...|.V)..}.e)..~.p)..

..x)....}).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*....%*....-*....4*....;*..

..B*....C*....D*....S*...._*..

..m*.....*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 105 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\ru.pak unknown 129593 05 00 00 00 01 00 00 00 49 06 d0 00 7c 00 08 29 00 00 7d 00 17 29 00 00 7e 00 22 29 00 00 80 00 2a 29 00 00 81 00 2f 29 00 00 82 00 3c 29 00 00 83 00 42 29 00 00 84 00 51 29 00 00 85 00 62 29 00 00 86 00 6b 29 00 00 88 00 80 29 00 00 89 00 8d 29 00 00 8b 00 93 29 00 00 8c 00 a2 29 00 00 8e 00 a8 29 00 00 8f 00 ba 29 00 00 91 00 c2 29 00 00 92 00 c7 29 00 00 94 00 cf 29 00 00 9d 00 d7 29 00 00 9e 00 df 29 00 00 9f 00 e6 29 00 00 a0 00 ed 29 00 00 a3 00 f4 29 00 00 a4 00 f5 29 00 00 a6 00 f6 29 00 00 a7 00 13 2a 00 00 a8 00 30 2a 00 00 b1 00 48 2a 00 00 b4 00 76 2a 00 00 b5 00 9d 2a 00 00 b6 00 ad 2a 00 00 b7 00 c1 2a 00 00 b8 00 d9 2a 00 00 bc 00 e7 2a 00 00 bd 00 ee 2a 00 00 be 00 f1 2a 00 00 bf 00 f2 2a 00 00 c0 00 07 2b 00 00 c2 00 1f 2b 00 00 c5 00 29

........I...|..)..}..)..~.")..

..*)..../)....<)....B)....Q)..

..b)....k).....).....).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....*....0*..

..H*....v*.....*.....*.....*..

...*.....*.....*.....*.....*..

...+.....+....)

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\sk.pak unknown 86557 05 00 00 00 01 00 00 00 6d 06 ac 00 7c 00 50 29 00 00 7d 00 5f 29 00 00 7e 00 6a 29 00 00 80 00 72 29 00 00 81 00 77 29 00 00 82 00 84 29 00 00 83 00 8a 29 00 00 84 00 99 29 00 00 85 00 aa 29 00 00 86 00 b3 29 00 00 88 00 c8 29 00 00 89 00 d5 29 00 00 8b 00 db 29 00 00 8c 00 ea 29 00 00 8e 00 f0 29 00 00 8f 00 02 2a 00 00 91 00 0a 2a 00 00 92 00 0f 2a 00 00 94 00 17 2a 00 00 9d 00 1f 2a 00 00 9e 00 27 2a 00 00 9f 00 2e 2a 00 00 a0 00 35 2a 00 00 a3 00 3c 2a 00 00 a4 00 3d 2a 00 00 a6 00 3e 2a 00 00 a7 00 52 2a 00 00 a8 00 5a 2a 00 00 b1 00 6c 2a 00 00 b4 00 86 2a 00 00 b5 00 9b 2a 00 00 b6 00 a9 2a 00 00 b7 00 b7 2a 00 00 b8 00 bf 2a 00 00 bc 00 c7 2a 00 00 bd 00 ce 2a 00 00 be 00 d1 2a 00 00 bf 00 d2 2a 00 00 c0 00 de 2a 00 00 c2 00 ee 2a 00 00 c5 00 f6

........m...|.P)..}._)..~.j)..

..r)....w).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*....'*.....*....5*....<*....=*....>*....R*....Z*....l*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 106 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\sl.pak unknown 82790 05 00 00 00 01 00 00 00 5b 06 be 00 7c 00 2c 29 00 00 7d 00 3b 29 00 00 7e 00 46 29 00 00 80 00 4e 29 00 00 81 00 53 29 00 00 82 00 60 29 00 00 83 00 66 29 00 00 84 00 75 29 00 00 85 00 86 29 00 00 86 00 8f 29 00 00 88 00 a4 29 00 00 89 00 b1 29 00 00 8b 00 b7 29 00 00 8c 00 c6 29 00 00 8e 00 cc 29 00 00 8f 00 de 29 00 00 91 00 e6 29 00 00 92 00 eb 29 00 00 94 00 f3 29 00 00 9d 00 fb 29 00 00 9e 00 03 2a 00 00 9f 00 0a 2a 00 00 a0 00 11 2a 00 00 a3 00 18 2a 00 00 a4 00 19 2a 00 00 a6 00 1a 2a 00 00 a7 00 2c 2a 00 00 a8 00 3a 2a 00 00 b1 00 4a 2a 00 00 b4 00 62 2a 00 00 b5 00 75 2a 00 00 b6 00 7f 2a 00 00 b7 00 87 2a 00 00 b8 00 8d 2a 00 00 bc 00 92 2a 00 00 bd 00 99 2a 00 00 be 00 9c 2a 00 00 bf 00 9d 2a 00 00 c0 00 a5 2a 00 00 c2 00 b0 2a 00 00 c5 00 b5

........[...|.,)..}.;)..~.F)..

..N)....S)....`)....f)....u)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....,*....:*..

..J*....b*....u*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\sr.pak unknown 124216 05 00 00 00 01 00 00 00 6a 06 af 00 7c 00 4a 29 00 00 7d 00 59 29 00 00 7e 00 64 29 00 00 80 00 6c 29 00 00 81 00 71 29 00 00 82 00 7e 29 00 00 83 00 84 29 00 00 84 00 93 29 00 00 85 00 a4 29 00 00 86 00 ad 29 00 00 88 00 c2 29 00 00 89 00 cf 29 00 00 8b 00 d5 29 00 00 8c 00 e4 29 00 00 8e 00 ea 29 00 00 8f 00 fc 29 00 00 91 00 04 2a 00 00 92 00 09 2a 00 00 94 00 11 2a 00 00 9d 00 19 2a 00 00 9e 00 21 2a 00 00 9f 00 28 2a 00 00 a0 00 2f 2a 00 00 a3 00 36 2a 00 00 a4 00 37 2a 00 00 a6 00 38 2a 00 00 a7 00 62 2a 00 00 a8 00 85 2a 00 00 b1 00 aa 2a 00 00 b4 00 d2 2a 00 00 b5 00 07 2b 00 00 b6 00 11 2b 00 00 b7 00 1d 2b 00 00 b8 00 36 2b 00 00 bc 00 44 2b 00 00 bd 00 4b 2b 00 00 be 00 4e 2b 00 00 bf 00 4f 2b 00 00 c0 00 5e 2b 00 00 c2 00 74 2b 00 00 c5 00 7e

........j...|.J)..}.Y)..~.d)..

..l)....q)....~).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

...*.....*....!*....(*..../*..

..6*....7*....8*....b*.....*..

...*.....*.....+.....+.....+..

..6+....D+....K+....N+....O+..

..^+....t+....~

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 107 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\sv.pak unknown 75603 05 00 00 00 01 00 00 00 65 06 b4 00 7c 00 40 29 00 00 7d 00 4f 29 00 00 7e 00 5a 29 00 00 80 00 62 29 00 00 81 00 67 29 00 00 82 00 74 29 00 00 83 00 7a 29 00 00 84 00 89 29 00 00 85 00 9a 29 00 00 86 00 a3 29 00 00 88 00 b8 29 00 00 89 00 c5 29 00 00 8b 00 cb 29 00 00 8c 00 da 29 00 00 8e 00 e0 29 00 00 8f 00 f2 29 00 00 91 00 fa 29 00 00 92 00 ff 29 00 00 94 00 07 2a 00 00 9d 00 0f 2a 00 00 9e 00 17 2a 00 00 9f 00 1e 2a 00 00 a0 00 25 2a 00 00 a3 00 2c 2a 00 00 a4 00 2d 2a 00 00 a6 00 2e 2a 00 00 a7 00 3f 2a 00 00 a8 00 51 2a 00 00 b1 00 65 2a 00 00 b4 00 75 2a 00 00 b5 00 89 2a 00 00 b6 00 91 2a 00 00 b7 00 99 2a 00 00 b8 00 a4 2a 00 00 bc 00 aa 2a 00 00 bd 00 b1 2a 00 00 be 00 b4 2a 00 00 bf 00 b5 2a 00 00 c0 00 bd 2a 00 00 c2 00 c8 2a 00 00 c5 00 ce

........e...|.@)..}.O)..~.Z)..

..b)....g)....t)....z).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....%*..

..,*....-*.....*....?*....Q*..

..e*....u*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\sw.pak unknown 77019 05 00 00 00 01 00 00 00 5b 06 be 00 7c 00 2c 29 00 00 7d 00 3b 29 00 00 7e 00 46 29 00 00 80 00 4e 29 00 00 81 00 53 29 00 00 82 00 60 29 00 00 83 00 66 29 00 00 84 00 75 29 00 00 85 00 86 29 00 00 86 00 8f 29 00 00 88 00 a4 29 00 00 89 00 b1 29 00 00 8b 00 b7 29 00 00 8c 00 c6 29 00 00 8e 00 cc 29 00 00 8f 00 de 29 00 00 91 00 e6 29 00 00 92 00 eb 29 00 00 94 00 f3 29 00 00 9d 00 fb 29 00 00 9e 00 03 2a 00 00 9f 00 0a 2a 00 00 a0 00 11 2a 00 00 a3 00 18 2a 00 00 a4 00 19 2a 00 00 a6 00 1a 2a 00 00 a7 00 2c 2a 00 00 a8 00 3c 2a 00 00 b1 00 50 2a 00 00 b4 00 6b 2a 00 00 b5 00 82 2a 00 00 b6 00 89 2a 00 00 b7 00 8e 2a 00 00 b8 00 95 2a 00 00 bc 00 9a 2a 00 00 bd 00 a1 2a 00 00 be 00 a4 2a 00 00 bf 00 a5 2a 00 00 c0 00 ac 2a 00 00 c2 00 b8 2a 00 00 c5 00 c2

........[...|.,)..}.;)..~.F)..

..N)....S)....`)....f)....u)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....,*....<*..

..P*....k*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 108 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\ta.pak unknown 189413 05 00 00 00 01 00 00 00 5c 06 bd 00 7c 00 2e 29 00 00 7d 00 3d 29 00 00 7e 00 48 29 00 00 80 00 50 29 00 00 81 00 55 29 00 00 82 00 62 29 00 00 83 00 68 29 00 00 84 00 77 29 00 00 85 00 88 29 00 00 86 00 91 29 00 00 88 00 a6 29 00 00 89 00 b3 29 00 00 8b 00 b9 29 00 00 8c 00 c8 29 00 00 8e 00 ce 29 00 00 8f 00 e0 29 00 00 91 00 e8 29 00 00 92 00 ed 29 00 00 94 00 f5 29 00 00 9d 00 fd 29 00 00 9e 00 05 2a 00 00 9f 00 0c 2a 00 00 a0 00 13 2a 00 00 a3 00 1a 2a 00 00 a4 00 1b 2a 00 00 a6 00 1c 2a 00 00 a7 00 4a 2a 00 00 a8 00 78 2a 00 00 b1 00 b8 2a 00 00 b4 00 f2 2a 00 00 b5 00 53 2b 00 00 b6 00 71 2b 00 00 b7 00 8f 2b 00 00 b8 00 a4 2b 00 00 bc 00 b0 2b 00 00 bd 00 b7 2b 00 00 be 00 ba 2b 00 00 bf 00 bb 2b 00 00 c0 00 ce 2b 00 00 c2 00 0f 2c 00 00 c5 00 37

........\...|..)..}.=)..~.H)..

..P)....U)....b)....h)....w)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*.....*.....*....J*....x*..

...*.....*....S+....q+.....+..

...+.....+.....+.....+.....+..

...+.....,....7

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\te.pak unknown 178678 05 00 00 00 01 00 00 00 6e 06 ab 00 7c 00 52 29 00 00 7d 00 61 29 00 00 7e 00 6c 29 00 00 80 00 74 29 00 00 81 00 79 29 00 00 82 00 86 29 00 00 83 00 8c 29 00 00 84 00 9b 29 00 00 85 00 ac 29 00 00 86 00 b5 29 00 00 88 00 ca 29 00 00 89 00 d7 29 00 00 8b 00 dd 29 00 00 8c 00 ec 29 00 00 8e 00 f2 29 00 00 8f 00 04 2a 00 00 91 00 0c 2a 00 00 92 00 11 2a 00 00 94 00 19 2a 00 00 9d 00 21 2a 00 00 9e 00 29 2a 00 00 9f 00 30 2a 00 00 a0 00 37 2a 00 00 a3 00 3e 2a 00 00 a4 00 3f 2a 00 00 a6 00 40 2a 00 00 a7 00 77 2a 00 00 a8 00 ab 2a 00 00 b1 00 e8 2a 00 00 b4 00 10 2b 00 00 b5 00 62 2b 00 00 b6 00 89 2b 00 00 b7 00 b0 2b 00 00 b8 00 d7 2b 00 00 bc 00 ef 2b 00 00 bd 00 f6 2b 00 00 be 00 f9 2b 00 00 bf 00 fb 2b 00 00 c0 00 08 2c 00 00 c2 00 34 2c 00 00 c5 00 49

........n...|.R)..}.a)..~.l)..

..t)....y).....).....).....)..

...).....).....).....).....)..

...).....).....*.....*.....*..

...*....!*....)*....0*....7*..

..>*....?*....@*....w*.....*..

...*.....+....b+.....+.....+..

...+.....+.....+.....+.....+..

...,....4,....I

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 109 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\th.pak unknown 153911 05 00 00 00 01 00 00 00 48 06 d1 00 7c 00 06 29 00 00 7d 00 15 29 00 00 7e 00 1b 29 00 00 81 00 23 29 00 00 82 00 30 29 00 00 83 00 36 29 00 00 84 00 45 29 00 00 85 00 56 29 00 00 86 00 5f 29 00 00 88 00 74 29 00 00 89 00 81 29 00 00 8b 00 87 29 00 00 8c 00 96 29 00 00 8e 00 9c 29 00 00 8f 00 ae 29 00 00 91 00 b6 29 00 00 92 00 bb 29 00 00 93 00 c3 29 00 00 94 00 ce 29 00 00 98 00 d6 29 00 00 9d 00 db 29 00 00 9e 00 e3 29 00 00 9f 00 ea 29 00 00 a0 00 f1 29 00 00 a3 00 f8 29 00 00 a6 00 fa 29 00 00 a7 00 1e 2a 00 00 a8 00 48 2a 00 00 b1 00 9c 2a 00 00 b4 00 c0 2a 00 00 b5 00 05 2b 00 00 b7 00 0e 2b 00 00 b8 00 20 2b 00 00 bc 00 29 2b 00 00 bd 00 30 2b 00 00 bf 00 33 2b 00 00 c0 00 46 2b 00 00 c2 00 6b 2b 00 00 c5 00 77 2b 00 00 ce 00 89 2b 00 00 dc 00 bc

........H...|..)..}..)..~..)..

..#)....0)....6)....E)....V)..

.._)....t).....).....).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....*....H*..

...*.....*.....+.....+.... +..

..)+....0+....3+....F+....k+..

..w+.....+.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\tr.pak unknown 80077 05 00 00 00 01 00 00 00 63 06 b6 00 7c 00 3c 29 00 00 7d 00 4b 29 00 00 7e 00 56 29 00 00 80 00 5e 29 00 00 81 00 63 29 00 00 82 00 70 29 00 00 83 00 76 29 00 00 84 00 85 29 00 00 85 00 96 29 00 00 86 00 9f 29 00 00 88 00 b4 29 00 00 89 00 c1 29 00 00 8b 00 c7 29 00 00 8c 00 d6 29 00 00 8e 00 dc 29 00 00 8f 00 ee 29 00 00 91 00 f6 29 00 00 92 00 fb 29 00 00 94 00 03 2a 00 00 9d 00 0b 2a 00 00 9e 00 13 2a 00 00 9f 00 1a 2a 00 00 a0 00 21 2a 00 00 a3 00 28 2a 00 00 a4 00 29 2a 00 00 a6 00 2a 2a 00 00 a7 00 42 2a 00 00 a8 00 58 2a 00 00 b1 00 6d 2a 00 00 b4 00 83 2a 00 00 b5 00 9d 2a 00 00 b6 00 b5 2a 00 00 b7 00 bc 2a 00 00 b8 00 c7 2a 00 00 bc 00 cc 2a 00 00 bd 00 d3 2a 00 00 be 00 d6 2a 00 00 bf 00 d7 2a 00 00 c0 00 df 2a 00 00 c2 00 ee 2a 00 00 c5 00 f2

........c...|.<)..}.K)..~.V)..

..^)....c)....p)....v).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....!*....(*....)*....**....B*....X*....m*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 110 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\uk.pak unknown 132635 05 00 00 00 01 00 00 00 66 06 b3 00 7c 00 42 29 00 00 7d 00 51 29 00 00 7e 00 5c 29 00 00 80 00 64 29 00 00 81 00 69 29 00 00 82 00 76 29 00 00 83 00 7c 29 00 00 84 00 8b 29 00 00 85 00 9c 29 00 00 86 00 a5 29 00 00 88 00 ba 29 00 00 89 00 c7 29 00 00 8b 00 cd 29 00 00 8c 00 dc 29 00 00 8e 00 e2 29 00 00 8f 00 f4 29 00 00 91 00 fc 29 00 00 92 00 01 2a 00 00 94 00 09 2a 00 00 9d 00 11 2a 00 00 9e 00 19 2a 00 00 9f 00 20 2a 00 00 a0 00 27 2a 00 00 a3 00 2e 2a 00 00 a4 00 2f 2a 00 00 a6 00 30 2a 00 00 a7 00 4d 2a 00 00 a8 00 66 2a 00 00 b1 00 90 2a 00 00 b4 00 bb 2a 00 00 b5 00 fd 2a 00 00 b6 00 0d 2b 00 00 b7 00 1f 2b 00 00 b8 00 31 2b 00 00 bc 00 3f 2b 00 00 bd 00 46 2b 00 00 be 00 49 2b 00 00 bf 00 4a 2b 00 00 c0 00 5d 2b 00 00 c2 00 73 2b 00 00 c5 00 7d

........f...|.B)..}.Q)..~.\)..

..d)....i)....v)....|).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*.....*.....*.... *....'*..

...*..../*....0*....M*....f*..

...*.....*.....*.....+.....+..

..1+....?+....F+....I+....J+..

..]+....s+....}

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\vi.pak unknown 93341 05 00 00 00 01 00 00 00 50 06 c9 00 7c 00 16 29 00 00 7d 00 25 29 00 00 7e 00 30 29 00 00 80 00 38 29 00 00 81 00 3d 29 00 00 82 00 4a 29 00 00 83 00 50 29 00 00 84 00 5f 29 00 00 85 00 70 29 00 00 86 00 79 29 00 00 88 00 8e 29 00 00 89 00 9b 29 00 00 8b 00 a1 29 00 00 8c 00 b0 29 00 00 8e 00 b6 29 00 00 8f 00 c8 29 00 00 91 00 d0 29 00 00 92 00 d5 29 00 00 94 00 dd 29 00 00 9d 00 e5 29 00 00 9e 00 ed 29 00 00 9f 00 f4 29 00 00 a0 00 fb 29 00 00 a3 00 02 2a 00 00 a4 00 03 2a 00 00 a6 00 04 2a 00 00 a7 00 15 2a 00 00 a8 00 26 2a 00 00 b1 00 4f 2a 00 00 b4 00 78 2a 00 00 b5 00 97 2a 00 00 b6 00 a0 2a 00 00 b7 00 a9 2a 00 00 b8 00 b5 2a 00 00 bc 00 bb 2a 00 00 bd 00 c2 2a 00 00 be 00 c5 2a 00 00 bf 00 c6 2a 00 00 c0 00 d0 2a 00 00 c2 00 e2 2a 00 00 c5 00 ec

........P...|..)..}.%)..~.0)..

..8)....=)....J)....P)...._)..

..p)....y).....).....).....)..

...).....).....).....).....)..

...).....).....).....).....)..

...*.....*.....*.....*....&*..

..O*....x*.....*.....*.....*..

...*.....*.....*.....*.....*..

...*.....*.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 111 of 218

C:\Users\user\AppData\Local\Programs\Guilded\locales\zh-CN.pak

unknown 70089 05 00 00 00 01 00 00 00 42 06 d7 00 7c 00 fa 28 00 00 7d 00 09 29 00 00 7e 00 10 29 00 00 7f 00 18 29 00 00 81 00 1e 29 00 00 82 00 23 29 00 00 83 00 29 29 00 00 84 00 38 29 00 00 85 00 49 29 00 00 86 00 52 29 00 00 88 00 67 29 00 00 89 00 74 29 00 00 8e 00 7a 29 00 00 8f 00 8c 29 00 00 92 00 94 29 00 00 93 00 9c 29 00 00 94 00 a7 29 00 00 95 00 af 29 00 00 98 00 be 29 00 00 9d 00 c3 29 00 00 9e 00 cb 29 00 00 a0 00 d2 29 00 00 a3 00 d9 29 00 00 a6 00 db 29 00 00 a7 00 e4 29 00 00 a8 00 f0 29 00 00 b1 00 02 2a 00 00 b4 00 17 2a 00 00 b5 00 29 2a 00 00 b6 00 32 2a 00 00 b7 00 3b 2a 00 00 b8 00 41 2a 00 00 bc 00 47 2a 00 00 bd 00 4e 2a 00 00 be 00 51 2a 00 00 bf 00 53 2a 00 00 c0 00 5d 2a 00 00 c2 00 67 2a 00 00 c5 00 6d 2a 00 00 ce 00 73 2a 00 00 dc 00 7f

........B...|..(..}..)..~..)..

...).....)....#)....))....8)..

..I)....R)....g)....t)....z)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....*.....*..

..)*....2*....;*....A*....G*..

..N*....Q*....S*....]*....g*..

..m*....s*.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\locales\zh-TW.pak

unknown 70153 05 00 00 00 01 00 00 00 3d 06 dc 00 7c 00 f0 28 00 00 7d 00 ff 28 00 00 7e 00 0a 29 00 00 80 00 12 29 00 00 81 00 17 29 00 00 82 00 1f 29 00 00 83 00 25 29 00 00 84 00 34 29 00 00 85 00 45 29 00 00 86 00 4e 29 00 00 88 00 63 29 00 00 89 00 70 29 00 00 8b 00 76 29 00 00 8c 00 85 29 00 00 8e 00 8b 29 00 00 8f 00 9d 29 00 00 91 00 a5 29 00 00 94 00 aa 29 00 00 9d 00 b2 29 00 00 9e 00 ba 29 00 00 9f 00 c1 29 00 00 a0 00 c8 29 00 00 a3 00 cf 29 00 00 a6 00 d1 29 00 00 a7 00 da 29 00 00 a8 00 e6 29 00 00 b1 00 f5 29 00 00 b4 00 07 2a 00 00 b5 00 16 2a 00 00 b6 00 22 2a 00 00 b7 00 2e 2a 00 00 b8 00 34 2a 00 00 bc 00 3a 2a 00 00 bd 00 41 2a 00 00 be 00 44 2a 00 00 bf 00 46 2a 00 00 c0 00 50 2a 00 00 c2 00 60 2a 00 00 c5 00 66 2a 00 00 ce 00 6c 2a 00 00 dc 00 78

........=...|..(..}..(..~..)..

...).....).....)....%)....4)..

..E)....N)....c)....p)....v)..

...).....).....).....).....)..

...).....).....).....).....)..

...).....).....).....).....*..

...*...."*.....*....4*....:*..

..A*....D*....F*....P*....`*..

..f*....l*....x

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 112 of 218

C:\Users\user\AppData\Local\Programs\Guilded\natives_blob.bin

unknown 83237 20 40 43 6f 6d 6d 6f 6e 4f 70 65 72 61 74 69 6f 6e 73 55 ad 0a 28 66 75 6e 63 74 69 6f 6e 28 67 6c 6f 62 61 6c 2c 20 62 69 6e 64 69 6e 67 2c 20 76 38 29 20 7b 0a 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 63 6f 6e 73 74 20 5f 71 75 65 75 65 20 3d 20 76 38 2e 63 72 65 61 74 65 50 72 69 76 61 74 65 53 79 6d 62 6f 6c 28 27 5b 5b 71 75 65 75 65 5d 5d 27 29 3b 0a 63 6f 6e 73 74 20 5f 71 75 65 75 65 54 6f 74 61 6c 53 69 7a 65 20 3d 20 76 38 2e 63 72 65 61 74 65 50 72 69 76 61 74 65 53 79 6d 62 6f 6c 28 27 5b 5b 71 75 65 75 65 54 6f 74 61 6c 53 69 7a 65 5d 5d 27 29 3b 0a 63 6f 6e 73 74 20 5f 69 73 53 65 74 74 6c 65 64 20 3d 20 76 38 2e 63 72 65 61 74 65 50 72 69 76 61 74 65 53 79 6d 62 6f 6c 28 27 69 73 53 65 74 74 6c 65 64 27 29 3b 0a 63 6f 6e 73 74 20 42 6f 6f

@CommonOperationsU..(function(global, binding, v8) {.'use strict';.const _queue = v8.createPrivateSymbol('[[queue]]');.const _queueTotalSize = v8.createPrivateSymbol('[[queueTotalSize]]');.const _isSettled = v8.createPrivateSymbol('isSettled');.const Boo

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources.pak unknown 1048576 05 00 00 00 01 00 00 00 cc 02 02 00 42 31 e2 10 00 00 43 31 d1 7e 00 00 3a 43 f3 89 01 00 3b 43 09 8c 01 00 3c 43 2e 8e 01 00 3d 43 6e 8f 01 00 3e 43 a8 5c 03 00 3f 43 50 60 03 00 40 43 81 65 03 00 41 43 26 6e 03 00 42 43 db 70 03 00 43 43 a3 71 03 00 44 43 ad 75 03 00 45 43 30 78 03 00 46 43 3b 85 03 00 47 43 81 24 04 00 48 43 38 2d 04 00 49 43 56 2e 04 00 4a 43 7d 2f 04 00 4b 43 66 30 04 00 4c 43 6c 35 04 00 4d 43 48 37 04 00 4e 43 68 3c 04 00 4f 43 af 41 04 00 50 43 ee 55 04 00 51 43 b5 68 04 00 52 43 be 6d 04 00 53 43 62 6f 04 00 54 43 1f 77 04 00 55 43 1a 80 04 00 56 43 74 8c 04 00 60 43 93 61 05 00 61 43 25 67 05 00 62 43 af 69 05 00 63 43 52 6b 05 00 64 43 42 72 05 00 65 43 68 7a 05 00 66 43 9b 7d 05 00 67 43 3c 7f 05 00 68 43 31 87 05 00 69 43 da

............B1....C1.~..:C....;C....<C....=Cn...>C.\..?CP`..@C.e..AC&n..BC.p..CC.q..DC.u..EC0x..FC;...GC.$..HC8-..ICV...JC}/..KCf0..LCl5..MCH7..NCh<..OC.A..PC.U..QC.h..RC.m..SCbo..TC.w..UC....VCt...`C.a..aC%g..bC.i..cCRk..dCBr..eChz..fC.}..gC<...hC1...iC.

success or wait 4 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 113 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources.pak unknown 1048576 7b 22 6e 61 6d 65 22 3a 22 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 22 2c 22 69 6e 68 65 72 69 74 65 64 22 3a 74 72 75 65 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 22 2c 22 69 6e 68 65 72 69 74 65 64 22 3a 74 72 75 65 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 65 78 74 2d 75 6e 64 65 72 6c 69 6e 65 2d 70 6f 73 69 74 69 6f 6e 22 2c 22 69 6e 68 65 72 69 74 65 64 22 3a 74 72 75 65 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 6f 70 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 6f 75 63 68 2d 61 63 74 69 6f 6e 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 72 61 6e 73 66 6f 72 6d 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 72 61 6e 73 66 6f 72 6d 2d 62 6f 78 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 22 7d 2c 7b 22

{"name":"text-size-adjust","inherited":true},{"name":"text-transform","inherited":true},{"name":"text-underline-position","inherited":true},{"name":"top"},{"name":"touch-action"},{"name":"transform"},{"name":"transform-box"},{"name":"transform-origin"},{"

success or wait 5 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app-update.yml

unknown 147 70 72 6f 76 69 64 65 72 3a 20 67 65 6e 65 72 69 63 0a 75 72 6c 3a 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 2f 41 70 70 42 75 69 6c 64 73 2f 77 69 6e 27 0a 63 68 61 6e 6e 65 6c 3a 20 72 65 6c 65 61 73 65 0a 75 70 64 61 74 65 72 43 61 63 68 65 44 69 72 4e 61 6d 65 3a 20 67 75 69 6c 64 65 64 2d 75 70 64 61 74 65 72 0a 70 75 62 6c 69 73 68 65 72 4e 61 6d 65 3a 0a 20 20 2d 20 47 55 49 4c 44 45 44 20 4c 4c 43 0a

provider: generic.url: 'https://www.guilded.gg/AppBuilds/win'.channel: release.updaterCacheDirName: guilded-updater.publisherName:. - GUILDED LLC.

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 114 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar

unknown 1048576 04 00 00 00 54 70 02 00 50 70 02 00 4b 70 02 00 7b 22 66 69 6c 65 73 22 3a 7b 22 65 6c 65 63 74 72 6f 6e 61 70 70 62 61 63 6b 67 72 6f 75 6e 64 77 6f 72 6b 65 72 2e 68 74 6d 6c 22 3a 7b 22 73 69 7a 65 22 3a 34 36 36 2c 22 6f 66 66 73 65 74 22 3a 22 30 22 7d 2c 22 69 6e 73 74 61 6c 6c 65 72 2e 6e 73 68 22 3a 7b 22 73 69 7a 65 22 3a 31 35 36 2c 22 6f 66 66 73 65 74 22 3a 22 34 36 36 22 7d 2c 22 6d 61 69 6e 2e 6a 73 22 3a 7b 22 73 69 7a 65 22 3a 39 37 32 2c 22 6f 66 66 73 65 74 22 3a 22 36 32 32 22 7d 2c 22 70 61 63 6b 61 67 65 2e 6a 73 6f 6e 22 3a 7b 22 73 69 7a 65 22 3a 37 36 38 2c 22 6f 66 66 73 65 74 22 3a 22 31 35 39 34 22 7d 2c 22 70 72 65 6c 6f 61 64 2e 6a 73 22 3a 7b 22 73 69 7a 65 22 3a 31 30 31 2c 22 6f 66 66 73 65 74 22 3a 22 32 33 36 32 22 7d 2c

....Tp..Pp..Kp..{"files":{"electronappbackgroundworker.html":{"size":466,"offset":"0"},"installer.nsh":{"size":156,"offset":"466"},"main.js":{"size":972,"offset":"622"},"package.json":{"size":768,"offset":"1594"},"preload.js":{"size":101,"offset":"2362"},

success or wait 8 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar

unknown 1048576 74 72 79 45 6e 74 72 69 65 73 5b 69 5d 2e 63 6f 6d 70 6c 65 74 69 6f 6e 2e 20 54 68 69 73 20 69 6e 74 65 72 66 61 63 65 20 63 6f 75 6c 64 5c 6e 20 20 2f 2f 20 68 61 76 65 20 62 65 65 6e 20 28 61 6e 64 20 77 61 73 20 70 72 65 76 69 6f 75 73 6c 79 29 20 64 65 73 69 67 6e 65 64 20 74 6f 20 74 61 6b 65 20 61 20 63 6c 6f 73 75 72 65 20 74 6f 20 62 65 5c 6e 20 20 2f 2f 20 69 6e 76 6f 6b 65 64 20 77 69 74 68 6f 75 74 20 61 72 67 75 6d 65 6e 74 73 2c 20 62 75 74 20 69 6e 20 61 6c 6c 20 74 68 65 20 63 61 73 65 73 20 77 65 20 63 61 72 65 20 61 62 6f 75 74 20 77 65 5c 6e 20 20 2f 2f 20 61 6c 72 65 61 64 79 20 68 61 76 65 20 61 6e 20 65 78 69 73 74 69 6e 67 20 6d 65 74 68 6f 64 20 77 65 20 77 61 6e 74 20 74 6f 20 63 61 6c 6c 2c 20 73 6f 20 74 68 65 72 65 27 73 20 6e

tryEntries[i].completion. This interface could\n // have been (and was previously) designed to take a closure to be\n // invoked without arguments, but in all the cases we care about we\n // already have an existing method we want to call, so there's n

success or wait 17 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 115 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\.github\ISSUE_TEMPLATE.md

unknown 1226 3c 21 2d 2d 2d 20 50 72 6f 76 69 64 65 20 61 20 67 65 6e 65 72 61 6c 20 73 75 6d 6d 61 72 79 20 6f 66 20 74 68 65 20 69 73 73 75 65 20 69 6e 20 74 68 65 20 54 69 74 6c 65 20 61 62 6f 76 65 20 2d 2d 3e 0a 0a 23 23 20 45 78 70 65 63 74 65 64 20 42 65 68 61 76 69 6f 72 0a 3c 21 2d 2d 2d 20 49 66 20 79 6f 75 27 72 65 20 64 65 73 63 72 69 62 69 6e 67 20 61 20 62 75 67 2c 20 74 65 6c 6c 20 75 73 20 77 68 61 74 20 73 68 6f 75 6c 64 20 68 61 70 70 65 6e 20 2d 2d 3e 0a 3c 21 2d 2d 2d 20 49 66 20 79 6f 75 27 72 65 20 73 75 67 67 65 73 74 69 6e 67 20 61 20 63 68 61 6e 67 65 2f 69 6d 70 72 6f 76 65 6d 65 6e 74 2c 20 74 65 6c 6c 20 75 73 20 68 6f 77 20 69 74 20 73 68 6f 75 6c 64 20 77 6f 72 6b 20 2d 2d 3e 0a 0a 23 23 20 43 75 72 72 65 6e 74 20 42 65 68 61 76 69 6f 72

- Provide a general summary of the issue in the Title above -->..## Expected Behavior. - If you're describing a bug, tell us what should happen -->. - If you're suggesting a change/improvement, tell us how it should work -->..## Current Behavior

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\.github\PULL_REQUEST_TEMPLATE.md

unknown 1340 3c 21 2d 2d 2d 20 50 72 6f 76 69 64 65 20 61 20 67 65 6e 65 72 61 6c 20 73 75 6d 6d 61 72 79 20 6f 66 20 79 6f 75 72 20 63 68 61 6e 67 65 73 20 69 6e 20 74 68 65 20 54 69 74 6c 65 20 61 62 6f 76 65 20 2d 2d 3e 0a 0a 23 23 20 44 65 73 63 72 69 70 74 69 6f 6e 0a 3c 21 2d 2d 2d 20 44 65 73 63 72 69 62 65 20 79 6f 75 72 20 63 68 61 6e 67 65 73 20 69 6e 20 64 65 74 61 69 6c 20 2d 2d 3e 0a 0a 23 23 20 4d 6f 74 69 76 61 74 69 6f 6e 20 61 6e 64 20 43 6f 6e 74 65 78 74 0a 3c 21 2d 2d 2d 20 57 68 79 20 69 73 20 74 68 69 73 20 63 68 61 6e 67 65 20 72 65 71 75 69 72 65 64 3f 20 57 68 61 74 20 70 72 6f 62 6c 65 6d 20 64 6f 65 73 20 69 74 20 73 6f 6c 76 65 3f 20 2d 2d 3e 0a 3c 21 2d 2d 2d 20 49 66 20 69 74 20 66 69 78 65 73 20 61 6e 20 6f 70 65 6e 20 69 73 73 75 65 2c

- Provide a general summary of your changes in the Title above -->..## Description. - Describe your changes in detail -->..## Motivation and Context. - Why is this change required? What problem does it solve? -->. - If it fixes an open issue,

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 116 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\CMakeLists.txt

unknown 3861 63 6d 61 6b 65 5f 6d 69 6e 69 6d 75 6d 5f 72 65 71 75 69 72 65 64 28 56 45 52 53 49 4f 4e 20 32 2e 38 29 0a 0a 6d 61 63 72 6f 28 75 73 65 5f 63 39 39 29 0a 20 20 69 66 20 28 43 4d 41 4b 45 5f 56 45 52 53 49 4f 4e 20 56 45 52 53 49 4f 4e 5f 4c 45 53 53 20 22 33 2e 31 22 29 0a 20 20 20 20 69 66 20 28 43 4d 41 4b 45 5f 43 5f 43 4f 4d 50 49 4c 45 52 5f 49 44 20 53 54 52 45 51 55 41 4c 20 22 47 4e 55 22 29 0a 20 20 20 20 20 20 73 65 74 20 28 43 4d 41 4b 45 5f 43 5f 46 4c 41 47 53 20 22 2d 2d 73 74 64 3d 67 6e 75 39 39 20 24 7b 43 4d 41 4b 45 5f 43 5f 46 4c 41 47 53 7d 22 29 0a 20 20 20 20 65 6e 64 69 66 20 28 29 0a 20 20 65 6c 73 65 20 28 29 0a 20 20 20 20 73 65 74 20 28 43 4d 41 4b 45 5f 43 5f 53 54 41 4e 44 41 52 44 20 39 39 29 0a 20 20 65 6e 64 69 66 20 28

cmake_minimum_required(VERSION 2.8)..macro(use_c99). if (CMAKE_VERSION VERSION_LESS "3.1"). if (CMAKE_C_COMPILER_ID STREQUAL "GNU"). set (CMAKE_C_FLAGS "--std=gnu99 ${CMAKE_C_FLAGS}"). endif (). else (). set (CMAKE_C_STANDARD 99). endif (

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\LICENSE

unknown 1062 4d 49 54 20 4c 69 63 65 6e 73 65 0a 0a 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 36 20 77 69 6c 69 78 0a 0a 50 65 72 6d 69 73 73 69 6f 6e 20 69 73 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 2c 20 66 72 65 65 20 6f 66 20 63 68 61 72 67 65 2c 20 74 6f 20 61 6e 79 20 70 65 72 73 6f 6e 20 6f 62 74 61 69 6e 69 6e 67 20 61 20 63 6f 70 79 0a 6f 66 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 61 6e 64 20 61 73 73 6f 63 69 61 74 65 64 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 69 6c 65 73 20 28 74 68 65 20 22 53 6f 66 74 77 61 72 65 22 29 2c 20 74 6f 20 64 65 61 6c 0a 69 6e 20 74 68 65 20 53 6f 66 74 77 61 72 65 20 77 69 74 68 6f 75 74 20 72 65 73 74 72 69 63 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 69 74 68 6f 75 74 20 6c 69 6d 69 74 61

MIT License..Copyright (c) 2016 wilix..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limita

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\_config.yml

unknown 28 74 68 65 6d 65 3a 20 6a 65 6b 79 6c 6c 2d 74 68 65 6d 65 2d 6d 69 64 6e 69 67 68 74

theme: jekyll-theme-midnight

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 117 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\build.js

unknown 4037 63 6f 6e 73 74 20 73 70 61 77 6e 20 3d 20 72 65 71 75 69 72 65 28 27 63 68 69 6c 64 5f 70 72 6f 63 65 73 73 27 29 2e 73 70 61 77 6e 3b 0a 63 6f 6e 73 74 20 66 73 20 3d 20 72 65 71 75 69 72 65 28 27 66 73 27 29 3b 0a 63 6f 6e 73 74 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0a 63 6f 6e 73 74 20 6d 6b 64 69 72 70 20 3d 20 72 65 71 75 69 72 65 28 27 6d 6b 64 69 72 70 27 29 3b 0a 63 6f 6e 73 74 20 61 72 63 68 69 76 65 72 20 3d 20 72 65 71 75 69 72 65 28 27 61 72 63 68 69 76 65 72 27 29 3b 0a 63 6f 6e 73 74 20 7a 6c 69 62 20 3d 20 72 65 71 75 69 72 65 28 27 7a 6c 69 62 27 29 3b 0a 63 6f 6e 73 74 20 61 72 67 76 20 3d 20 72 65 71 75 69 72 65 28 27 6d 69 6e 69 6d 69 73 74 27 29 28 0a 20 20 20 20 70 72 6f 63 65 73 73 2e 61 72 67 76 2e

const spawn = require('child_process').spawn;.const fs = require('fs');.const path = require('path');.const mkdirp = require('mkdirp');.const archiver = require('archiver');.const zlib = require('zlib');.const argv = require('minimist')(. process.argv.

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-darwin-x64\build\Release\iohook.node

unknown 77960 cf fa ed fe 07 00 00 01 03 00 00 00 06 00 00 00 13 00 00 00 c0 09 00 00 85 80 11 00 00 00 00 00 19 00 00 00 78 02 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 07 00 00 00 05 00 00 00 07 00 00 00 00 00 00 00 5f 5f 74 65 78 74 00 00 00 00 00 00 00 00 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 60 33 00 00 00 00 00 00 3e 66 00 00 00 00 00 00 60 33 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 04 00 80 00 00 00 00 00 00 00 00 00 00 00 00 5f 5f 73 74 75 62 73 00 00 00 00 00 00 00 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 9e 99 00 00 00 00 00 00 6c 03 00 00 00 00 00 00 9e 99 00 00 01 00 00 00 00 00 00 00 00 00 00 00 08 04 00 80 00 00 00

..............................

......x...__TEXT..............

..............................

..............__text..........__TEXT..........`3......>f......`3..............................__stubs.........__TEXT..................l..............................

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 118 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-ia32\build\Release\iohook.node

unknown 90184 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 03 00 3e 00 01 00 00 00 c0 5d 00 00 00 00 00 00 40 00 00 00 00 00 00 00 e8 16 01 00 00 00 00 00 00 00 00 00 40 00 38 00 07 00 40 00 1e 00 1b 00 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e7 fd 00 00 00 00 00 00 e7 fd 00 00 00 00 00 00 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00 98 09 01 00 00 00 00 00 98 09 21 00 00 00 00 00 98 09 21 00 00 00 00 00 10 0c 00 00 00 00 00 00 48 0e 00 00 00 00 00 00 00 00 20 00 00 00 00 00 02 00 00 00 06 00 00 00 a8 0c 01 00 00 00 00 00 a8 0c 21 00 00 00 00 00 a8 0c 21 00 00 00 00 00 70 02 00 00 00 00 00 00 70 02 00 00 00 00 00 00 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 c8 01 00 00 00 00 00 00 c8 01 00 00 00 00 00

.ELF..............>......]....

..@...................@.8...@.

..............................

........................ .....

..................!.......!...

..........H......... .........

..............!.......!.....p.

......p.......................

...............

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-linux-x64\build\Release\iohook.node

unknown 90184 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 03 00 3e 00 01 00 00 00 c0 5d 00 00 00 00 00 00 40 00 00 00 00 00 00 00 e8 16 01 00 00 00 00 00 00 00 00 00 40 00 38 00 07 00 40 00 1e 00 1b 00 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e7 fd 00 00 00 00 00 00 e7 fd 00 00 00 00 00 00 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00 98 09 01 00 00 00 00 00 98 09 21 00 00 00 00 00 98 09 21 00 00 00 00 00 10 0c 00 00 00 00 00 00 48 0e 00 00 00 00 00 00 00 00 20 00 00 00 00 00 02 00 00 00 06 00 00 00 a8 0c 01 00 00 00 00 00 a8 0c 21 00 00 00 00 00 a8 0c 21 00 00 00 00 00 70 02 00 00 00 00 00 00 70 02 00 00 00 00 00 00 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 c8 01 00 00 00 00 00 00 c8 01 00 00 00 00 00

.ELF..............>......]....

..@...................@.8...@.

..............................

........................ .....

..................!.......!...

..........H......... .........

..............!.......!.....p.

......p.......................

...............

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 119 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build\Release\iohook.node

unknown 32768 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c1 9f 5e 39 85 fe 30 6a 85 fe 30 6a 85 fe 30 6a 8c 86 a3 6a 8d fe 30 6a d7 96 34 6b 8f fe 30 6a d7 96 33 6b 84 fe 30 6a d7 96 31 6b 81 fe 30 6a d7 96 35 6b 93 fe 30 6a e8 a3 31 6b 87 fe 30 6a 13 97 31 6b 86 fe 30 6a 85 fe 31 6a f4 fe 30 6a 13 97 35 6b 87 fe 30 6a 13 97 30 6b 84 fe 30 6a 13 97 cf 6a 84 fe 30 6a 13 97 32 6b 84 fe 30 6a 52 69 63 68 85 fe 30 6a 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^9..0j..0j..0j...j..0j..4k..0j..3k..0j..1k..0j..5k..0j..1k..0j..1k..0j..1j..0j..5k..0j..0k..0j...j..0j..2k..0jRich..0j.......

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build\Release\iohook.node

unknown 38912 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c7 be ad 89 83 df c3 da 83 df c3 da 83 df c3 da 8a a7 50 da 8b df c3 da d1 b7 c7 db 84 df c3 da d1 b7 c0 db 82 df c3 da d1 b7 c2 db 87 df c3 da d1 b7 c6 db 95 df c3 da ee 82 c2 db 81 df c3 da 15 b6 c2 db 80 df c3 da 83 df c2 da f1 df c3 da 15 b6 c6 db 81 df c3 da 15 b6 c3 db 82 df c3 da 15 b6 3c da 82 df c3 da 15 b6 c1 db 82 df c3 da 52 69 63 68 83 df c3 da 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................P...............................................................................<.............Rich...........

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 120 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-darwin-x64\build\Release\iohook.node

unknown 77384 cf fa ed fe 07 00 00 01 03 00 00 00 06 00 00 00 13 00 00 00 c0 09 00 00 85 80 11 00 00 00 00 00 19 00 00 00 78 02 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 07 00 00 00 05 00 00 00 07 00 00 00 00 00 00 00 5f 5f 74 65 78 74 00 00 00 00 00 00 00 00 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 e0 34 00 00 00 00 00 00 2e 65 00 00 00 00 00 00 e0 34 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 04 00 80 00 00 00 00 00 00 00 00 00 00 00 00 5f 5f 73 74 75 62 73 00 00 00 00 00 00 00 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 0e 9a 00 00 00 00 00 00 60 03 00 00 00 00 00 00 0e 9a 00 00 01 00 00 00 00 00 00 00 00 00 00 00 08 04 00 80 00 00 00

..............................

......x...__TEXT..............

..............................

..............__text..........__TEXT...........4.......e.......4..............................__stubs.........__TEXT..................`..............................

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-ia32\build\Release\iohook.node

unknown 89974 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 03 00 3e 00 01 00 00 00 c0 5c 00 00 00 00 00 00 40 00 00 00 00 00 00 00 c8 16 01 00 00 00 00 00 00 00 00 00 40 00 38 00 07 00 40 00 1e 00 1b 00 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fa 00 00 00 00 00 00 03 fa 00 00 00 00 00 00 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00 98 09 01 00 00 00 00 00 98 09 21 00 00 00 00 00 98 09 21 00 00 00 00 00 f0 0b 00 00 00 00 00 00 28 0e 00 00 00 00 00 00 00 00 20 00 00 00 00 00 02 00 00 00 06 00 00 00 a8 0c 01 00 00 00 00 00 a8 0c 21 00 00 00 00 00 a8 0c 21 00 00 00 00 00 70 02 00 00 00 00 00 00 70 02 00 00 00 00 00 00 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 c8 01 00 00 00 00 00 00 c8 01 00 00 00 00 00

.ELF..............>......\....

..@...................@.8...@.

..............................

........................ .....

..................!.......!.............(......... .......................!.......!.....p.......p......................................

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 121 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-linux-x64\build\Release\iohook.node

unknown 89974 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 03 00 3e 00 01 00 00 00 c0 5c 00 00 00 00 00 00 40 00 00 00 00 00 00 00 c8 16 01 00 00 00 00 00 00 00 00 00 40 00 38 00 07 00 40 00 1e 00 1b 00 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fa 00 00 00 00 00 00 03 fa 00 00 00 00 00 00 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00 98 09 01 00 00 00 00 00 98 09 21 00 00 00 00 00 98 09 21 00 00 00 00 00 f0 0b 00 00 00 00 00 00 28 0e 00 00 00 00 00 00 00 00 20 00 00 00 00 00 02 00 00 00 06 00 00 00 a8 0c 01 00 00 00 00 00 a8 0c 21 00 00 00 00 00 a8 0c 21 00 00 00 00 00 70 02 00 00 00 00 00 00 70 02 00 00 00 00 00 00 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 c8 01 00 00 00 00 00 00 c8 01 00 00 00 00 00

.ELF..............>......\....

..@...................@.8...@.

..............................

........................ .....

..................!.......!.............(......... .......................!.......!.....p.......p......................................

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build\Release\iohook.node

unknown 29696 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 10 a4 2e eb 54 c5 40 b8 54 c5 40 b8 54 c5 40 b8 5d bd d3 b8 5c c5 40 b8 06 ad 44 b9 5e c5 40 b8 06 ad 43 b9 55 c5 40 b8 06 ad 41 b9 50 c5 40 b8 06 ad 45 b9 47 c5 40 b8 39 98 41 b9 56 c5 40 b8 c2 ac 41 b9 57 c5 40 b8 54 c5 41 b8 39 c5 40 b8 c2 ac 45 b9 56 c5 40 b8 c2 ac 40 b9 55 c5 40 b8 c2 ac bf b8 55 c5 40 b8 c2 ac 42 b9 55 c5 40 b8 52 69 63 68 54 c5 40 b8 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........T.@.T.@.T.@.]...\.@...D.^.@...C.U.@...A.P.@...E.G.@.9.A.V.@...A.W.@.T.A.9.@...E.V.@...@.U.@.....U.@...B.U.@.RichT.@........

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 122 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build\Release\iohook.node

unknown 34816 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 14 c7 bd 1b 50 a6 d3 48 50 a6 d3 48 50 a6 d3 48 59 de 40 48 58 a6 d3 48 02 ce d7 49 57 a6 d3 48 02 ce d0 49 51 a6 d3 48 02 ce d2 49 54 a6 d3 48 02 ce d6 49 43 a6 d3 48 3d fb d2 49 52 a6 d3 48 c6 cf d2 49 53 a6 d3 48 50 a6 d2 48 3e a6 d3 48 c6 cf d6 49 52 a6 d3 48 c6 cf d3 49 51 a6 d3 48 c6 cf 2c 48 51 a6 d3 48 c6 cf d1 49 51 a6 d3 48 52 69 63 68 50 a6 d3 48 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........P..HP..HP..HY.@HX..H...IW..H...IQ..H...IT..H...IC..H=..IR..H...IS..HP..H>..H...IR..H...IQ..H..,HQ..H...IQ..HRichP..H.......

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\deploy-docs.sh

unknown 382 23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 73 68 0a 0a 23 20 61 62 6f 72 74 20 6f 6e 20 65 72 72 6f 72 73 0a 73 65 74 20 2d 65 0a 0a 23 20 62 75 69 6c 64 0a 6e 70 6d 20 72 75 6e 20 64 6f 63 73 3a 62 75 69 6c 64 0a 0a 23 20 6e 61 76 69 67 61 74 65 20 69 6e 74 6f 20 74 68 65 20 62 75 69 6c 64 20 6f 75 74 70 75 74 20 64 69 72 65 63 74 6f 72 79 0a 63 64 20 64 6f 63 73 2f 2e 76 75 65 70 72 65 73 73 2f 64 69 73 74 0a 0a 23 20 69 66 20 79 6f 75 20 61 72 65 20 64 65 70 6c 6f 79 69 6e 67 20 74 6f 20 61 20 63 75 73 74 6f 6d 20 64 6f 6d 61 69 6e 0a 23 20 65 63 68 6f 20 27 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 27 20 3e 20 43 4e 41 4d 45 0a 0a 67 69 74 20 69 6e 69 74 0a 67 69 74 20 61 64 64 20 2d 41 0a 67 69 74 20 63 6f 6d 6d 69 74 20 2d 6d 20 27 64 65 70 6c

#!/usr/bin/env sh..# abort on errors.set -e..# build.npm run docs:build..# navigate into the build output directory.cd docs/.vuepress/dist..# if you are deploying to a custom domain.# echo 'www.example.com' > CNAME..git init.git add -A.git commit -m 'depl

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 123 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\.vuepress\config.js

unknown 553 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 20 3d 20 7b 0a 20 20 74 69 74 6c 65 3a 20 27 69 6f 68 6f 6f 6b 27 2c 0a 20 20 64 65 73 63 72 69 70 74 69 6f 6e 3a 20 27 4e 6f 64 65 2e 6a 73 20 67 6c 6f 62 61 6c 20 6e 61 74 69 76 65 20 6b 65 79 62 6f 61 72 64 20 61 6e 64 20 6d 6f 75 73 65 20 6c 69 73 74 65 6e 65 72 2e 27 2c 0a 20 20 62 61 73 65 3a 20 27 2f 69 6f 68 6f 6f 6b 2f 27 2c 0a 20 20 74 68 65 6d 65 43 6f 6e 66 69 67 3a 20 7b 0a 20 20 20 20 72 65 70 6f 3a 20 27 57 69 6c 69 78 4c 65 61 64 2f 69 6f 68 6f 6f 6b 27 2c 0a 20 20 20 20 65 64 69 74 4c 69 6e 6b 73 3a 20 74 72 75 65 2c 0a 20 20 20 20 64 6f 63 73 44 69 72 3a 20 27 64 6f 63 73 27 2c 0a 20 20 20 20 65 64 69 74 4c 69 6e 6b 54 65 78 74 3a 20 27 45 64 69 74 20 74 68 69 73 20 70 61 67 65 20 6f 6e 20 47 69

module.exports = {. title: 'iohook',. description: 'Node.js global native keyboard and mouse listener.',. base: '/iohook/',. themeConfig: {. repo: 'WilixLead/iohook',. editLinks: true,. docsDir: 'docs',. editLinkText: 'Edit this page on Gi

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\.vuepress\override.styl

unknown 90 24 61 63 63 65 6e 74 43 6f 6c 6f 72 20 3d 20 23 32 39 38 30 62 39 0a 24 74 65 78 74 43 6f 6c 6f 72 20 3d 20 23 32 63 33 65 35 30 0a 24 62 6f 72 64 65 72 43 6f 6c 6f 72 20 3d 20 23 65 61 65 63 65 66 0a 24 63 6f 64 65 42 67 43 6f 6c 6f 72 20 3d 20 23 32 38 32 63 33 34 0a

$accentColor = #2980b9.$textColor = #2c3e50.$borderColor = #eaecef.$codeBgColor = #282c34.

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\README.md

unknown 1004 23 20 69 6f 68 6f 6f 6b 0a 23 23 20 41 62 6f 75 74 0a 4e 6f 64 65 2e 6a 73 20 67 6c 6f 62 61 6c 20 6e 61 74 69 76 65 20 6b 65 79 62 6f 61 72 64 20 61 6e 64 20 6d 6f 75 73 65 20 6c 69 73 74 65 6e 65 72 2e 0a 0a 54 68 69 73 20 6d 6f 64 75 6c 65 20 63 61 6e 20 68 61 6e 64 6c 65 20 6b 65 79 62 6f 61 72 64 20 61 6e 64 20 6d 6f 75 73 65 20 65 76 65 6e 74 73 20 76 69 61 20 6e 61 74 69 76 65 20 68 6f 6f 6b 73 20 69 6e 73 69 64 65 20 61 6e 64 20 6f 75 74 73 69 64 65 20 79 6f 75 72 20 4a 61 76 61 53 63 72 69 70 74 2f 54 79 70 65 53 63 72 69 70 74 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 0a 0a 49 74 20 69 73 20 66 75 6c 6c 79 20 63 6f 6d 70 61 74 69 62 6c 65 20 77 69 74 68 20 5b 45 6c 65 63 74 72 6f 6e 5d 28 68 74 74 70 73 3a 2f 2f 65 6c 65 63 74 72 6f 6e 6a 73 2e 6f

# iohook.## About.Node.js global native keyboard and mouse listener...This module can handle keyboard and mouse events via native hooks inside and outside your Javascript/Typescr<wbr>ipt application...It is fully compatible with [Electron](https://electronjs.o

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 124 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\faq.md

unknown 127 23 20 46 41 51 0a 0a 51 2e 20 2a 44 6f 65 73 20 74 68 69 73 20 6d 6f 64 75 6c 65 20 72 65 71 75 69 72 65 20 4a 61 76 61 20 3f 2a 0a 0a 41 2e 20 4e 6f 2c 20 74 68 69 73 20 6d 6f 64 75 6c 65 20 64 6f 65 73 6e 27 74 20 72 65 71 75 69 72 65 20 4a 61 76 61 20 28 6c 69 6b 65 20 6a 6e 61 74 69 76 65 68 6f 6f 6b 29 20 6f 72 20 61 6e 79 20 6f 74 68 65 72 20 72 75 6e 74 69 6d 65 73 2e 0a

# FAQ..Q. *Does this module require Java ?*..A. No, this module doesn't require Java (like jnativehook) or any other runtimes..

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\installation.md

unknown 575 23 20 49 6e 73 74 61 6c 6c 61 74 69 6f 6e 0a 0a 69 6f 68 6f 6f 6b 20 70 72 6f 76 69 64 65 73 20 70 72 65 62 75 69 6c 74 20 76 65 72 73 69 6f 6e 73 20 66 6f 72 20 61 20 62 75 6e 63 68 20 6f 66 20 4f 53 65 73 20 61 6e 64 20 72 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 73 2e 0a 0a 60 60 60 62 61 73 68 0a 6e 70 6d 20 69 6e 73 74 61 6c 6c 20 69 6f 68 6f 6f 6b 20 2d 2d 73 61 76 65 20 23 20 6f 72 20 79 61 72 6e 20 61 64 64 20 69 6f 68 6f 6f 6b 0a 60 60 60 0a 0a 69 6f 68 6f 6f 6b 20 63 75 72 72 65 6e 74 6c 79 20 70 72 6f 76 69 64 65 73 20 70 72 65 62 75 69 6c 74 20 76 65 72 73 69 6f 6e 73 20 66 6f 72 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 72 75 6e 74 69 6d 65 73 3a 0a 0a 2d 20 45 6c 65 63 74 72 6f 6e 3a 0a 20 20 2d 20 31 2e 30 2e 58 20 28 41 42 49 20 34 37

# Installation..iohook provides prebuilt versions for a bunch of OSes and runtime versions...```bash.npm install iohook --save # or yarn add iohook.```..iohook currently provides prebuilt versions for the following runtimes:..- Electron:. - 1.0.X (ABI 47

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 125 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\manual-build.md

unknown 3149 23 20 4d 61 6e 75 61 6c 20 42 75 69 6c 64 0a 0a 3a 3a 3a 20 74 69 70 20 49 4e 46 4f 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 72 65 71 75 69 72 65 64 20 66 6f 72 20 72 65 67 75 6c 61 72 20 75 73 65 72 73 2e 20 59 6f 75 20 73 68 6f 75 6c 64 20 66 6f 6c 6c 6f 77 20 74 68 69 73 20 70 61 67 65 20 6f 6e 6c 79 20 69 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 62 75 69 6c 64 20 74 68 65 20 73 6f 75 72 63 65 20 66 69 6c 65 73 20 79 6f 75 72 73 65 6c 66 2e 0a 3a 3a 3a 0a 0a 46 69 72 73 74 6c 79 2c 20 72 75 6e 20 74 68 69 73 20 73 63 72 69 70 74 0a 60 60 60 6a 73 0a 63 6f 6e 73 74 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0a 63 6f 6e 73 74 20 72 75 6e 74 69 6d 65 20 3d 20 70 72 6f 63 65 73 73 2e 76 65 72 73 69 6f 6e 73 5b 27 65 6c 65 63 74

# Manual Build..::: tip INFO.This is not required for regular users. You should follow this page only if you want to build the source files yourself..:::..Firstly, run this script.```js.const path = require('path');.const runtime = process.versions['elect

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\os-support.md

unknown 168 23 20 4f 53 20 53 75 70 70 6f 72 74 0a 45 76 65 72 79 20 69 6f 68 6f 6f 6b 20 76 65 72 73 69 6f 6e 20 69 73 20 62 75 69 6c 74 20 6f 6e 20 4c 69 6e 75 78 20 61 6e 64 20 57 69 6e 64 6f 77 73 2e 20 49 74 20 68 61 73 20 62 65 65 6e 20 74 65 73 74 65 64 20 6f 6e 3a 0a 0a 2d 20 55 62 75 6e 74 75 20 31 36 2e 30 34 20 2f 20 31 37 2e 30 34 0a 2d 20 6d 61 63 4f 53 20 48 69 67 68 20 53 69 65 72 72 61 20 31 30 2e 31 33 2e 32 20 61 6e 64 20 6f 6c 64 65 72 0a 2d 20 57 69 6e 64 6f 77 73 20 78 33 32 2f 78 36 34 0a

# OS Support.Every iohook version is built on Linux and Windows. It has been tested on:..- Ubuntu 16.04 / 17.04.- macOS High Sierra 10.13.2 and older.- Windows x32/x64.

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 126 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\docs\usage.md

unknown 4471 23 20 55 73 61 67 65 0a 23 23 20 55 73 61 67 65 20 77 69 74 68 20 45 6c 65 63 74 72 6f 6e 0a 42 65 66 6f 72 65 20 69 6e 73 74 61 6c 6c 69 6e 67 20 74 68 69 73 20 6d 6f 64 75 6c 65 2c 20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 6f 20 73 65 74 20 61 20 72 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 2e 0a 0a 57 68 65 6e 20 64 65 76 65 6c 6f 70 69 6e 67 20 77 69 74 68 20 77 65 62 70 61 63 6b 2c 20 79 6f 75 20 77 69 6c 6c 20 6e 65 65 64 20 74 68 65 20 4e 6f 64 65 2e 6a 73 20 72 75 6e 74 69 6d 65 2e 20 49 6e 20 70 72 6f 64 75 63 74 69 6f 6e 2c 20 79 6f 75 72 20 45 6c 65 63 74 72 6f 6e 20 61 70 70 20 77 69 6c 6c 20 6e 65 65 64 20 74 68 65 20 45 6c 65 63 74 72 6f 6e 20 76 65 72 73 69 6f 6e 2e 0a 0a 43 68 65 63 6b 6f 75 74 20 79 6f 75 72 20 41 42 49 20 66 6f 72

# Usage.## Usage with Electron.Before installing this module, you will need to set a runtime version...When developing with webpack, you will need the Node.js runtime. In production, your Electron app will need the Electron version...Checkout your ABI for

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\index.js

unknown 10848 63 6f 6e 73 74 20 45 76 65 6e 74 45 6d 69 74 74 65 72 20 3d 20 72 65 71 75 69 72 65 28 27 65 76 65 6e 74 73 27 29 3b 0a 63 6f 6e 73 74 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0a 0a 63 6f 6e 73 74 20 72 75 6e 74 69 6d 65 20 3d 20 70 72 6f 63 65 73 73 2e 76 65 72 73 69 6f 6e 73 5b 27 65 6c 65 63 74 72 6f 6e 27 5d 20 3f 20 27 65 6c 65 63 74 72 6f 6e 27 20 3a 20 27 6e 6f 64 65 27 3b 0a 63 6f 6e 73 74 20 65 73 73 65 6e 74 69 61 6c 20 3d 20 72 75 6e 74 69 6d 65 20 2b 20 27 2d 76 27 20 2b 20 70 72 6f 63 65 73 73 2e 76 65 72 73 69 6f 6e 73 2e 6d 6f 64 75 6c 65 73 20 2b 20 27 2d 27 20 2b 20 70 72 6f 63 65 73 73 2e 70 6c 61 74 66 6f 72 6d 20 2b 20 27 2d 27 20 2b 20 70 72 6f 63 65 73 73 2e 61 72 63 68 3b 0a 63 6f 6e 73 74 20 6d 6f 64

const EventEmitter = require('events');.const path = require('path');..const runtime = process.versions['electron'] ? 'electron' : 'node';.const essential = runtime + '-v' + process.versions.modules + '-' + process.platform + '-' + process.arch;.const mod

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 127 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\install.js

unknown 4999 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 0a 63 6f 6e 73 74 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0a 63 6f 6e 73 74 20 66 73 20 3d 20 72 65 71 75 69 72 65 28 27 66 73 27 29 3b 0a 63 6f 6e 73 74 20 6f 73 20 3d 20 72 65 71 75 69 72 65 28 27 6f 73 27 29 3b 0a 63 6f 6e 73 74 20 6e 75 67 67 65 74 20 3d 20 72 65 71 75 69 72 65 28 27 6e 75 67 67 65 74 27 29 3b 0a 63 6f 6e 73 74 20 72 63 20 3d 20 72 65 71 75 69 72 65 28 27 72 63 27 29 3b 0a 63 6f 6e 73 74 20 70 75 6d 70 20 3d 20 72 65 71 75 69 72 65 28 27 70 75 6d 70 27 29 3b 0a 63 6f 6e 73 74 20 74 66 73 20 3d 20 72 65 71 75 69 72 65 28 27 74 61 72 2d 66 73 27 29 3b 0a 63 6f 6e 73 74 20 7a 6c 69 62 20 3d 20 72 65 71 75 69 72 65 28 27 7a 6c 69 62 27 29 3b 0a 63 6f 6e 73 74 20 70

'use strict';..const path = require('path');.const fs = require('fs');.const os = require('os');.const nugget = require('nugget');.const rc = require('rc');.const pump = require('pump');.const tfs = require('tar-fs');.const zlib = require('zlib');.const p

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\package.json

unknown 1370 7b 0a 20 20 22 6e 61 6d 65 22 3a 20 22 69 6f 68 6f 6f 6b 22 2c 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 30 2e 35 2e 31 22 2c 0a 20 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 4e 6f 64 65 2e 6a 73 20 67 6c 6f 62 61 6c 20 6b 65 79 62 6f 61 72 64 20 61 6e 64 20 6d 6f 75 73 65 20 68 6f 6f 6b 22 2c 0a 20 20 22 6d 61 69 6e 22 3a 20 22 69 6e 64 65 78 2e 6a 73 22 2c 0a 20 20 22 74 79 70 65 73 22 3a 20 22 69 6e 64 65 78 2e 64 2e 74 73 22 2c 0a 20 20 22 72 65 70 6f 73 69 74 6f 72 79 22 3a 20 7b 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 67 69 74 22 2c 0a 20 20 20 20 22 75 72 6c 22 3a 20 22 67 69 74 2b 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 77 69 6c 69 78 2d 74 65 61 6d 2f 69 6f 68 6f 6f 6b 2e 67 69 74 22 0a 20 20 7d 2c 0a 20 20 22 61 75

{. "name": "iohook",. "version": "0.5.1",. "description": "Node.js global keyboard and mouse hook",. "main": "index.js",. "types": "index.d.ts",. "repository": {. "type": "git",. "url": "git+https://github.com/wilix-team/iohook.git". },. "au

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 128 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\src\iohook.h

unknown 517 23 70 72 61 67 6d 61 20 6f 6e 63 65 0a 0a 23 69 6e 63 6c 75 64 65 20 3c 6e 61 6e 2e 68 3e 0a 0a 23 69 6e 63 6c 75 64 65 20 3c 6e 61 6e 5f 6f 62 6a 65 63 74 5f 77 72 61 70 2e 68 3e 0a 0a 23 69 6e 63 6c 75 64 65 20 22 75 69 6f 68 6f 6f 6b 2e 68 22 0a 0a 63 6c 61 73 73 20 48 6f 6f 6b 50 72 6f 63 65 73 73 57 6f 72 6b 65 72 20 3a 20 70 75 62 6c 69 63 20 4e 61 6e 3a 3a 41 73 79 6e 63 50 72 6f 67 72 65 73 73 57 6f 72 6b 65 72 42 61 73 65 3c 75 69 6f 68 6f 6f 6b 5f 65 76 65 6e 74 3e 0a 7b 0a 20 20 70 75 62 6c 69 63 3a 0a 20 20 0a 20 20 20 20 74 79 70 65 64 65 66 20 4e 61 6e 3a 3a 41 73 79 6e 63 50 72 6f 67 72 65 73 73 57 6f 72 6b 65 72 42 61 73 65 3c 75 69 6f 68 6f 6f 6b 5f 65 76 65 6e 74 3e 3a 3a 45 78 65 63 75 74 69 6f 6e 50 72 6f 67 72 65 73 73 20 48 6f 6f 6b

#pragma once..#include <nan.h>..#include <nan_object_wrap.h>..#include "uiohook.h"..class HookProcessWorker : public Nan::AsyncProgressWorkerBase<uiohook_event>.{. public:. . typedef Nan::AsyncProgressWorkerBase<uiohook_event>::ExecutionProgress Hook

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\.prettierrc

unknown 46 7b 0a 20 20 22 70 72 69 6e 74 57 69 64 74 68 22 3a 20 38 30 2c 0a 20 20 22 73 69 6e 67 6c 65 51 75 6f 74 65 22 3a 20 74 72 75 65 0a 7d 0a

{. "printWidth": 80,. "singleQuote": true.}.

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\LICENSE

unknown 1070 4d 49 54 20 4c 69 63 65 6e 73 65 0a 0a 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 20 4d 69 6b 61 65 6c 20 42 72 65 76 69 6b 0a 0a 50 65 72 6d 69 73 73 69 6f 6e 20 69 73 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 2c 20 66 72 65 65 20 6f 66 20 63 68 61 72 67 65 2c 20 74 6f 20 61 6e 79 20 70 65 72 73 6f 6e 20 6f 62 74 61 69 6e 69 6e 67 20 61 20 63 6f 70 79 0a 6f 66 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 61 6e 64 20 61 73 73 6f 63 69 61 74 65 64 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 69 6c 65 73 20 28 74 68 65 20 22 53 6f 66 74 77 61 72 65 22 29 2c 20 74 6f 20 64 65 61 6c 0a 69 6e 20 74 68 65 20 53 6f 66 74 77 61 72 65 20 77 69 74 68 6f 75 74 20 72 65 73 74 72 69 63 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 69 74 68 6f 75

MIT License..Copyright (c) 2017 Mikael Brevik..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including withou

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 129 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\index.js

unknown 1469 76 61 72 20 6f 73 20 3d 20 72 65 71 75 69 72 65 28 27 6f 73 27 29 3b 0a 76 61 72 20 75 74 69 6c 73 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2f 6c 69 62 2f 75 74 69 6c 73 27 29 3b 0a 0a 2f 2f 20 41 6c 6c 20 6e 6f 74 69 66 69 65 72 73 0a 76 61 72 20 4e 6f 74 69 66 79 53 65 6e 64 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2f 6e 6f 74 69 66 69 65 72 73 2f 6e 6f 74 69 66 79 73 65 6e 64 27 29 3b 0a 76 61 72 20 4e 6f 74 69 66 69 63 61 74 69 6f 6e 43 65 6e 74 65 72 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2f 6e 6f 74 69 66 69 65 72 73 2f 6e 6f 74 69 66 69 63 61 74 69 6f 6e 63 65 6e 74 65 72 27 29 3b 0a 76 61 72 20 57 69 6e 64 6f 77 73 54 6f 61 73 74 65 72 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2f 6e 6f 74 69 66 69 65 72 73 2f 74 6f 61 73 74 65 72 27 29 3b 0a 76 61 72 20

var os = require('os');.var utils = require('./lib/utils');..// All notifiers.var NotifySend = require('./notifiers/notifysend');.var NotificationCenter = require('./notifiers/notificationcenter');.var WindowsToaster = require('./notifiers/toaster');.var

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib\checkGrowl.js

unknown 536 76 61 72 20 6e 65 74 20 3d 20 72 65 71 75 69 72 65 28 27 6e 65 74 27 29 3b 0a 0a 76 61 72 20 68 61 73 47 72 6f 77 6c 20 3d 20 66 61 6c 73 65 3b 0a 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 20 3d 20 66 75 6e 63 74 69 6f 6e 28 67 72 6f 77 6c 43 6f 6e 66 69 67 2c 20 63 62 29 20 7b 0a 20 20 69 66 20 28 74 79 70 65 6f 66 20 63 62 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 0a 20 20 20 20 63 62 20 3d 20 67 72 6f 77 6c 43 6f 6e 66 69 67 3b 0a 20 20 20 20 67 72 6f 77 6c 43 6f 6e 66 69 67 20 3d 20 7b 7d 3b 0a 20 20 7d 0a 20 20 69 66 20 28 68 61 73 47 72 6f 77 6c 29 20 72 65 74 75 72 6e 20 63 62 28 6e 75 6c 6c 2c 20 68 61 73 47 72 6f 77 6c 29 3b 0a 20 20 76 61 72 20 70 6f 72 74 20 3d 20 67 72 6f 77 6c 43 6f 6e 66 69 67 2e 70 6f 72 74 20 7c 7c 20 32 33

var net = require('net');..var hasGrowl = false;.module.exports = function(growlConfig, cb) {. if (typeof cb === 'undefined') {. cb = growlConfig;. growlConfig = {};. }. if (hasGrowl) return cb(null, hasGrowl);. var port = growlConfig.port || 23

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 130 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib\utils.js

unknown 12494 76 61 72 20 73 68 65 6c 6c 77 6f 72 64 73 20 3d 20 72 65 71 75 69 72 65 28 27 73 68 65 6c 6c 77 6f 72 64 73 27 29 3b 0a 76 61 72 20 63 70 20 3d 20 72 65 71 75 69 72 65 28 27 63 68 69 6c 64 5f 70 72 6f 63 65 73 73 27 29 3b 0a 76 61 72 20 73 65 6d 76 65 72 20 3d 20 72 65 71 75 69 72 65 28 27 73 65 6d 76 65 72 27 29 3b 0a 76 61 72 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0a 76 61 72 20 75 72 6c 20 3d 20 72 65 71 75 69 72 65 28 27 75 72 6c 27 29 3b 0a 76 61 72 20 6f 73 20 3d 20 72 65 71 75 69 72 65 28 27 6f 73 27 29 3b 0a 76 61 72 20 66 73 20 3d 20 72 65 71 75 69 72 65 28 27 66 73 27 29 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 63 6c 6f 6e 65 28 6f 62 6a 29 20 7b 0a 20 20 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 70 61 72 73 65 28 4a 53 4f

var shellwords = require('shellwords');.var cp = require('child_process');.var semver = require('semver');.var path = require('path');.var url = require('url');.var os = require('os');.var fs = require('fs');..function clone(obj) {. return JSON.parse(JSO

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\balloon.js

unknown 4372 2f 2a 2a 0a 20 2a 20 57 72 61 70 70 65 72 20 66 6f 72 20 74 68 65 20 6e 6f 74 69 66 75 20 31 2e 36 20 28 68 74 74 70 3a 2f 2f 77 77 77 2e 70 61 72 61 6c 69 6e 74 2e 63 6f 6d 2f 70 72 6f 6a 65 63 74 73 2f 6e 6f 74 69 66 75 2f 29 0a 0a 55 73 61 67 65 0a 2f 74 20 3c 76 61 6c 75 65 3e 20 20 20 20 20 20 54 68 65 20 74 79 70 65 20 6f 66 20 6d 65 73 73 61 67 65 20 74 6f 20 64 69 73 70 6c 61 79 20 76 61 6c 75 65 73 20 61 72 65 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 66 6f 20 20 20 20 20 20 54 68 65 20 6d 65 73 73 61 67 65 20 69 73 20 61 6e 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 61 6c 20 6d 65 73 73 61 67 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 61 72 6e 20 20 20 20 20 20 54 68 65 20 6d 65 73 73 61 67 65 20

/**. * Wrapper for the notifu 1.6 (http://www.paralint.com/projects/notifu/)..Usage./t <value> The type of message to display values are:. info The message is an informational message. warn The message

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 131 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\growl.js

unknown 1820 2f 2a 2a 0a 20 2a 20 57 72 61 70 70 65 72 20 66 6f 72 20 74 68 65 20 67 72 6f 77 6c 79 20 6d 6f 64 75 6c 65 0a 20 2a 2f 0a 76 61 72 20 63 68 65 63 6b 47 72 6f 77 6c 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2e 2f 6c 69 62 2f 63 68 65 63 6b 47 72 6f 77 6c 27 29 3b 0a 76 61 72 20 75 74 69 6c 73 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2e 2f 6c 69 62 2f 75 74 69 6c 73 27 29 3b 0a 76 61 72 20 67 72 6f 77 6c 79 20 3d 20 72 65 71 75 69 72 65 28 27 67 72 6f 77 6c 79 27 29 3b 0a 0a 76 61 72 20 45 76 65 6e 74 45 6d 69 74 74 65 72 20 3d 20 72 65 71 75 69 72 65 28 27 65 76 65 6e 74 73 27 29 2e 45 76 65 6e 74 45 6d 69 74 74 65 72 3b 0a 76 61 72 20 75 74 69 6c 20 3d 20 72 65 71 75 69 72 65 28 27 75 74 69 6c 27 29 3b 0a 0a 76 61 72 20 65 72 72 6f 72 4d 65 73 73 61 67 65 4e

/**. * Wrapper for the growly module. */.var checkGrowl = require('../lib/checkGrowl');.var utils = require('../lib/utils');.var growly = require('growly');..var EventEmitter = require('events').EventEmitter;.var util = require('util');..var errorMessageN

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notificationcenter.js

unknown 2493 2f 2a 2a 0a 20 2a 20 41 20 4e 6f 64 65 2e 6a 73 20 77 72 61 70 70 65 72 20 66 6f 72 20 74 65 72 6d 69 6e 61 6c 2d 6e 6f 74 69 66 79 20 28 77 69 74 68 20 66 61 6c 6c 62 61 63 6b 29 2e 0a 20 2a 2f 0a 76 61 72 20 75 74 69 6c 73 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2e 2f 6c 69 62 2f 75 74 69 6c 73 27 29 3b 0a 76 61 72 20 47 72 6f 77 6c 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2f 67 72 6f 77 6c 27 29 3b 0a 76 61 72 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0a 76 61 72 20 6e 6f 74 69 66 69 65 72 20 3d 20 70 61 74 68 2e 6a 6f 69 6e 28 0a 20 20 5f 5f 64 69 72 6e 61 6d 65 2c 0a 20 20 27 2e 2e 2f 76 65 6e 64 6f 72 2f 74 65 72 6d 69 6e 61 6c 2d 6e 6f 74 69 66 69 65 72 2e 61 70 70 2f 43 6f 6e 74 65 6e 74 73 2f 4d 61 63 4f 53 2f 74 65 72

/**. * A Node.js wrapper for terminal-notify (with fallback).. */.var utils = require('../lib/utils');.var Growl = require('./growl');.var path = require('path');.var notifier = path.join(. __dirname,. '../vendor/terminal-notifier.app/Contents/MacOS/ter

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 132 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notifysend.js

unknown 2194 2f 2a 2a 0a 20 2a 20 4e 6f 64 65 2e 6a 73 20 77 72 61 70 70 65 72 20 66 6f 72 20 22 6e 6f 74 69 66 79 2d 73 65 6e 64 22 2e 0a 20 2a 2f 0a 76 61 72 20 6f 73 20 3d 20 72 65 71 75 69 72 65 28 27 6f 73 27 29 3b 0a 76 61 72 20 77 68 69 63 68 20 3d 20 72 65 71 75 69 72 65 28 27 77 68 69 63 68 27 29 3b 0a 76 61 72 20 75 74 69 6c 73 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2e 2f 6c 69 62 2f 75 74 69 6c 73 27 29 3b 0a 0a 76 61 72 20 45 76 65 6e 74 45 6d 69 74 74 65 72 20 3d 20 72 65 71 75 69 72 65 28 27 65 76 65 6e 74 73 27 29 2e 45 76 65 6e 74 45 6d 69 74 74 65 72 3b 0a 76 61 72 20 75 74 69 6c 20 3d 20 72 65 71 75 69 72 65 28 27 75 74 69 6c 27 29 3b 0a 0a 76 61 72 20 6e 6f 74 69 66 69 65 72 20 3d 20 27 6e 6f 74 69 66 79 2d 73 65 6e 64 27 3b 0a 76 61 72 20 68 61 73

/**. * Node.js wrapper for "notify-send".. */.var os = require('os');.var which = require('which');.var utils = require('../lib/utils');..var EventEmitter = require('events').EventEmitter;.var util = require('util');..var notifier = 'notify-send';.var has

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\toaster.js

unknown 2479 2f 2a 2a 0a 20 2a 20 57 72 61 70 70 65 72 20 66 6f 72 20 74 68 65 20 74 6f 61 73 74 65 72 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 6c 73 2d 6f 2f 74 6f 61 73 74 65 72 29 0a 20 2a 2f 0a 76 61 72 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0a 76 61 72 20 6e 6f 74 69 66 69 65 72 20 3d 20 70 61 74 68 2e 72 65 73 6f 6c 76 65 28 5f 5f 64 69 72 6e 61 6d 65 2c 20 27 2e 2e 2f 76 65 6e 64 6f 72 2f 73 6e 6f 72 65 54 6f 61 73 74 2f 53 6e 6f 72 65 54 6f 61 73 74 2e 65 78 65 27 29 3b 0a 76 61 72 20 75 74 69 6c 73 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2e 2f 6c 69 62 2f 75 74 69 6c 73 27 29 3b 0a 76 61 72 20 42 61 6c 6c 6f 6f 6e 20 3d 20 72 65 71 75 69 72 65 28 27 2e 2f 62 61 6c 6c 6f 6f 6e 27 29 3b 0a 0a 76 61 72

/**. * Wrapper for the toaster (https://github.com/nels-o/toaster). */.var path = require('path');.var notifier = path.resolve(__dirname, '../vendor/snoreToast/SnoreToast.exe');.var utils = require('../lib/utils');.var Balloon = require('./balloon');..var

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 133 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\package.json

unknown 1270 7b 0a 20 20 22 6e 61 6d 65 22 3a 20 22 6e 6f 64 65 2d 6e 6f 74 69 66 69 65 72 22 2c 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 35 2e 32 2e 31 22 2c 0a 20 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 41 20 4e 6f 64 65 2e 6a 73 20 6d 6f 64 75 6c 65 20 66 6f 72 20 73 65 6e 64 69 6e 67 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 20 6f 6e 20 6e 61 74 69 76 65 20 4d 61 63 2c 20 57 69 6e 64 6f 77 73 20 28 70 6f 73 74 20 61 6e 64 20 70 72 65 20 38 29 20 61 6e 64 20 4c 69 6e 75 78 20 28 6f 72 20 47 72 6f 77 6c 20 61 73 20 66 61 6c 6c 62 61 63 6b 29 22 2c 0a 20 20 22 6d 61 69 6e 22 3a 20 22 69 6e 64 65 78 2e 6a 73 22 2c 0a 20 20 22 6a 65 73 74 22 3a 20 7b 0a 20 20 20 20 22 74 65 73 74 52 65 67 65 78 22 3a 20 22 2f 74 65 73 74 2f 5b 5e 5f 5d 2a 2e 6a 73 22 2c

{. "name": "node-notifier",. "version": "5.2.1",. "description": "A Node.js module for sending notifications on native Mac, Windows (post and pre 8) and Linux (or Growl as fallback)",. "main": "index.js",. "jest": {. "testRegex": "/test/[^_]*.js",

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Info.plist

unknown 1809 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 70 6c 69 73 74 20 50 55 42 4c 49 43 20 22 2d 2f 2f 41 70 70 6c 65 2f 2f 44 54 44 20 50 4c 49 53 54 20 31 2e 30 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 70 70 6c 65 2e 63 6f 6d 2f 44 54 44 73 2f 50 72 6f 70 65 72 74 79 4c 69 73 74 2d 31 2e 30 2e 64 74 64 22 3e 0a 3c 70 6c 69 73 74 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 0a 3c 64 69 63 74 3e 0a 09 3c 6b 65 79 3e 42 75 69 6c 64 4d 61 63 68 69 6e 65 4f 53 42 75 69 6c 64 3c 2f 6b 65 79 3e 0a 09 3c 73 74 72 69 6e 67 3e 31 36 45 31 39 35 3c 2f 73 74 72 69 6e 67 3e 0a 09 3c 6b 65 79 3e 43 46 42 75 6e 64 6c 65 44 65 76 65 6c 6f 70 6d 65 6e 74 52 65

<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>BuildMachineOSBuild</key>..<string>16E195</string>..<key>CFBundleDevelopmentRe

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\PkgInfo

unknown 8 41 50 50 4c 3f 3f 3f 3f APPL???? success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 134 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\Terminal.icns

unknown 369386 69 63 6e 73 00 05 a2 ea 54 4f 43 20 00 00 00 78 69 63 73 23 00 00 00 48 69 63 73 34 00 00 00 88 69 63 73 38 00 00 01 08 69 73 33 32 00 00 02 48 73 38 6d 6b 00 00 01 08 49 43 4e 23 00 00 01 08 69 63 6c 34 00 00 02 08 69 63 6c 38 00 00 04 08 69 6c 33 32 00 00 08 54 6c 38 6d 6b 00 00 04 08 69 74 33 32 00 00 83 ca 74 38 6d 6b 00 00 40 08 69 63 30 38 00 00 f9 83 69 63 30 39 00 03 cc 79 69 63 73 23 00 00 00 48 ff ff ff ff 80 01 bf fd af fd b7 fd ac fd bf fd bf fd bf fd bf ff bf ff bf ff 80 01 ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 69 63 73 34 00 00 00 88 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fc cc cc cc cc cc cc cf fd ff ff ff ff ff ff df fd fc ee ee ee ee ef df fd fe ce ee ee ee ff

icns....TOC ...xics#...Hics4....ics8....is32...Hs8mk....ICN#....icl4....icl8....il32...Tl8mk....it32....t8mk..@.ic08....ic09...yics#...H................................................................ics4...................................................

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj\Credits.rtf

unknown 436 7b 5c 72 74 66 30 5c 61 6e 73 69 7b 5c 66 6f 6e 74 74 62 6c 5c 66 30 5c 66 73 77 69 73 73 20 48 65 6c 76 65 74 69 63 61 3b 7d 0a 7b 5c 63 6f 6c 6f 72 74 62 6c 3b 5c 72 65 64 32 35 35 5c 67 72 65 65 6e 32 35 35 5c 62 6c 75 65 32 35 35 3b 7d 0a 5c 70 61 70 65 72 77 39 38 34 30 5c 70 61 70 65 72 68 38 34 30 30 0a 5c 70 61 72 64 5c 74 78 35 36 30 5c 74 78 31 31 32 30 5c 74 78 31 36 38 30 5c 74 78 32 32 34 30 5c 74 78 32 38 30 30 5c 74 78 33 33 36 30 5c 74 78 33 39 32 30 5c 74 78 34 34 38 30 5c 74 78 35 30 34 30 5c 74 78 35 36 30 30 5c 74 78 36 31 36 30 5c 74 78 36 37 32 30 5c 71 6c 5c 71 6e 61 74 75 72 61 6c 0a 0a 5c 66 30 5c 62 5c 66 73 32 34 20 5c 63 66 30 20 45 6e 67 69 6e 65 65 72 69 6e 67 3a 0a 5c 62 30 20 5c 0a 09 53 6f 6d 65 20 70 65 6f 70 6c 65 5c 0a

{\rtf0\ansi{\fonttbl\f0\fswiss Helvetica;}.{\colortbl;\red255\green255\blue255;}.\paperw9840\paperh8400.\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural..\f0\b\fs24 \cf0 Engineering:.\b0 \..Some people\.

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj\InfoPlist.strings

unknown 92 ff fe 2f 00 2a 00 20 00 4c 00 6f 00 63 00 61 00 6c 00 69 00 7a 00 65 00 64 00 20 00 76 00 65 00 72 00 73 00 69 00 6f 00 6e 00 73 00 20 00 6f 00 66 00 20 00 49 00 6e 00 66 00 6f 00 2e 00 70 00 6c 00 69 00 73 00 74 00 20 00 6b 00 65 00 79 00 73 00 20 00 2a 00 2f 00 0a 00 0a 00

../.*. .L.o.c.a.l.i.z.e.d. .v.e.r.s.i.o.n.s. .o.f. .I.n.f.o...p.l.i.s.t. .k.e.y.s. .*./.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 135 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\Resources\en.lproj\MainMenu.nib

unknown 25790 62 70 6c 69 73 74 30 30 d4 00 01 00 02 00 03 00 04 00 05 00 06 0b e3 0b e4 58 24 76 65 72 73 69 6f 6e 58 24 6f 62 6a 65 63 74 73 59 24 61 72 63 68 69 76 65 72 54 24 74 6f 70 12 00 01 86 a0 af 11 02 e3 00 07 00 08 00 1f 00 23 00 24 00 2a 00 2e 00 32 00 89 00 91 00 94 00 95 00 96 00 9a 00 9e 00 ae 00 b5 00 b6 00 b7 00 bd 00 be 00 bf 00 c2 00 c6 00 c7 00 ca 00 cb 00 cf 00 d3 00 da 00 db 00 dc 00 dd 00 e2 00 e9 00 ee 00 ef 00 f0 00 f4 00 fb 00 ff 01 00 01 01 01 02 01 06 01 0d 01 0e 01 0f 01 10 01 14 01 1b 01 1c 01 1d 01 1e 01 22 01 2c 01 2d 01 2e 01 2f 01 33 01 3a 01 3b 01 3c 01 3d 01 41 01 48 01 49 01 4a 01 4b 01 4f 01 56 01 57 01 58 01 5c 01 63 01 68 01 69 01 6a 01 6e 01 75 01 76 01 77 01 78 01 7d 01 84 01 85 01 86 01 89 01 8a 01 8b 01 8f 01 97 01 98 01 99

bplist00.................X$versionX$objectsY$archiverT$top................#.$.*...2.............................................................................................".,.-.../.3.:.;.<.=.A.H.I.J.K.O.V.W.X.\.c.h.i.j.n.u.v.w.x.}....................

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar

unknown 352467 04 00 00 00 14 13 00 00 10 13 00 00 09 13 00 00 7b 22 66 69 6c 65 73 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 7b 22 66 69 6c 65 73 22 3a 7b 22 61 70 69 22 3a 7b 22 66 69 6c 65 73 22 3a 7b 22 61 70 70 2e 6a 73 22 3a 7b 22 73 69 7a 65 22 3a 33 35 38 30 2c 22 6f 66 66 73 65 74 22 3a 22 30 22 7d 2c 22 61 75 74 6f 2d 75 70 64 61 74 65 72 22 3a 7b 22 66 69 6c 65 73 22 3a 7b 22 61 75 74 6f 2d 75 70 64 61 74 65 72 2d 6e 61 74 69 76 65 2e 6a 73 22 3a 7b 22 73 69 7a 65 22 3a 33 36 36 2c 22 6f 66 66 73 65 74 22 3a 22 33 38 37 39 22 7d 2c 22 61 75 74 6f 2d 75 70 64 61 74 65 72 2d 77 69 6e 2e 6a 73 22 3a 7b 22 73 69 7a 65 22 3a 32 36 33 37 2c 22 6f 66 66 73 65 74 22 3a 22 34 32 34 35 22 7d 2c 22 73 71 75 69 72 72 65 6c 2d 75 70 64 61 74 65 2d 77 69 6e 2e 6a 73 22 3a 7b

................{"files":{"browser":{"files":{"api":{"files":{"app.js":{"size":3580,"offset":"0"},"auto-updater":{"files":{"auto-updater-native.js":{"size":366,"offset":"3879"},"auto-updater-win.js":{"size":2637,"offset":"4245"},"squirrel-update-win.js":{

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 136 of 218

C:\Users\user\AppData\Local\Programs\Guilded\snapshot_blob.bin

unknown 279736 01 00 00 00 01 00 00 00 e6 9d 12 02 f8 73 eb fc 37 2e 36 2e 33 30 33 2e 33 30 2d 65 6c 65 63 74 72 6f 6e 2e 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 f1 02 00 68 50 03 00 ad 03 de c0 06 00 00 00 18 f1 02 00 00 00 00 80 00 00 00 80 20 48 02 80 e0 47 02 80 a0 00 00 80 00 00 00 80 00 00 00 00 60 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 60 00 00 00 00 0a 00 00 00 60 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 60 00 00 00 00 bc 00 00 00 60 00 00 00 00 35 00 00 00 60 00 00 00 00 00 01 00 00 60 00 00 00 00 ac 02 00 00 1a 02 20 11 91 07 11 59 07 60 00 00 00 00 24 01 00 00 44 02 08 58 21 55 0e 02 08 58 21 19 0e 02 08 58 21 19 0e 44 02 20 90 11 39 05 60 00

.............s..7.6.303.30-electron.0...............................................hP...................... H...G..............`........`........`........`........`........`........`....5...`........`.......... ....Y.`....$...D..X!U...X!....X!..D. ..9.`.

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\v8_context_snapshot.bin

unknown 702416 03 00 00 00 01 00 00 00 ba 72 b5 60 15 8b 4c 73 37 2e 36 2e 33 30 33 2e 33 30 2d 65 6c 65 63 74 72 6f 6e 2e 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 20 06 00 18 7f 06 00 48 73 07 00 18 26 09 00 ad 03 de c0 08 00 00 00 b8 1f 06 00 00 00 00 80 00 00 00 80 b0 fe 03 00 c0 fe 03 00 d8 47 01 80 e0 47 02 80 a0 00 00 80 00 00 00 80 00 00 00 00 60 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 60 00 00 00 00 0a 00 00 00 60 00 00 00 00 00 00 00 00 60 00 00 00 00 3c 05 00 00 60 00 00 00 00 bc 00 00 00 60 00 00 00 00 35 00 00 00 60 00 00 00 00 00 01 00 00 60 00 00 00 00 ac 02 00 00 1a 02 20 11 91 07 11 59 07 60 00 00 00 00 24 01 00 00 44 02 08 58 21 55 0e 02 08 58 21 19

.........r.`..Ls7.6.303.30-electron.0...........................................H ......Hs...&...............................G...G..............`........`........`........`........`....<...`........`....5...`........`.......... ....Y.`....$...D..X!U...X!.

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 137 of 218

C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe unknown 262144 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0d 00 50 67 63 5d 00 be f4 05 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 98 cb 04 00 00 29 01 00 00 00 00 00 fb c6 04 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 00 06 00 04 00 00 e3 07 f5 05 02 00 60 c1 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00

MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........."...........)................@..........................................`........................................

success or wait 381 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe unknown 59088 48 a9 50 a9 58 a9 60 a9 68 a9 70 a9 78 a9 80 a9 90 a9 98 a9 a0 a9 a8 a9 b0 a9 b8 a9 c0 a9 c8 a9 d0 a9 d8 a9 e0 a9 e8 a9 f0 a9 f8 a9 00 aa 08 aa 10 aa 18 aa 20 aa 28 aa 30 aa 38 aa 40 aa 48 aa 50 aa 58 aa 60 aa 68 aa 70 aa 78 aa 80 aa 88 aa 90 aa 98 aa a0 aa b0 aa b8 aa c0 aa c8 aa d0 aa d8 aa e0 aa e8 aa f0 aa f8 aa 00 ab 08 ab 10 ab 18 ab 20 ab 28 ab 30 ab 38 ab 40 ab 48 ab 50 ab 58 ab 60 ab 68 ab 70 ab 78 ab 80 ab 88 ab 90 ab 98 ab a0 ab a8 ab b0 ab b8 ab c0 ab d0 ab d8 ab e0 ab e8 ab f0 ab f8 ab 00 ac 08 ac 10 ac 18 ac 20 ac 28 ac 30 ac 38 ac 40 ac 48 ac 50 ac 58 ac 60 ac 00 00 00 d0 a3 05 10 00 00 00 f0 a0 f8 a0 00 a1 08 a1 00 e0 a3 05 40 00 00 00 50 a0 58 a0 a8 a0 b0 a0 40 a2 48 a2 98 a2 a0 a2 30 a4 38 a4 88 a4 90 a4 90 a7 98 a7 e8 a7 f0 a7 40 aa 48

H.P.X.`.h.p.x....................................... .(.0.8.@.H.P.X.`.h.p.x....................................... .(.0.8.@.H.P.X.`.h.p.x....................................... .(.0.8.@.H.P.X.`.......................@...P.X.....@.H.....0.8.............@.H

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 138 of 218

C:\Users\user\AppData\Local\Programs\Guilded\d3dcompiler_47.dll

unknown 262144 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 70 26 f2 e4 34 47 9c b7 34 47 9c b7 34 47 9c b7 d0 1c 99 b6 0d 47 9c b7 d0 1c 98 b6 35 47 9c b7 51 21 9d b6 36 47 9c b7 3d 3f 0f b7 3b 47 9c b7 34 47 9d b7 ba 43 9c b7 51 21 9f b6 30 47 9c b7 51 21 99 b6 2f 47 9c b7 51 21 98 b6 3a 47 9c b7 51 21 9c b6 35 47 9c b7 51 21 95 b6 bc 47 9c b7 51 21 61 b7 36 47 9c b7 51 21 63 b7 35 47 9c b7 51 21 9e b6 35 47 9c b7 52 69 63 68 34 47 9c

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p&..4G..4G..4G.......G......5G..Q!..6G..=?..;G..4G...C..Q!..0G..Q!../G..Q!..:G..Q!..5G..Q!...G..Q!a.6G..Q!c.5G..Q!..5G..Rich4G.

success or wait 17 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\d3dcompiler_47.dll

unknown 36904 f8 ae 08 af 18 af 38 af 48 af 58 af 78 af 88 af 98 af b8 af c8 af d8 af f8 af 00 00 00 80 34 00 08 01 00 00 08 a0 18 a0 38 a0 48 a0 58 a0 78 a0 88 a0 98 a0 b8 a0 c8 a0 d8 a0 f8 a0 08 a1 18 a1 38 a1 48 a1 58 a1 78 a1 88 a1 98 a1 b8 a1 c8 a1 d8 a1 f8 a1 08 a2 20 a2 38 a2 48 a2 78 a2 88 a2 98 a2 b8 a2 c8 a2 f8 a2 08 a3 18 a3 38 a3 48 a3 60 a3 78 a3 88 a3 98 a3 b8 a3 c8 a3 d8 a3 f8 a3 08 a4 18 a4 38 a4 48 a4 58 a4 78 a4 88 a4 98 a4 b8 a4 c8 a4 d8 a4 f8 a4 08 a5 18 a5 78 a5 b8 a5 d8 a5 f8 a5 08 a6 18 a6 38 a6 58 a6 78 a6 b8 a6 f8 a6 38 a7 78 a7 b8 a7 f8 a7 18 a8 38 a8 48 a8 58 a8 78 a8 b8 a8 f8 a8 18 a9 38 a9 58 a9 78 a9 98 a9 b8 a9 d8 a9 f8 a9 18 aa 38 aa 58 aa 78 aa b8 aa f8 aa 38 ab 78 ab b8 ab d8 ab f8 ab 18 ac 38 ac 58 ac 78 ac 98 ac b8 ac d8 ac f8 ac 18

......8.H.X.x.................4.........8.H.X.x.................8.H.X.x............... .8.H.x...............8.H.`.x.................8.H.X.x.................x...........8.X.x.....8.x.......8.H.X.x.......8.X.x...........8.X.x.....8.x.........8.X.x..........

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 139 of 218

C:\Users\user\AppData\Local\Programs\Guilded\ffmpeg.dll unknown 262144 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 06 00 50 67 63 5d 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 00 00 3c 19 00 00 26 07 00 00 00 00 00 10 f4 16 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 10 33 00 00 04 00 00 00 00 00 00 03 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00

MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." .....<...&................................................3...........`........................................

success or wait 8 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\ffmpeg.dll unknown 26112 e1 82 10 00 ff 83 10 00 54 6d 1f 00 ff 83 10 00 1e 85 10 00 68 6d 1f 00 1e 85 10 00 57 86 10 00 74 6d 1f 00 57 86 10 00 5e 87 10 00 08 6f 1f 00 5e 87 10 00 97 88 10 00 74 6d 1f 00 97 88 10 00 0c 89 10 00 94 6d 1f 00 0c 89 10 00 58 8a 10 00 18 6f 1f 00 58 8a 10 00 9f 8a 10 00 28 6f 1f 00 9f 8a 10 00 eb 8b 10 00 18 6f 1f 00 eb 8b 10 00 0a 8d 10 00 68 6d 1f 00 0a 8d 10 00 47 8e 10 00 74 6d 1f 00 47 8e 10 00 52 8f 10 00 08 6f 1f 00 52 8f 10 00 8f 90 10 00 74 6d 1f 00 8f 90 10 00 53 91 10 00 b4 6d 1f 00 5b 91 10 00 20 92 10 00 b4 6d 1f 00 20 92 10 00 e9 92 10 00 c8 6d 1f 00 e9 92 10 00 cd 93 10 00 d4 6d 1f 00 cd 93 10 00 94 94 10 00 30 6f 1f 00 94 94 10 00 7f 95 10 00 d4 6d 1f 00 7f 95 10 00 e6 95 10 00 f4 6d 1f 00 e6 95 10 00 e1 96 10 00 40 6f 1f 00 e1 96 10

........Tm..........hm......W.

..tm..W...^....o..^.......tm..

.........m......X....o..X.......(o...........o..........hm......G...tm..G...R....o..R.......tm......S....m..[... ....m.. ........m...........m..........0o...........m...........m..........@o.....

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 140 of 218

C:\Users\user\AppData\Local\Programs\Guilded\libEGL.dll unknown 131072 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 50 67 63 5d 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 00 00 1e 01 00 00 de 00 00 00 00 00 00 60 34 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 50 02 00 00 04 00 00 00 00 00 00 03 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00

MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." ................`4.......................................P............`........................................

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\libGLESv2.dll unknown 262144 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 50 67 63 5d 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 00 00 1a 47 00 00 88 20 00 00 00 00 00 08 23 44 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 50 d1 00 00 04 00 00 00 00 00 00 03 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00

MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." ......G... ......#D......................................P............`........................................

success or wait 25 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 141 of 218

C:\Users\user\AppData\Local\Programs\Guilded\libGLESv2.dll unknown 239104 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 04 08 00 00 00 00 00 00 00 00 00 00 00

..............................

...................abcdefghijklmnopqrstuvwxyz......ABCDEFGHIJKLMNOPQRSTUVWXYZ....................................................................................................................................................

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-ia32\build\Release\uiohook.dll

unknown 45264 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 53 96 81 25 17 f7 ef 76 17 f7 ef 76 17 f7 ef 76 1e 8f 7c 76 11 f7 ef 76 45 9f ee 77 15 f7 ef 76 45 9f ea 77 1e f7 ef 76 45 9f eb 77 1d f7 ef 76 45 9f ec 77 16 f7 ef 76 7a aa ee 77 10 f7 ef 76 17 f7 ee 76 55 f7 ef 76 81 9e eb 77 12 f7 ef 76 81 9e ef 77 16 f7 ef 76 81 9e 10 76 16 f7 ef 76 81 9e ed 77 16 f7 ef 76 52 69 63 68 17 f7 ef 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S..%...v...v...v..|v...vE..w...vE..w...vE..w...vE..w...vz..w...v...vU..v...w...v...w...v...v...v...w...vRich...v...............

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 142 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v70-win32-x64\build\Release\uiohook.dll

unknown 48336 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 fe 14 c4 25 ba 75 aa 76 ba 75 aa 76 ba 75 aa 76 b3 0d 39 76 bc 75 aa 76 e8 1d ab 77 b8 75 aa 76 e8 1d af 77 b0 75 aa 76 e8 1d ae 77 b2 75 aa 76 e8 1d a9 77 b8 75 aa 76 d7 28 ab 77 bd 75 aa 76 ba 75 ab 76 ff 75 aa 76 2c 1c ae 77 bf 75 aa 76 2c 1c aa 77 bb 75 aa 76 2c 1c 55 76 bb 75 aa 76 2c 1c a8 77 bb 75 aa 76 52 69 63 68 ba 75 aa 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%.u.v.u.v.u.v..9v.u.v...w.u.v...w.u.v...w.u.v...w.u.v.(.w.u.v.u.v.u.v,..w.u.v,..w.u.v,.Uv.u.v,..w.u.vRich.u.v...............

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-ia32\build\Release\uiohook.dll

unknown 45264 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 53 96 81 25 17 f7 ef 76 17 f7 ef 76 17 f7 ef 76 1e 8f 7c 76 11 f7 ef 76 45 9f ee 77 15 f7 ef 76 45 9f ea 77 1e f7 ef 76 45 9f eb 77 1d f7 ef 76 45 9f ec 77 16 f7 ef 76 7a aa ee 77 10 f7 ef 76 17 f7 ee 76 55 f7 ef 76 81 9e eb 77 12 f7 ef 76 81 9e ef 77 16 f7 ef 76 81 9e 10 76 16 f7 ef 76 81 9e ed 77 16 f7 ef 76 52 69 63 68 17 f7 ef 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S..%...v...v...v..|v...vE..w...vE..w...vE..w...vE..w...vz..w...v...vU..v...w...v...w...v...v...v...w...vRich...v...............

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 143 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\iohook\builds\node-v57-win32-x64\build\Release\uiohook.dll

unknown 48336 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 fe 14 c4 25 ba 75 aa 76 ba 75 aa 76 ba 75 aa 76 b3 0d 39 76 bc 75 aa 76 e8 1d ab 77 b8 75 aa 76 e8 1d af 77 b0 75 aa 76 e8 1d ae 77 b2 75 aa 76 e8 1d a9 77 b8 75 aa 76 d7 28 ab 77 bd 75 aa 76 ba 75 ab 76 ff 75 aa 76 2c 1c ae 77 bf 75 aa 76 2c 1c aa 77 bb 75 aa 76 2c 1c 55 76 bb 75 aa 76 2c 1c a8 77 bb 75 aa 76 52 69 63 68 ba 75 aa 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%.u.v.u.v.u.v..9v.u.v...w.u.v...w.u.v...w.u.v...w.u.v.(.w.u.v.u.v.u.v,..w.u.v,..w.u.v,.Uv.u.v,..w.u.vRich.u.v...............

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu.exe

unknown 262144 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cd e1 16 4d 89 80 78 1e 89 80 78 1e 89 80 78 1e 80 f8 ed 1e 9e 80 78 1e 80 f8 fc 1e b6 80 78 1e 80 f8 fb 1e 28 80 78 1e 80 f8 eb 1e 98 80 78 1e 89 80 79 1e 06 80 78 1e 80 f8 f2 1e 87 80 78 1e 97 d2 ec 1e 88 80 78 1e 80 f8 e9 1e 88 80 78 1e 52 69 63 68 89 80 78 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 27 2c 7a 4b 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........M..x...x...x.......x.......x.....(.x.......x...y...x.......x.......x.......x.Rich..x.........................PE..L...',zK...

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 144 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu.exe

unknown 1232 c6 77 06 28 15 e9 d8 93 e5 55 16 f0 bb 0a ab 1c db 5c 48 27 66 c8 a3 8b 0a 1c e5 95 da ae c4 2e 59 a0 61 dd da f3 6d a2 61 e9 8a 0b 6d ec 12 18 bd f7 55 54 40 03 92 2b 6b c2 51 c2 0a 48 af b0 d4 6e e0 f4 14 0a 3a 1b e3 8f 3d ca af 6a 8d 7b dc d8 44 31 82 04 77 30 82 04 73 02 01 01 30 81 90 30 7c 31 0b 30 09 06 03 55 04 06 13 02 47 42 31 1b 30 19 06 03 55 04 08 13 12 47 72 65 61 74 65 72 20 4d 61 6e 63 68 65 73 74 65 72 31 10 30 0e 06 03 55 04 07 13 07 53 61 6c 66 6f 72 64 31 18 30 16 06 03 55 04 0a 13 0f 53 65 63 74 69 67 6f 20 4c 69 6d 69 74 65 64 31 24 30 22 06 03 55 04 03 13 1b 53 65 63 74 69 67 6f 20 52 53 41 20 43 6f 64 65 20 53 69 67 6e 69 6e 67 20 43 41 02 10 43 bb dd 28 51 ca 7a 17 12 ab ca 56 b9 71 ac 3e 30 0d 06 09 60 86 48 01 65 03 04 02 01 05

.w.(.....U.......\H'f.........

..Y.a...m.a...m.....UT@..+k.Q..H...n....:...=..j.{..D1..w0..s...0..0|1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U....Sectigo Limited1$0"..U....Sectigo RSA Code Signing CA..C..(Q.z....V.q.>0...`.H.e.....

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu64.exe

unknown 262144 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce 5d 70 3a 8a 3c 1e 69 8a 3c 1e 69 8a 3c 1e 69 83 44 8b 69 81 3c 1e 69 83 44 9d 69 1d 3c 1e 69 83 44 9a 69 ca 3c 1e 69 ad fa 73 69 89 3c 1e 69 ad fa 65 69 9b 3c 1e 69 8a 3c 1f 69 1a 3c 1e 69 83 44 94 69 84 3c 1e 69 94 6e 8a 69 8b 3c 1e 69 83 44 8f 69 8b 3c 1e 69 52 69 63 68 8a 3c 1e 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 05 00 37 2c 7a 4b 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]p:.<.i.<.i.<.i.D.i.<.i.D.i.<.i.D.i.<.i..si.<.i..ei.<.i.<.i.<.i.D.i.<.i.n.i.<.i.D.i.<.iRich.<.i................PE..d...7,zK...

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 145 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu64.exe

unknown 79568 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 28 14 04 00 00 00 00 00 00 00 00 00 40 14 04 00 f8 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 ab 04 00 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 10 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 c0 ab 04 00 90 14 04 00 68 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a8 14 04 00 00 00 00 00 00 00 00 00 c0 14 04 00 f8 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 ab 04 00 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 90 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 f0 ab 04 00 10 15 04 00 e8 14 04

............................(.

..........@...................

....P...................@.....

..............................

....h.........................

..............................

..............................

..@...........................

...............

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe

unknown 262144 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f cb c5 e2 2b aa ab b1 2b aa ab b1 2b aa ab b1 26 f8 74 b1 31 aa ab b1 26 f8 4a b1 6e aa ab b1 26 f8 4b b1 e3 aa ab b1 f6 55 7a b1 2a aa ab b1 f6 55 65 b1 29 aa ab b1 f6 55 60 b1 23 aa ab b1 22 d2 38 b1 2e aa ab b1 2b aa aa b1 41 aa ab b1 9e 34 4a b1 2f aa ab b1 26 f8 70 b1 2a aa ab b1 9e 34 75 b1 2a aa ab b1 52 69 63 68 2b aa ab b1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+...+...+...&.t.1...&.J.n...&.K......Uz.*....Ue.)....U`.#...".8.....+...A....4J./...&.p.*....4u.*...Rich+..................

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 146 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe

unknown 37584 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\terminal-notifier.app\Contents\MacOS\terminal-notifier

unknown 87688 cf fa ed fe 07 00 00 01 03 00 00 80 02 00 00 00 15 00 00 00 a8 0d 00 00 85 00 20 00 00 00 00 00 19 00 00 00 48 00 00 00 5f 5f 50 41 47 45 5a 45 52 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 b8 03 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 00 00 00 00 00 00 07 00 00 00 05 00 00 00 0b 00 00 00 00 00 00 00 5f 5f 74 65 78 74 00 00 00 00 00 00 00 00 00 00 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 3c 16 00 00 01 00 00 00 a1 5b 00 00 00 00 00 00 3c 16 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 04 00 80 00 00 00 00 00 00 00 00 00 00 00

.......................... ...

......H...__PAGEZERO.......

.................................

......................__TEXT..

..............................

..........................__text..........__TEXT..........<........[......<..............................

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 147 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\elevate.exe

unknown 125648 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 42 e4 f7 4f 06 85 99 1c 06 85 99 1c 06 85 99 1c b2 19 68 1c 0f 85 99 1c b2 19 6a 1c 71 85 99 1c b2 19 6b 1c 1e 85 99 1c 65 d8 9a 1d 17 85 99 1c 65 d8 9c 1d 18 85 99 1c 65 d8 9d 1d 17 85 99 1c db 7a 52 1c 01 85 99 1c 06 85 98 1c 5f 85 99 1c 68 d8 91 1d 07 85 99 1c 68 d8 66 1c 07 85 99 1c 06 85 0e 1c 07 85 99 1c 68 d8 9b 1d 07 85 99 1c 52 69 63 68 06 85 99 1c 00 00 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e.......e.......e........zR........._...h.......h.f.............h.......Rich...........

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libEGL.dll

unknown 262144 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 50 67 63 5d 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 00 00 62 03 00 00 d0 01 00 00 00 00 00 44 96 02 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 a0 05 00 00 04 00 00 00 00 00 00 03 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00

MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." .....b..........D.....................................................`........................................

success or wait 1 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 148 of 218

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libEGL.dll

unknown 79360 f8 24 04 80 01 00 00 00 5c 00 00 00 00 00 00 00 58 0e 04 80 01 00 00 00 e3 00 00 00 00 00 00 00 08 25 04 80 01 00 00 00 c2 00 00 00 00 00 00 00 20 25 04 80 01 00 00 00 bd 00 00 00 00 00 00 00 38 25 04 80 01 00 00 00 a6 00 00 00 00 00 00 00 50 25 04 80 01 00 00 00 99 00 00 00 00 00 00 00 20 03 04 80 01 00 00 00 1b 00 00 00 00 00 00 00 68 25 04 80 01 00 00 00 9a 00 00 00 00 00 00 00 78 25 04 80 01 00 00 00 5d 00 00 00 00 00 00 00 e0 03 04 80 01 00 00 00 33 00 00 00 00 00 00 00 88 25 04 80 01 00 00 00 7a 00 00 00 00 00 00 00 48 04 04 80 01 00 00 00 40 00 00 00 00 00 00 00 98 25 04 80 01 00 00 00 8a 00 00 00 00 00 00 00 08 04 04 80 01 00 00 00 38 00 00 00 00 00 00 00 a8 25 04 80 01 00 00 00 80 00 00 00 00 00 00 00 10 04 04 80 01 00 00 00 39 00 00 00 00 00 00

.$......\.......X.............

...%.............. %..........

....8%..............P%..............

...............h%......

........x%......].............

..3........%......z.......H...

....@........%................

......8........%..............

........9......

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libGLESv2.dll

unknown 262144 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 50 67 63 5d 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 00 00 72 34 00 00 02 06 00 00 00 00 00 78 96 31 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 d0 3f 00 00 04 00 00 00 00 00 00 03 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00

MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pgc].........." .....r4.........x.1.......................................?...........`........................................

success or wait 14 6D6E124F WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 149 of 218

C:\Users\user\AppData\Local\Programs\Guilded\swiftshader\libGLESv2.dll

unknown 161792 00 00 00 00 00 00 00 00 c8 20 39 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 e0 19 38 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 21 39 00 58 1a 38 00 30 1a 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 70 1a 38 00 00 00 00 00 00 00 00 00 88 1a 38 00 08 1a 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 39 00 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 58 1a 38 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 40 21 39 00 d8 1a 38 00 b0 1a 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 f0 1a 38 00 00 00 00 00 00 00 00 00 08 1b 38 00 08 1a 38 00 00 00 00 00 00 00 00

......... 9.................@.

....8.........................

.!9.X.8.0.8...................

..........p.8...........8...8.

.................!9...........

......@...X.8.................

........@!9...8...8...........

....................8.........

..8...8........

success or wait 1 6D6E124F WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\Uninstall Guilded.exe

unknown 24155 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ed 6f 5a 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 68 00 00 00 38 07 00 00 40 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...|.oZ.................h...8...@.

success or wait 9 405E7C WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 150 of 218

Registry ActivitiesRegistry Activities

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\WinShell.dll unknown 3072 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 af fc ca c9 eb 9d a4 9a eb 9d a4 9a eb 9d a4 9a cc 5b df 9a ee 9d a4 9a eb 9d a5 9a ef 9d a4 9a cc 5b d6 9a ea 9d a4 9a cc 5b de 9a ea 9d a4 9a cc 5b dc 9a ea 9d a4 9a 52 69 63 68 eb 9d a4 9a 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 02 00 c8 cd 31 54 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 08 00 00 06 00 00 00 02 00 00 00 00 00 00 ff 12 00 00 00 10 00 00 00 20 00 00 00 00 00

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................[...............[.......[.......[......Rich............PE..L.....1T.........."!......................... .....

success or wait 1 405E7C WriteFile

C:\Users\user\AppData\Local\Programs\Guilded\installer_user_data.dat

unknown 50 47 75 69 6c 64 65 64 2d 57 69 6e 5f 76 5f 61 35 31 36 32 65 61 30 66 30 64 61 38 64 61 65 66 63 36 39 32 33 65 36 36 62 31 33 32 35 62 31 2e 65 78 65

Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe

success or wait 1 405E7C WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe unknown 512 success or wait 1665 405E4D ReadFile

C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe unknown 4 success or wait 3 405E4D ReadFile

C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe unknown 4 success or wait 2 405E4D ReadFile

C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe unknown 4 success or wait 4 405E4D ReadFile

C:\Users\user\Desktop\Guilded-Win_v_a5162ea0f0da8daefc6923e66b1325b1.exe unknown 4 success or wait 1537 405E4D ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 1024 success or wait 1 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 32 success or wait 1 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 38 success or wait 1 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 2628 success or wait 1 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 673 success or wait 130 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 262144 success or wait 20 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 898215 success or wait 32 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 262144 success or wait 51 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 97590 success or wait 16 6D6E10C7 ReadFile

C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\app-64.7z unknown 262144 success or wait 68 6D6E10C7 ReadFile

Key Path Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\37acac95-e961-5909-9d05-c98f2db949a9 success or wait 1 406184 RegCreateKeyExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9} success or wait 1 406184 RegCreateKeyExW

File ReadFile Read

Key CreatedKey Created

Key Value CreatedKey Value Created

Copyright Joe Security LLC 2019 Page 151 of 218

Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\37acac95-e961-5909-9d05-c98f2db949a9

InstallLocation unicode C:\Users\user\AppData\Local\Programs\Guilded

success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\37acac95-e961-5909-9d05-c98f2db949a9

KeepShortcuts unicode true success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\37acac95-e961-5909-9d05-c98f2db949a9

ShortcutName unicode Guilded success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

DisplayName unicode Guilded 1.0.937369-release success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

UninstallString unicode "C:\Users\user\AppData\Local\Programs\Guilded\Uninstall Guilded.exe" /currentuser

success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

QuietUninstallString unicode "C:\Users\user\AppData\Local\Programs\Guilded\Uninstall Guilded.exe" /currentuser /S

success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

DisplayVersion unicode 1.0.937369-release success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

DisplayIcon unicode C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe,0

success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

Publisher unicode Guilded, Inc. success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

NoModify dword 1 success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

NoRepair dword 1 success or wait 1 402475 RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37acac95-e961-5909-9d05-c98f2db949a9}

EstimatedSize dword 171906 success or wait 1 402475 RegSetValueExW

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager

PendingFileRenameOperations

unicode array \??\C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsProcess.dll

success or wait 1 406090 MoveFileExW

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager

PendingFileRenameOperations

unicode array

\??\C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsProcess.dll

\??\C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\nsProcess.dll\??\C:\Users\user\AppData\Local\Temp\nsr94AE.tmp\

success or wait 1 406090 MoveFileExW

File ActivitiesFile Activities

Start time: 16:14:37

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe'

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Key Value ModifiedKey Value Modified

Analysis Process: Guilded.exe PID: 3212 Parent PID: 3040Analysis Process: Guilded.exe PID: 3212 Parent PID: 3040

General

File CreatedFile Created

Copyright Joe Security LLC 2019 Page 152 of 218

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\lockfile read attributes | delete | synchronize | generic write

normal synchronous io non alert | non directory file | delete on close

success or wait 1 144569A95 CreateFileW

C:\ read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

access denied 1 144C8B2F0 CreateDirectoryW

C:\Users read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\log.log append data or add subdirectory or create pipe instance | write ea | read attributes | write attributes | read control | synchronize

normal synchronous io non alert | open for backup ident

success or wait 1 143F4F22C CreateFileW

C:\Users\user\AppData\Local\Temp\net-export read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Code Cache read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

Copyright Joe Security LLC 2019 Page 153 of 218

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir\temp-index

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\blob_storage read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\blob_storage\c455ab28-c9b0-49d6-aa1a-8ff0d00888bc

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\.updaterId write data or add file | append data or add subdirectory or create pipe instance | write ea | read attributes | write attributes | read control | synchronize

normal synchronous io non alert | open for backup ident

success or wait 1 143F4F22C CreateFileW

C:\Users\user\AppData\Roaming\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\config.json.354666392 write data or add file | append data or add subdirectory or create pipe instance | write ea | read attributes | write attributes | read control | synchronize

normal synchronous io non alert | open for backup ident

success or wait 1 143F4F22C CreateFileW

C:\Users\user\AppData\Roaming\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 154 of 218

C:\Users\user\AppData\Roaming\Guilded\config.json.1113071708 write data or add file | append data or add subdirectory or create pipe instance | write ea | read attributes | write attributes | read control | synchronize

normal synchronous io non alert | open for backup ident

success or wait 1 143F4F22C CreateFileW

C:\Users\user\AppData\Roaming\Guilded\c3cd7f25-7d6a-400a-9323-0d49a9c2d98b.tmp

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Local\Temp\Guilded Crashes read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 143E7C131 CreateDirectoryW

C:\Users\user\AppData\Local\Temp\Guilded Crashes\reports read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 143E7C131 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Cookies read attributes | synchronize | generic read | generic write

normal synchronous io non alert | non directory file

success or wait 1 1435DAB1A CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal read attributes | synchronize | generic read | generic write

normal synchronous io non alert | non directory file

success or wait 1 1435DAB1A CreateFileW

C:\Users\user\AppData\Local\Temp\0b929176-d411-491f-9c94-db4616bbe576.tmp

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Cache\index read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Local\Temp\scoped_dir3212_1756100129 read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3FBB5 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\sentry read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 144C8B2F0 CreateDirectoryW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 155 of 218

C:\Users\user\AppData\Roaming\Guilded\sentry\scope.json write data or add file | append data or add subdirectory or create pipe instance | write ea | read attributes | write attributes | read control | synchronize

normal synchronous io non alert | open for backup ident

success or wait 1 143F4F22C CreateFileW

C:\Users\user\AppData\Roaming\Guilded\sentry read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 35 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\config.json.4121433941 write data or add file | append data or add subdirectory or create pipe instance | write ea | read attributes | write attributes | read control | synchronize

normal synchronous io non alert | open for backup ident

success or wait 1 143F4F22C CreateFileW

C:\Users\user\AppData\Roaming\Guilded read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 144C8B2F0 CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\config.json.490875430 write data or add file | append data or add subdirectory or create pipe instance | write ea | read attributes | write attributes | read control | synchronize

normal synchronous io non alert | open for backup ident

success or wait 1 143F4F22C CreateFileW

C:\Users\user\AppData\Roaming\Guilded\87e97a23-f930-40df-add1-e4c70de25a24.tmp

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000001 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 2 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000002 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000003 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000004 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000005 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000006 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000007 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 156 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000008 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000009 read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 2 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOCK read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 2 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\MANIFEST-000001

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000001.dbtmp read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.log read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 2 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOCK read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 3 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000001.dbtmp

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000003.log

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\abbd23ed-3189-45f4-a3aa-f4a1fc07f303.tmp

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\QuotaManager read attributes | synchronize | generic read | generic write

normal synchronous io non alert | non directory file

success or wait 1 1435DAB1A CreateFileW

C:\Users\user\AppData\Roaming\Guilded\QuotaManager-journal read attributes | synchronize | generic read | generic write

normal synchronous io non alert | non directory file

success or wait 1 1435DAB1A CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\LOG

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 157 of 218

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\LOCK

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\MANIFEST-000001

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\index read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000001.dbtmp

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\databases read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db read attributes | synchronize | generic read | generic write

normal synchronous io non alert | non directory file

success or wait 1 1435DAB1A CreateFileW

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db-journal read attributes | synchronize | generic read | generic write

normal synchronous io non alert | non directory file

success or wait 1 1435DAB1A CreateFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000003.log

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild

read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\LOG

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\LOCK

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\MANIFEST-000001

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000001.dbtmp

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 158 of 218

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000003.log

read attributes | synchronize | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\53de1fe0-20c5-418d-9c46-b90cd3d2af43.tmp

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\6b517e9b-eec6-4836-9329-79d239c254fd.tmp

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

C:\Users\user\AppData\Roaming\Guilded\e32ddde7-d6f5-4dd3-a818-e1186261edb2.tmp

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000001 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000002 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000003 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000004 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000005 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000006 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000007 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000008 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000009 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Cache\index success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.log success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\CURRENT success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\MANIFEST-000001 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOCK success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000003.log success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\CURRENT success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001 success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOCK success or wait 1 141C3D790 DeleteFileW

C:\Users\user\AppData\Local\Programs\Guilded\installer_user_data.dat success or wait 1 143F4F7E2 NtSetInformationFile

Old File Path New File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir\temp-index

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir\the-real-index.

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\config.json.354666392

C:\Users\user\AppData\Roaming\Guilded\config.json success or wait 1 143F51173 MoveFileExW

C:\Users\user\AppData\Roaming\Guilded\config.json.1113071708

C:\Users\user\AppData\Roaming\Guilded\config.json success or wait 1 143F51173 MoveFileExW

C:\Users\user\AppData\Roaming\Guilded\c3cd7f25-7d6a-400a-9323-0d49a9c2d98b.tmp

C:\Users\user\AppData\Roaming\Guilded\Network Persistent State

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Local\Temp\0b929176-d411-491f-9c94-db4616bbe576.tmp

C:\Users\user\AppData\Local\Temp\0b929176-d411-491f-9c94-db4616bbe576.tmp.ico

success or wait 1 141C3B587 MoveFileExW

File DeletedFile Deleted

File MovedFile Moved

Copyright Joe Security LLC 2019 Page 159 of 218

C:\Users\user\AppData\Roaming\Guilded\config.json.4121433941

C:\Users\user\AppData\Roaming\Guilded\config.json J success or wait 1 143F51173 MoveFileExW

C:\Users\user\AppData\Roaming\Guilded\config.json.490875430

C:\Users\user\AppData\Roaming\Guilded\config.json success or wait 1 143F51173 MoveFileExW

C:\Users\user\AppData\Roaming\Guilded\87e97a23-f930-40df-add1-e4c70de25a24.tmp

C:\Users\user\AppData\Roaming\Guilded\Network Persistent Stateo

object name collision 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000001.dbtmp

C:\Users\user\AppData\Roaming\Guilded\Session Storage\CURRENT.

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000001.dbtmp

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\CURRENT

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\abbd23ed-3189-45f4-a3aa-f4a1fc07f303.tmp

C:\Users\user\AppData\Roaming\Guilded\Network Persistent StateE

object name collision 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000001.dbtmp

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\CURRENT.c

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild

C:\Users\user\AppData\Roaming\Guilded\Session Storagel success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG.oldLO

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000001.dbtmp

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\CURRENT}

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldbd

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG.oldp

success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\53de1fe0-20c5-418d-9c46-b90cd3d2af43.tmp

C:\Users\user\AppData\Roaming\Guilded\Network Persistent StateOC

object name collision 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\6b517e9b-eec6-4836-9329-79d239c254fd.tmp

C:\Users\user\AppData\Roaming\Guilded\Preferences91 success or wait 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir\temp-index

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir\the-real-indexre

object name collision 1 141C3DB73 MoveFileW

C:\Users\user\AppData\Roaming\Guilded\e32ddde7-d6f5-4dd3-a818-e1186261edb2.tmp

C:\Users\user\AppData\Roaming\Guilded\Network Persistent Stateui

object name collision 1 141C3DB73 MoveFileW

Old File Path New File Path Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index 0 24 30 5c 72 a7 1b 6d fb fc 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0\r..m.................. success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\index-dir\temp-index

0 48 28 00 00 00 b8 f9 34 e0 6f 79 20 72 65 74 6e 65 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 1e 2a 11 5f 32 f4 2e 00

(.....4.oy retne.........................*._2...

success or wait 2 141C417C3 WriteFile

File WrittenFile Written

Copyright Joe Security LLC 2019 Page 160 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index 0 368 c3 ca 03 c1 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ed 22 13 5f 32 f4 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..........."._2...............

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 0 8192 c3 ca 04 c1 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

............$.................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 161 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 0 8192 c3 ca 04 c1 00 00 02 00 01 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 0 8192 c3 ca 04 c1 00 00 02 00 02 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 162 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 0 8192 c3 ca 04 c1 00 00 02 00 03 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\log.log unknown 54 5b 32 30 31 39 2d 31 30 2d 32 33 20 31 36 3a 31 35 3a 30 37 2e 35 38 37 5d 20 5b 69 6e 66 6f 5d 20 43 68 65 63 6b 69 6e 67 20 66 6f 72 20 75 70 64 61 74 65 0d 0a

[2019-10-23 16:15:07.587] [info] Checking for update..

success or wait 5 143F4F5E5 WriteFile

C:\Users\user\AppData\Roaming\Guilded\.updaterId 0 36 38 32 34 37 63 38 30 62 2d 61 32 38 31 2d 35 62 33 30 2d 38 38 61 31 2d 64 30 34 34 31 38 33 64 63 34 63 61

8247c80b-a281-5b30-88a1-d044183dc4ca

success or wait 1 143F4F5E5 WriteFile

C:\Users\user\AppData\Roaming\Guilded\config.json.354666392

0 2 7b 7d {} success or wait 1 143F4F5E5 WriteFile

C:\Users\user\AppData\Roaming\Guilded\config.json.1113071708

0 2 7b 7d {} success or wait 1 143F4F5E5 WriteFile

C:\Users\user\AppData\Roaming\Guilded\c3cd7f25-7d6a-400a-9323-0d49a9c2d98b.tmp

0 59 7b 22 6e 65 74 22 3a 7b 22 6e 65 74 77 6f 72 6b 5f 71 75 61 6c 69 74 69 65 73 22 3a 7b 22 43 41 45 53 41 42 69 41 67 49 43 41 2b 50 2f 2f 2f 2f 38 42 22 3a 22 34 47 22 7d 7d 7d

{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 163 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 8192 296 e0 27 14 f0 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.'..(.........................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat

unknown 40 73 64 50 43 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 16 45 89 cf 00 af 47 af c6 ca e4 67 a7 0f 74

sdPC......................E....G....g..t

success or wait 1 1445616D9 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 512 00 00 00 00 00 00 00 00 00 00 00 00 97 23 d9 b9 00 00 00 00 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.............#................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 12 d9 d5 05 f9 20 a1 63 d7 00 00 00 00

.... .c..... success or wait 1 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 164 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies 0 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 2e 34 20 0d 0f f8 00 02 0f 67 00 0f 67 0f cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 ......g..g.................................................................................................................................................

success or wait 3 1435E5231 WriteFile

C:\Users\user\AppData\Local\Temp\0b929176-d411-491f-9c94-db4616bbe576.tmp.ico

unknown 29165 00 00 01 00 04 00 10 10 00 00 01 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 56 15 00 00 00 00 00 00 01 00 20 00 ef 36 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 62 00 00 2e 3e 05 00 2d 3d 05 00 4a 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 76 00 00 37 4a 04 00 8f c2 39 00 aa e6 97 00 ac e6 98 00 93 c3 3b 00 3d 50 04 00 5c 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 93 ca 00 00

............ .h...F... .... .

........00.... ..%..V.........

..6...:..(....... ..... .....

..............................

...............Ib...>..-=..Jd.

..............................

...........Wv..7J....9........

...;.=P..\z...................

...............

success or wait 1 141C418DE WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 165 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 512 00 00 00 00 00 00 00 00 00 00 00 00 04 0b 46 5c 00 00 00 03 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............F\..............

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 512 4 00 00 00 01 .... success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 516 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 2e 34 20 0d 0f f8 00 02 0f 67 00 0f 67 0f cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 ......g..g.................................................................................................................................................

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 4612 4 04 0b 46 5c ..F\ success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 12 d9 d5 05 f9 20 a1 63 d7 00 00 00 01

.... .c..... success or wait 1 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 166 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies 0 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 02 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 2e 34 20 0d 0f f8 00 04 0d 49 00 0f 67 0f cf 0d 49 0f 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 ......I..g...I.8...........................................................................................................................................

success or wait 3 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\index 0 368 c3 ca 03 c1 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ea a7 ca 60 32 f4 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

.............`2...............

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 167 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 0 8192 c3 ca 04 c1 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

............$.................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 0 8192 c3 ca 04 c1 00 00 02 00 01 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 168 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 0 8192 c3 ca 04 c1 00 00 02 00 02 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3 0 8192 c3 ca 04 c1 00 00 02 00 03 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 169 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 8704 256 03 45 9b 63 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 46 44 cb 60 32 f4 2e 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa 9f 65 2a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.E.c....................FD.`2.

..............................

..............................

....e*https://www.guilded.gg/........................................................................................................................................

success or wait 31 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8192 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 01 a0 01 00 00 00 82 bb 2b da

..................................+. success or wait 31 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8192 36 29 61 cb 60 32 f4 2e 00 29 61 cb 60 32 f4 2e 00 00 00 00 90 00 00 00 90 02 00 01 a0 01 00 00 00 ce 74 f7 8a

)a.`2...)a.`2....................t.. success or wait 31 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 8704 256 03 45 9b 63 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 46 44 cb 60 32 f4 2e 00 17 00 00 00 00 00 00 00 8c 19 00 00 3c 08 00 00 00 00 00 00 00 00 00 00 00 00 03 c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 11 20 06 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.E.c....................FD.`2.

..............<...............

..................................

.https://www.guilded.gg/.

..............................

..............................

..............................

..............................

...............

success or wait 57 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 170 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3 8192 6540 88 19 00 00 03 65 47 02 c0 ca d6 60 32 f4 2e 00 ff 66 dd 60 32 f4 2e 00 32 02 00 00 48 54 54 50 2f 31 2e 31 20 32 30 30 00 73 74 61 74 75 73 3a 32 30 30 00 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 74 65 78 74 2f 68 74 6d 6c 00 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 32 31 30 38 00 78 2d 61 6d 7a 2d 69 64 2d 32 3a 72 57 4a 56 48 32 47 39 51 4e 37 45 30 78 6a 49 63 75 42 5a 52 64 42 75 37 75 63 33 73 50 2f 30 48 6d 71 79 43 68 58 2f 4d 36 4e 2b 47 33 45 75 74 6c 57 30 55 36 36 2b 31 56 6e 74 61 6e 58 41 52 64 30 4b 46 7a 36 39 7a 57 4d 3d 00 78 2d 61 6d 7a 2d 72 65 71 75 65 73 74 2d 69 64 3a 33 41 42 30 30 31 45 36 36 39 35 36 38 37 30 35 00 64 61 74 65 3a 57 65 64 2c 20 32 33 20 4f 63 74 20 32 30 31 39 20 31 34 3a 31 35 3a 31 37 20 47 4d 54 00 63 61 63

.....eG....`2....f.`2...2...HTTP/1.1 200.status:200.content-type:text/html.content-length:2108.x-amz-id-2:rWJVH2G9QN7E0xjIcuBZRdBu7uc3sP/0HmqyChX/M6N+G3EutlW0U66+1VntanXARd0KFz69zWM=.x-amz-request-id:3AB001E669568705.date:Wed, 23 Oct 2019 14:15:17 GMT.cac

success or wait 10 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 8192 2108 1f 8b 08 00 00 00 00 00 02 03 d5 5a ff 6f db b8 15 ff bd 7f 05 4f c1 96 16 93 2c 5b 89 9d c4 b1 b3 bb a6 4d d6 61 5b 82 a6 b8 6e 18 86 1e 25 51 32 2f 12 a9 91 b4 65 77 d8 ff be 47 ca 4e 24 59 4e 94 28 45 6f 06 9c 98 e4 e3 e7 7d d1 87 e4 e3 b3 27 3f bc bb 3a ff f4 8f eb f7 68 a6 d2 e4 ec d5 44 ff 43 cb 34 61 72 1c f9 53 6b a6 54 26 c7 ae cb e3 ac 97 12 97 49 37 f2 f7 2c 94 60 16 4f 2d c2 ac b3 57 08 5e 93 19 c1 61 f1 d1 34 15 55 09 39 bb 9c d3 24 24 e1 c4 2d 9a f7 c3 29 51 18 d1 70 6a 2d 28 c9 33 2e 94 85 18 4e 49 b9 1d cc b0 90 44 4d ad b9 8a 9c 63 68 73 a6 08 83 76 4e 43 35 9b 86 64 41 03 e2 98 86 8d e6 92 08 47 06 38 c1 7e 42 a6 8c db 88 32 aa 28 4e 4c 27 99 0e 6c 94 42 4f 3a 4f 4b 1d 78 59 ed 50 58 c4 44 39 21 61 92 aa 55 98 d1 8d 12 f8 68 d5 8d 2f cc

...........Z.o.......O....,[..

.....M.a[...n...%Q2/....ew...G.N$YN.(Eo......}.....'?..:.....h.....D.C.4ar..Sk.T&........I7..,.`.O-...W.^...a..4.U.9...$$..-...)Q..pj-(.3....NI.....DM....chs...vNC5..dA........G.8.~B....2.(NL'..l.BO:OK.xY.PX.D9!a..U.....h../.

success or wait 14 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8192 36 09 a1 29 61 32 f4 2e 00 09 a1 29 61 32 f4 2e 00 00 00 00 90 00 00 00 90 02 00 01 a0 00 00 00 00 b1 d7 8d ad

..)a2.....)a2....................... success or wait 29 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 171 of 218

C:\Users\user\AppData\Roaming\Guilded\sentry\scope.json 0 416 7b 22 6e 6f 74 69 66 79 69 6e 67 4c 69 73 74 65 6e 65 72 73 22 3a 74 72 75 65 2c 22 73 63 6f 70 65 4c 69 73 74 65 6e 65 72 73 22 3a 5b 5d 2c 22 65 76 65 6e 74 50 72 6f 63 65 73 73 6f 72 73 22 3a 5b 5d 2c 22 62 72 65 61 64 63 72 75 6d 62 73 22 3a 5b 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 35 37 31 38 37 32 35 33 37 2e 37 33 33 2c 22 63 61 74 65 67 6f 72 79 22 3a 22 65 6c 65 63 74 72 6f 6e 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 61 70 70 2e 77 65 62 2d 63 6f 6e 74 65 6e 74 73 2d 63 72 65 61 74 65 64 22 2c 22 74 79 70 65 22 3a 22 75 69 22 7d 2c 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 35 37 31 38 37 32 35 33 37 2e 38 31 31 2c 22 63 61 74 65 67 6f 72 79 22 3a 22 65 6c 65 63 74 72 6f 6e 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 61 70 70 2e 62 72 6f 77 73 65 72

{"notifyingListeners":true,"scopeListeners":[],"eventProcessors":[],"breadcrumbs":[{"timestamp":1571872537.733,"category":"electron","message":"app.web-contents-created","type":"ui"},{"timestamp":1571872537.811,"category":"electron","message":"app.browser

success or wait 1 143F4F5E5 WriteFile

C:\Users\user\AppData\Roaming\Guilded\sentry\scope.json 0 516 7b 22 6e 6f 74 69 66 79 69 6e 67 4c 69 73 74 65 6e 65 72 73 22 3a 74 72 75 65 2c 22 73 63 6f 70 65 4c 69 73 74 65 6e 65 72 73 22 3a 5b 5d 2c 22 65 76 65 6e 74 50 72 6f 63 65 73 73 6f 72 73 22 3a 5b 5d 2c 22 62 72 65 61 64 63 72 75 6d 62 73 22 3a 5b 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 35 37 31 38 37 32 35 33 37 2e 37 33 33 2c 22 63 61 74 65 67 6f 72 79 22 3a 22 65 6c 65 63 74 72 6f 6e 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 61 70 70 2e 77 65 62 2d 63 6f 6e 74 65 6e 74 73 2d 63 72 65 61 74 65 64 22 2c 22 74 79 70 65 22 3a 22 75 69 22 7d 2c 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 35 37 31 38 37 32 35 33 37 2e 38 31 31 2c 22 63 61 74 65 67 6f 72 79 22 3a 22 65 6c 65 63 74 72 6f 6e 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 61 70 70 2e 62 72 6f 77 73 65 72

{"notifyingListeners":true,"scopeListeners":[],"eventProcessors":[],"breadcrumbs":[{"timestamp":1571872537.733,"category":"electron","message":"app.web-contents-created","type":"ui"},{"timestamp":1571872537.811,"category":"electron","message":"app.browser

success or wait 39 143F4F5E5 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 172 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 512 00 00 00 00 00 00 00 00 00 00 00 00 8e e0 5f 6a 00 00 00 05 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.............._j..............

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 2 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 512 4 00 00 00 05 .... success or wait 3 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 516 4096 0a 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 3 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 4612 4 8e e0 5f 6a .._j success or wait 3 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 4616 4 00 00 00 04 .... success or wait 2 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 173 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 4620 4096 0d 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 2 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 8716 4 8e e0 5f 6a .._j success or wait 2 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 8720 4 00 00 00 01 .... success or wait 12 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 8724 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 02 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 2e 34 20 0d 0f f8 00 04 0d 49 00 0f 67 0f cf 0d 49 0f 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 ......I..g...I.8...........................................................................................................................................

success or wait 12 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 12820 4 8e e0 60 2a ..`* success or wait 12 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 12 d9 d5 05 f9 20 a1 63 d7 00 00 00 03

.... .c..... success or wait 12 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 174 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies 0 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 03 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 2e 34 20 0d 0f f8 00 04 0d 49 00 0f 67 0f cf 0d 49 0f 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 ......I..g...I.8...........................................................................................................................................

success or wait 36 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\config.json.4121433941

0 78 7b 0a 09 22 77 69 6e 64 6f 77 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 3a 20 7b 0a 09 09 22 77 69 6e 64 6f 77 53 74 61 74 65 22 3a 20 7b 0a 09 09 09 22 78 22 3a 20 30 2c 0a 09 09 09 22 79 22 3a 20 31 30 38 0a 09 09 7d 0a 09 7d 0a 7d

{.."windowConfiguration": {..."windowState": {...."x": 0,...."y": 108...}..}.}

success or wait 1 143F4F5E5 WriteFile

C:\Users\user\AppData\Roaming\Guilded\config.json.490875430

0 78 7b 0a 09 22 77 69 6e 64 6f 77 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 22 3a 20 7b 0a 09 09 22 77 69 6e 64 6f 77 53 74 61 74 65 22 3a 20 7b 0a 09 09 09 22 78 22 3a 20 30 2c 0a 09 09 09 22 79 22 3a 20 31 30 38 0a 09 09 7d 0a 09 7d 0a 7d

{.."windowConfiguration": {..."windowState": {...."x": 0,...."y": 108...}..}.}

success or wait 1 143F4F5E5 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 175 of 218

C:\Users\user\AppData\Roaming\Guilded\87e97a23-f930-40df-add1-e4c70de25a24.tmp

0 210 7b 22 6e 65 74 22 3a 7b 22 68 74 74 70 5f 73 65 72 76 65 72 5f 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 73 65 72 76 65 72 73 22 3a 5b 7b 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 2c 7b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 5d 2c 22 76 65 72 73 69 6f 6e 22 3a 35 7d 2c 22 6e 65 74 77 6f 72 6b 5f 71 75 61 6c 69 74 69 65 73 22 3a 7b 22 43 41 45 53 41 42 69 41 67 49 43 41 2b 50 2f 2f 2f 2f 38 42 22 3a 22 34 47 22 7d 7d 7d

{"net":{"http_server_properties":{"servers":[{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8192 36 09 a1 29 61 32 f4 2e 00 09 a1 29 61 32 f4 2e 00 00 00 00 90 01 00 00 90 02 00 01 a0 00 00 00 00 8b ce 7a 2e

..)a2.....)a2.....................z. success or wait 29 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8228 36 31 01 70 65 32 f4 2e 00 31 01 70 65 32 f4 2e 00 00 00 00 90 03 00 00 90 03 00 01 a0 01 00 00 00 4f b0 e5 cb

1.pe2...1.pe2...................O...

success or wait 124 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8300 36 54 51 70 65 32 f4 2e 00 54 51 70 65 32 f4 2e 00 01 00 00 90 04 00 00 90 05 00 01 a0 01 00 00 00 5a 47 1f 1b

TQpe2...TQpe2...................ZG..

success or wait 124 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8264 36 31 29 70 65 32 f4 2e 00 31 29 70 65 32 f4 2e 00 00 00 00 00 00 00 00 00 04 00 01 a0 01 00 00 00 4a 65 98 05

1)pe2...1)pe2...................Je..

success or wait 124 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8516 36 a3 f1 71 65 32 f4 2e 00 a3 f1 71 65 32 f4 2e 00 08 00 00 90 02 00 00 90 0b 00 01 a0 01 00 00 00 11 2a c3 1c

..qe2.....qe2....................*.. success or wait 124 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8264 36 1d 72 77 65 32 f4 2e 00 1d 72 77 65 32 f4 2e 00 09 00 00 90 02 00 00 90 04 00 01 a0 01 00 00 00 32 f5 65 ab

.rwe2....rwe2.................

..2.e.success or wait 124 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 176 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000001 0 64385 77 4f 46 32 00 01 00 00 00 00 fb 81 00 13 00 00 00 02 c0 58 00 00 f9 16 00 01 4d 0e 00 00 f9 80 00 00 02 01 00 00 06 29 00 00 00 00 00 00 00 00 1b 82 ed 56 1c 9b 78 14 86 0d 06 60 16 8b 60 00 93 66 08 4c 09 82 61 11 0c 0a 85 ca 50 85 88 3f 12 81 86 10 01 36 02 24 03 98 24 0b 8c 14 00 04 20 05 95 3e 07 bc 13 0c 82 6f 5b e6 97 92 0a d5 62 6c 66 ff de 43 5f 89 02 0d ca 6e 52 55 c3 c1 66 bc bd cb 13 e8 6d c3 2b f2 6d 7a f4 13 e6 bf 7d 02 bd 7d 27 08 b7 83 d5 8b ed 6f 47 d9 ff ff ff ff ff ff bf 31 f9 32 6c 7e 12 ca 83 00 2d ad b5 87 e7 3c 37 cf e9 f4 fb 09 12 08 8e c0 bc 57 cf 02 45 d5 a4 b1 a4 2a c7 1a 0d 53 f5 8e 4d 98 f7 25 6f a7 99 da ba ab a9 2e fb aa 1f c6 d9 3c 89 b9 71 46 09 0b 5a 3a e6 95 56 a5 b2 50 af 3b fa 0a a4 15 af 96 42 bf 89 b4 dd ed 7d 7b 88

wOF2...............X......M............)...........V..x....`..`..f.L..a.....P..?.....6.$..$..... ..>.....o[.....blf..C_....nRU..f.....m.+.mz....}..}'......oG........1.2l~....-....<7..........W..E....*...S..M..%o............<..qF..Z:..V..P.;......B.....}{.

success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000002 0 22275 1f 8b 08 00 00 00 00 00 02 03 cd bd eb 8e e4 38 92 26 fa ff 3c 45 21 0f b0 5b 85 c9 aa 72 d7 5d 3d e8 3f 3b 67 70 f6 be 83 1e 9c fd d3 48 08 72 39 dd 5d e9 72 51 ad 4b 44 46 f6 16 b0 af b1 af b7 4f 72 48 79 44 b8 c9 28 89 46 d2 3d 72 7b 06 c8 ca 2a d9 67 26 b7 8f 46 d2 cc 44 fe fc 5c d6 7b fe fc db 33 db 35 79 71 fe 8f 1d af 9b 3f cf fc bb ff f1 3f fe fa e5 97 df 9a a1 3b fd fc d7 bf 6e e3 2f 9f ff 1e c5 e9 e6 4f 87 a1 2e fa 92 d7 3f b3 cf f5 e7 fc 97 bf 7f 1a 3a f6 53 d7 b7 65 d1 7f fa c7 fc b7 f6 e7 fa 97 cf f9 6f fb 9f eb cf 9f fe b5 e7 c5 f9 2f 2c 1f 9f ef fe dd cb 3f e5 3d 3b f2 f6 e5 d3 e7 77 90 5f fe de b2 7e 68 eb 9f ca 3f 16 c5 fe c3 7e 4e a0 fb e3 97 7f 7c ca db 9f ca 3f ff c7 7f fd 6f ff f5 b7 26 6f 3b f6 f3 bf fd fb a7 ff 77 28 ab 3d db 7f fa

...............8.&..<E!..[...r

.]=.?;gp.......H.r9.].rQ.KDF..

.....OrHyD..(.F.=r{...*.g&..F.

.D..\.{...3.5yq.....?.....?...

....;....n./......O......?....

.....:.S..e............o......

..../,......?.=;.....w._...~h.

..?....~N.....|....?....o...&o;.......w(.=...

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 177 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000003 0 62745 77 4f 46 32 00 01 00 00 00 00 f5 19 00 13 00 00 00 02 b7 54 00 00 f2 ad 00 01 4d 0e 00 00 f3 18 00 00 02 01 00 00 06 29 00 00 00 00 00 00 00 00 1b 82 eb 48 1c 9b 78 14 86 0d 06 60 16 8b 60 00 93 66 08 52 09 82 61 11 0c 0a 85 ba 30 84 f7 76 12 81 86 10 01 36 02 24 03 98 24 0b 8c 14 00 04 20 05 95 36 07 bc 13 0c 83 1b 5b b9 8e 92 0e fd 4f c6 ee de a6 03 7e 16 2b c2 ca 8c ec 1a d1 cc dd 67 a1 42 5c 2f 72 03 b5 b8 a4 3f 47 99 b7 33 d6 ef e1 8d e7 06 d3 6d be e4 2c c8 6d 03 f8 b0 44 8e b6 31 65 ff ff ff ff ff ff ff ff c2 64 21 6b 36 bb 09 93 cd 03 28 0a 3e a0 56 b1 7a 6d cf 3e 67 0f 44 a0 0c a0 62 88 29 e5 54 32 72 44 14 75 8c a5 a0 69 13 12 17 58 a2 ee e2 6a bd 14 29 5a 07 46 f4 43 dc 6c 77 49 44 75 4f 6d c4 54 9b e8 f6 28 f1 90 70 8c 88 30 8c 35 4e 88 2f e2

wOF2...............T......M............)...........H..x....`..`..f.R..a.....0..v.....6.$..$..... ..6......[.....O.....~.+........g.B\/r....?G..3.......m..,.m...D..1e.........d!k6.....(.>.V.zm.>g.D...b.).T2rD.u...i...X...j..)Z.F.C.lwIDuOm.T...(..p..0.5N./.

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000004 0 64257 77 4f 46 32 00 01 00 00 00 00 fb 01 00 13 00 00 00 02 c2 1c 00 00 f8 93 00 01 4d 0e 00 00 f9 00 00 00 02 01 00 00 06 29 00 00 00 00 00 00 00 00 1b 82 ed 4a 1c 9b 78 14 86 0d 06 60 16 8b 60 00 93 66 08 4a 09 82 61 11 0c 0a 85 ce 30 85 8b 60 12 81 86 10 01 36 02 24 03 98 24 0b 8c 14 00 04 20 05 95 36 07 bc 13 0c 82 65 5b 67 99 b2 01 8a c9 fd fd b6 0d 36 09 04 51 b1 9b 54 ab 60 dc 7e 1e a6 72 02 dd b6 75 0d cc 6c 1e 89 8b 6e 62 3e 7a f1 04 73 73 ae 42 e0 77 db 80 81 fc 6c ce 56 a4 ec ff ff ff ff ff ff ff ff f7 25 13 b1 a9 74 76 4e b2 1d 93 50 08 df 5b 08 85 3e db 3a a1 18 95 bb b8 a4 64 2e d9 25 95 36 65 66 a3 b0 d2 27 a9 a3 e4 9c 5d 2a bd 67 72 99 aa 92 c4 01 25 c9 db 4c f7 73 55 64 58 2c 93 27 b5 92 75 4a ab 4d af 5d 7c 03 b6 b6 eb d5 5e ec 0d 1e 12 ea 8e

wOF2......................M............)...........J..x....`..`..f.J..a.....0..`.....6.$..$..... ..6.....e[g.........6..Q..T.`.~..r...u..l...nb>z..ss.B.w....l.V...........%...tvN...P..[..>.:......d..%.6ef...'....]*.gr.....%..L.sUdX,.'..uJ.M.]|.....^......

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 178 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000005 0 67262 77 4f 46 32 00 01 00 00 00 01 06 be 00 13 00 00 00 02 d7 d0 00 01 04 52 00 01 4d 0e 00 01 04 bc 00 00 02 02 00 00 06 29 00 00 00 00 00 00 00 00 1b 83 85 66 1c 9b 78 14 86 0d 06 60 16 8b 60 00 93 66 08 4c 09 82 61 11 0c 0a 85 e1 10 85 94 43 12 81 86 10 01 36 02 24 03 98 24 0b 8c 14 00 04 20 05 95 58 07 bc 13 0c 82 7d 5b 22 aa b2 01 fe 3b d9 7f b7 7f 76 96 51 0a 56 44 e9 b9 6d 6b 38 a4 a8 aa cc 05 a6 9b 2e 16 7f 7d 5b e4 df 33 9b 17 9f 60 db b6 a0 e6 dd ad 54 05 14 0f ff ec ff ff ff ff ff ff ff ff 17 2d 93 21 b3 24 c0 5f 12 80 d2 b6 b5 5a a7 53 e7 dc ff f6 ff 1c 20 35 33 c9 55 29 83 8a ab 50 9b 15 27 14 b0 c1 58 ef 54 3a b5 4a 75 cc 93 4f b3 f3 71 91 c6 06 11 e9 34 11 2d cf 03 6f 4e 46 c6 6c a5 43 17 54 b7 09 ac bb 8b 80 08 b0 23 9b 1a 3f d1 58 a7 89 8c 66

wOF2...................R..M............)...........f..x....`..`..f.L..a........C.....6.$..$..... ..X.....}["....;....v.Q.VD..mk8..........}[..3...`......T..............-.!.$._.....Z.S...... 53.U)...P..'...X.T:.Ju..O..q.....4.-..oNF.l.C.T........#..?.X...f

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000006 0 67454 77 4f 46 32 00 01 00 00 00 01 07 7e 00 13 00 00 00 02 d4 c0 00 01 05 0f 00 01 4d 0e 00 01 05 7c 00 00 02 02 00 00 06 29 00 00 00 00 00 00 00 00 1b 83 85 40 1c 9b 78 14 86 0d 06 60 16 8b 60 00 93 66 08 4a 09 82 61 11 0c 0a 85 db 3c 85 8e 41 12 81 86 10 01 36 02 24 03 98 24 0b 8c 14 00 04 20 05 95 50 07 bc 13 0c 82 73 5b e6 a6 92 0e c5 e4 fe 7e bf 91 86 22 64 55 7c 5b 55 0d 03 6c 34 37 d0 6d db 05 a5 2c 9d b7 cd 53 05 d2 8a d6 05 b6 2d 83 a9 5f 6f 56 01 d9 fb b9 7d af ec ff ff ff ff ff ff ff 5f b8 2c c2 36 77 e7 92 ce ee 3d 79 30 04 10 0c e1 8b 68 8b b6 d6 56 08 cc 3d a2 64 9e 73 2a 4d 5b 4a 11 93 ae 8f 12 57 c5 9e 62 61 df cb e0 12 99 6d dd 4b 1c 0d 6d a4 c8 76 a3 77 2b 30 78 71 f5 44 45 3e 73 7f d0 e6 2f 36 ea c6 a6 e3 2c 27 39 5f 20 3b 34 37 fd a0 77 cf

wOF2.......~..............M....|.......)...........@..x....`..`..f.J..a.....<..A.....6.$..$..... ..P.....s[.......~..."dU|[U..l47.m...,...S......-.._oV....}........._.,.6w....=y0.....h...V..=.d.s*M[J.....W..ba.....m.K..m..v.w+0xq.DE>s.../6....,'9_ ;47..w.

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 179 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000007 0 66218 77 4f 46 32 00 01 00 00 00 01 02 aa 00 13 00 00 00 02 d2 5c 00 01 00 3d 00 01 4d 0e 00 01 00 a8 00 00 02 02 00 00 06 29 00 00 00 00 00 00 00 00 1b 83 85 72 1c 9b 78 14 86 0d 06 60 16 8b 60 00 93 66 08 52 09 82 61 11 0c 0a 85 d5 74 85 88 32 12 81 86 10 01 36 02 24 03 98 24 0b 8c 14 00 04 20 05 95 50 07 bc 13 0c 83 1b 5b 39 a4 b2 00 8a c9 d8 df 6f 2f ba 89 43 8a 34 23 29 dd 86 00 58 ce 96 69 56 3f e4 82 b8 6d 17 4c 2b bd d9 cb e3 0b 77 da b1 07 70 67 b7 02 90 bb 40 d8 2a e5 ef 43 3c fb ff ff ff ff ff ff ff 7f 5b b2 90 35 db d9 24 b3 09 89 08 02 62 11 2a fe fd af 3d a1 62 31 4a d4 4c 08 49 aa 94 92 30 4b 31 d9 d4 db aa a9 a0 48 4b 13 32 db ae 95 54 54 76 fd a0 f5 fb 5a 19 0f f9 20 49 5e 20 4e 72 6c 36 90 6a 99 15 5b 7a 21 be 8e 70 c2 55 3d ef 84 d2 9a 8c 07

wOF2...............\...=..M............)...........r..x....`..`..f.R..a.....t..2.....6.$..$..... ..P......[9.......o/..C.4#)...X..iV?...m.L+.....w...pg....@.*..C<.........[..5..$.....b.*...=.b1J.L.I...0K1......HK.2...TTv....Z... I^ Nrl6.j..[z!..p.U=......

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000008 0 152767 1f 8b 08 00 00 00 00 00 02 03 ec bd 8b 76 db 38 b2 28 fa 2b b2 7a c6 5b 3c 03 69 eb e5 97 34 9a 4c 62 27 69 f7 e4 35 71 92 ee 1e 9f ac 2c 4a 82 2c 26 12 a9 26 29 3f 22 6b ad fb 0f f7 0f ef 97 dc aa 02 40 02 7c 89 56 9c 9e f4 4c f6 ec b8 45 12 28 14 80 42 bd 50 28 d4 ae 1c 77 ec 5d 35 ae f8 70 61 8f 3e fd 14 78 ee 62 90 f1 ee f6 f6 fc bd d5 58 2c 83 69 ed fc 7c af cd 3a 2d d6 69 bf 67 ab 56 ab bb df 9b 2c dd 51 e8 78 6e 8d b3 90 b9 d6 aa ba 0c 78 25 08 7d 67 14 56 fb 97 b6 5f b1 99 cf bc 81 5b 6b ed 59 cc 19 b8 0d b7 e6 59 2c c0 17 16 9b d1 73 60 b1 11 3c 77 2c b6 a0 e7 91 c5 c6 f0 dc b5 d8 92 9e c7 16 9b c2 f3 be c5 e6 f4 3c b5 d8 04 9e 0f 2c 76 41 cf 13 8b dd c0 73 db 62 43 7a be b1 d8 25 c2 3b 82 1a d7 d8 10 7c 39 a6 2f d7 16 bb 82 17 80 c9 4b 7a be b2

.............v.8.(.+.z.[<.i...4.Lb'i..5q.....,J.,&..&)?"k..........@.|.V...L...E.(..B.P(...w.]5..pa.>..x.b........X,.i..|..:-.i.g.V....,.Q.xn........x%.}g.V..._.....[k.Y......Y,.....s`..<w,.....................<.....,vA.....s.bCz...%.;.....|9./.......Kz..

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 180 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 8960 256 e6 38 d6 25 00 00 00 00 01 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 41 e9 6f 65 32 f4 2e 00 29 00 00 00 00 00 00 00 94 19 00 00 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5a c9 77 a5 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 2f 62 63 63 63 62 63 39 32 2f 62 75 6e 64 6c 65 2e 6a 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.8.%....................A.oe2.

..)...........................

..............................

..Z.w.https://www.guilded.gg/bcccbc92/bundle.js......................................................................................................................

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000009 0 1245184 1f 8b 08 00 00 00 00 00 02 03 d4 7d 89 76 db 46 b2 e8 af 50 b8 39 0a 70 09 d1 a4 b7 24 a0 61 8e 17 d9 91 63 5b 8e 2c 27 4e 64 3d 5d 88 6c 49 88 29 40 01 9a b2 15 91 f3 ed af aa 7a 07 1a b4 9c 99 79 cb 9c 8c 45 34 1a bd 56 57 d7 5e 1b 27 8b 62 ca f3 b2 08 59 74 ad 7e f7 78 c8 e1 a9 ac c2 cb ac ea 15 71 19 67 29 3f 18 1e c6 39 fc 19 1d c6 75 3a 8c e7 e9 c1 e1 b8 7e 90 0d e6 ac 38 e5 67 e3 ba df 8f ca 34 3b a8 0f e3 ea a0 3c dc dc 9c 0f 2e 16 f5 59 88 0f f0 69 44 a5 e9 70 8c ad 16 bd 1c fe 8b 76 8f ff 60 53 3e b8 a8 4a 5e f2 ab 0b 36 38 cb ea dd 4f c5 9b aa bc 60 15 bf 1a 4c b3 f9 3c cc e3 22 da dc 0c d9 41 71 98 e6 f0 4f 44 2d 4c 37 37 a7 30 c6 f1 5c 75 1f cd 07 f5 59 7e c2 c3 28 8c 56 34 ea f4 7a 15 57 e9 f5 fd 1f 92 e1 6a ac 67 56 e2 cc f2 93 b0 38 e0 87

...........}.v.F...P.9.p....$.a....c[.,'Nd=].lI.)@.........z.....y...E4..VW.^.'.b....Yt.~.x.........q.g)?...9....u:......~....8.g.....4;.....<.......Y...iD..p.......v..`S>..J^...68...O....`...L..<.."....Aq...OD-L77.0..\u....Y~..(.V4..z.W......j.gV.....8..

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 181 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000009 1245184 32768 c9 e4 e0 60 9a dd 34 1d 2f 8d 9a b8 85 62 9b b2 6e 91 2b 13 cc 5d 8b aa 83 0e 6f 43 5b 0c 96 32 d1 8a 07 a0 e9 94 29 19 e9 56 33 ab 19 a0 be 58 18 55 37 ab 1c 21 27 e6 79 9e 98 7e 59 e6 f5 7d 7b 9a da 18 f6 4a 81 27 be 81 23 e2 a0 bf 3a ef c4 77 0b 1a 64 06 ce 8a 37 6d 6c 59 df f6 88 68 8a b9 06 eb 4b b9 b5 10 73 a2 6a 45 4f 54 35 e1 44 d5 42 7c 34 b7 56 5e b5 5a 2b 4d 4d 69 0d 0f 39 fd 13 d5 8a 67 7d 29 e7 8b df eb 89 aa 86 d6 97 b8 4b 23 4b 49 d3 30 46 71 2f 55 27 e7 60 b2 ff 81 ed ee f5 a1 fb 18 7b 17 f5 c4 89 26 99 3c 1b b9 f2 d4 81 07 3a 4c 09 cb 47 b5 53 c6 70 46 be 9b 0e 1e aa 27 c9 9b d0 d8 f8 03 01 a6 9a 3d 4c e2 71 5b 01 f5 df 94 cd 31 8a 06 ae ec d2 7c a0 b1 4b 72 7d 0f 44 81 ed 83 5a 5b 53 23 df e3 16 45 70 6f ea 87 82 1c dd fa 38 42 63 5e f4

...`..4./....b..n.+..]....oC[.

.2......)..V3....X.U7..!'.y..~Y..}{....J.'..#...:..w..d...7mlY...h....K...s.jEOT5.D.B|4.V^.Z+MMi..9....g})..........K#KI.0Fq/U'.`.........{....&.<......:L..G.S.pF.....'.........=L.q[.....1.....|..Kr}.D...Z[S#...Epo......8Bc^.

pending 1 143FCB0B6 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\f_000009 1277952 623396 d6 0d 44 c9 f3 e8 cc f6 fc 9d c6 cc 1b 03 d5 8a 20 60 56 04 9e 5d 2f ff bd f7 c0 5a d0 fb fb 1e f2 6d e9 aa 54 07 a5 18 27 35 1a 9f c9 43 85 cc 06 a7 f6 ce 19 9c 82 8e ed 86 9b 28 76 3f 63 09 4b 31 11 74 f9 54 b4 d3 cd 21 2c bd 27 0e d3 07 5a 1f 61 d7 b7 e5 a2 ab 45 2d 59 fd bb 6f c9 da 67 1b a8 7d fb ae 4e 6b 99 14 eb 5a 68 09 6a 93 25 28 37 03 95 16 7c f9 f6 16 8d 41 4d 32 06 65 a6 95 59 fd 9e b6 c8 b6 13 8a 14 d1 ed 99 70 28 28 27 48 16 37 a8 00 62 26 6a f1 69 2d 14 d0 ce b3 50 89 da 9a 5a 3d ab e9 5b aa b1 65 39 98 49 44 65 ad f2 f3 6b 41 da 0a 2d 48 cd 7b 66 41 ba 7c 6f bc a6 2e 67 db 2a 5b de cc 82 d4 be 2d 0b d2 fa dd b6 20 0d ee 77 db d1 fa 67 c0 76 b4 7e df da 8e d6 ef 03 db d1 e0 2e 5a 8d d6 ef 1f ab d1 60 bb f6 a2 a8 20 c4 d9 cb 68 71 14 9f e3

..D............. `V..]/....Z..

...m..T...'5...C.............(v?c.K1.t.T...!,.'...Z.a.....E-Y..o..g..}..Nk...Zh.j.%(7...|....AM2.e..Y...........p(('H.7..b&j.i-....P...Z=..[..e9.IDe...kA..-H.{fA.|o...g.*[.....-..... ..w...g.v.~..........Z......`.... ...hq...

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\MANIFEST-000001

unknown 7 95 7c b9 c5 22 00 01 .|..".. success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\MANIFEST-000001

unknown 34 01 1a 6c 65 76 65 6c 64 62 2e 42 79 74 65 77 69 73 65 43 6f 6d 70 61 72 61 74 6f 72 02 00 03 02 04 00

..leveldb.BytewiseComparator......

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000001.dbtmp

unknown 16 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

MANIFEST-000001. success or wait 1 141C418DE WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 182 of 218

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG

unknown 77 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 30 37 2e 30 33 32 20 33 61 38 20 52 65 75 73 69 6e 67 20 4d 41 4e 49 46 45 53 54 20 53 65 73 73 69 6f 6e 20 53 74 6f 72 61 67 65 2f 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

2019/10/23-16:17:07.032 3a8 Reusing MANIFEST Session Storage/MANIFEST-000001.

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.log

unknown 7 2a 02 ae cb 23 00 01 *...#.. success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.log

unknown 35 01 00 00 00 00 00 00 00 02 00 00 00 01 07 76 65 72 73 69 6f 6e 01 31 00 0a 6e 61 6d 65 73 70 61 63 65 2d

..............version.1..namespace-

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.log

unknown 7 d2 5c 8e d1 65 00 01 .\..e.. success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.log

unknown 101 03 00 00 00 00 00 00 00 02 00 00 00 01 0b 6e 65 78 74 2d 6d 61 70 2d 69 64 01 31 01 46 6e 61 6d 65 73 70 61 63 65 2d 66 35 30 34 39 63 62 34 5f 38 39 66 32 5f 34 65 63 61 5f 39 39 31 63 5f 33 36 31 34 64 66 32 32 38 39 38 62 2d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 2f 01 30

..............next-map-id.1.Fnamespace-f5049cb4_89f2_4eca_991c_3614df22898b-https://www.guilded.gg/.0

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 26 f2 1c 66 32 f4 2e 00 26 f2 1c 66 32 f4 2e 00 0a 00 00 90 0b 00 00 90 10 00 01 a3 01 00 00 00 46 66 c5 58

&..f2...&..f2...................Ff.X

success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8552 36 27 87 19 66 32 f4 2e 00 27 87 19 66 32 f4 2e 00 01 00 00 90 0a 00 00 90 0c 00 01 a0 01 00 00 00 7f f1 a4 78

'..f2...'..f2......................x success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 26 f2 1c 66 32 f4 2e 00 26 f2 1c 66 32 f4 2e 00 00 00 00 00 00 00 00 00 10 00 01 a3 01 00 00 00 e7 93 34 c3

&..f2...&..f2.....................4. success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 26 f2 1c 66 32 f4 2e 00 26 f2 1c 66 32 f4 2e 00 00 00 00 00 00 00 00 00 10 00 01 a3 01 00 00 00 e7 93 34 c3

&..f2...&..f2.....................4. success or wait 2 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 183 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 12288 1024 eb ed e1 06 00 00 00 00 0b 00 00 90 00 00 00 00 00 00 00 00 02 00 00 00 e1 2c 1c 66 32 f4 2e 00 dc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1d ae 33 ed 68 74 74 70 73 3a 2f 2f 61 70 69 2e 6d 69 78 70 61 6e 65 6c 2e 63 6f 6d 2f 74 72 61 63 6b 2f 3f 64 61 74 61 3d 65 79 4a 6c 64 6d 56 75 64 43 49 36 49 43 4a 74 63 46 39 77 59 57 64 6c 58 33 5a 70 5a 58 63 69 4c 43 4a 77 63 6d 39 77 5a 58 4a 30 61 57 56 7a 49 6a 6f 67 65 79 49 6b 62 33 4d 69 4f 69 41 69 56 32 6c 75 5a 47 39 33 63 79 49 73 49 69 52 69 63 6d 39 33 63 32 56 79 49 6a 6f 67 49 6b 4e 6f 63 6d 39 74 5a 53 49 73 49 69 52 6a 64 58 4a 79 5a 57 35 30 58 33 56 79 62 43

.........................,.f2.

..............................

..............................

....3.https://api.mixpanel.com/track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRjdXJyZW50X3VybC

success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 5a 77 1f 66 32 f4 2e 00 5a 77 1f 66 32 f4 2e 00 0b 00 00 90 0b 00 00 90 10 00 01 a3 01 00 00 00 43 3b d0 26

Zw.f2...Zw.f2...................C;.&

success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 5a 77 1f 66 32 f4 2e 00 5a 77 1f 66 32 f4 2e 00 0b 00 00 90 0b 00 00 90 10 00 01 a3 ff ff ff ff fe 56 1a 47

Zw.f2...Zw.f2....................V.G

success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 5a 77 1f 66 32 f4 2e 00 5a 77 1f 66 32 f4 2e 00 0b 00 00 90 0b 00 00 90 10 00 01 a3 ff ff ff ff fe 56 1a 47

Zw.f2...Zw.f2....................V.G

success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 5a 77 1f 66 32 f4 2e 00 5a 77 1f 66 32 f4 2e 00 00 00 00 00 00 00 00 00 10 00 01 a3 01 00 00 00 ee d0 7a 6a

Zw.f2...Zw.f2.....................zj

success or wait 2 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 184 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 12288 1024 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.................................... success or wait 2 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001

unknown 7 95 7c b9 c5 22 00 01 .|..".. success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001

unknown 34 01 1a 6c 65 76 65 6c 64 62 2e 42 79 74 65 77 69 73 65 43 6f 6d 70 61 72 61 74 6f 72 02 00 03 02 04 00

..leveldb.BytewiseComparator......

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000001.dbtmp

unknown 16 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

MANIFEST-000001. success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG

unknown 69 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 30 37 2e 36 38 39 20 33 61 38 20 52 65 75 73 69 6e 67 20 4d 41 4e 49 46 45 53 54 20 6c 65 76 65 6c 64 62 2f 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

2019/10/23-16:17:07.689 3a8 Reusing MANIFEST leveldb/MANIFEST-000001.

success or wait 1 141C418DE WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 185 of 218

C:\Users\user\AppData\Roaming\Guilded\abbd23ed-3189-45f4-a3aa-f4a1fc07f303.tmp

0 210 7b 22 6e 65 74 22 3a 7b 22 68 74 74 70 5f 73 65 72 76 65 72 5f 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 73 65 72 76 65 72 73 22 3a 5b 7b 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 2c 7b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 5d 2c 22 76 65 72 73 69 6f 6e 22 3a 35 7d 2c 22 6e 65 74 77 6f 72 6b 5f 71 75 61 6c 69 74 69 65 73 22 3a 7b 22 43 41 45 53 41 42 69 41 67 49 43 41 2b 50 2f 2f 2f 2f 38 42 22 3a 22 33 47 22 7d 7d 7d

{"net":{"http_server_properties":{"servers":[{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000003.log

unknown 7 a0 ec f1 fa b3 00 01 ....... success or wait 3 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000003.log

unknown 179 01 00 00 00 00 00 00 00 04 00 00 00 01 07 56 45 52 53 49 4f 4e 01 31 01 1b 4d 45 54 41 3a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 0b 08 c8 88 dd b3 a6 86 bd 17 10 3d 01 37 5f 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 00 01 64 69 64 50 61 74 63 68 45 6c 65 63 74 72 6f 6e 50 75 62 6c 69 73 68 65 72 4e 61 6d 65 32 05 01 74 72 75 65 01 2e 5f 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 00 01 67 61 74 65 2d 73 74 6f 72 65 2d 6d 6f 63 6b 2d 67 61 74 65 73 03 01 7b 7d

..............VERSION.1..META:https://www.guilded.gg...........=.7_https://www.guilded.gg..didPatchElectronPublisherName2..true.._https://www.guilded.gg..gate-store-mock-gates..{}

success or wait 3 141C418DE WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 186 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 512 00 00 00 00 00 00 00 00 00 00 00 00 05 06 cd 40 00 00 00 05 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

...............@..............

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 512 4 00 00 00 04 .... success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 516 4096 0d 00 00 00 02 0f 63 00 0f c8 0f 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

......c....c..................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 4612 4 05 06 cd 40 ...@ success or wait 1 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 187 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 512 00 00 00 00 00 00 00 00 00 00 00 00 1d b7 31 6f 00 00 00 05 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............1o..............

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 512 4 00 00 00 04 .... success or wait 2 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 516 4096 0d 00 00 00 03 0d 5d 00 0f c8 0f 63 0d 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

......]....c.]................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 2 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 4612 4 1d b7 32 70 ..2p success or wait 2 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 8720 4 00 00 00 01 .... success or wait 1 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 188 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 8724 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 04 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 2e 34 20 0d 0f f8 00 04 0d 49 00 0f 67 0f cf 0d 49 0f 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 ......I..g...I.8...........................................................................................................................................

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 12820 4 1d b7 32 2f ..2/ success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 12 d9 d5 05 f9 20 a1 63 d7 00 00 00 03

.... .c..... success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager-journal

0 512 00 00 00 00 00 00 00 00 00 00 00 00 b2 c6 a1 0f 00 00 00 00 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 189 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies 0 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 05 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 2e 34 20 0d 0f f8 00 04 0d 49 00 0f 67 0f cf 0d 49 0f 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 ......I..g...I.8...........................................................................................................................................

success or wait 3 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager-journal

0 12 d9 d5 05 f9 20 a1 63 d7 00 00 00 00

.... .c..... success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager 0 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 01 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 2e 34 20 0d 0f f8 00 0c 0a 99 00 0f 67 0f cf 0e 8b 0f 2a 0d 57 0e 4c 0c 5b 0d 14 0c 08 0b a5 0b 22 0a 99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 .........g.....*.W.L.[.......".............................................................................................................................

success or wait 13 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\MANIFEST-000001

unknown 7 95 7c b9 c5 22 00 01 .|..".. success or wait 1 141C418DE WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 190 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\index 0 368 c3 ca 03 c1 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 d5 d4 d5 67 32 f4 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

.............g2...............

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\MANIFEST-000001

unknown 34 01 1a 6c 65 76 65 6c 64 62 2e 42 79 74 65 77 69 73 65 43 6f 6d 70 61 72 61 74 6f 72 02 00 03 02 04 00

..leveldb.BytewiseComparator......

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 0 8192 c3 ca 04 c1 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

............$.................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000001.dbtmp

unknown 16 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

MANIFEST-000001. success or wait 1 141C418DE WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 191 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 0 8192 c3 ca 04 c1 00 00 02 00 01 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 0 8192 c3 ca 04 c1 00 00 02 00 02 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 192 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3 0 8192 c3 ca 04 c1 00 00 02 00 03 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index 0 368 c3 ca 03 c1 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 1f 20 d7 67 32 f4 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.........................................

.g2...............

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 193 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 0 8192 c3 ca 04 c1 00 00 02 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

............$.................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 0 8192 c3 ca 04 c1 00 00 02 00 01 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 194 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 0 8192 c3 ca 04 c1 00 00 02 00 02 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db-journal

0 512 00 00 00 00 00 00 00 00 00 00 00 00 28 9b f0 c4 00 00 00 00 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

............(.................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db-journal

0 12 d9 d5 05 f9 20 a1 63 d7 00 00 00 00

.... .c..... success or wait 1 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 195 of 218

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\LOG

unknown 94 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 36 2e 34 35 30 20 63 63 30 20 52 65 75 73 69 6e 67 20 4d 41 4e 49 46 45 53 54 20 53 65 73 73 69 6f 6e 20 53 74 6f 72 61 67 65 5f 5f 74 6d 70 5f 66 6f 72 5f 72 65 62 75 69 6c 64 2f 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

2019/10/23-16:17:36.450 cc0 Reusing MANIFEST Session Storage__tmp_for_rebuild/MANIFEST-000001.

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db

0 4096 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 10 00 01 01 00 40 20 20 00 00 00 01 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 2e 34 20 0d 0f f8 00 06 0d 9e 00 0f 67 0f cf 0e a2 0e 50 0d fe 0d 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

SQLite format 3......@ ..........................................................................4 .........g.....P...........................................................................................................................................

success or wait 7 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 196 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 0 8192 c3 ca 04 c1 00 00 02 00 03 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

..............................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000003.log

unknown 7 85 ea f9 d8 56 00 01 ....V.. success or wait 3 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\000003.log

unknown 86 01 00 00 00 00 00 00 00 01 00 00 00 01 46 6e 61 6d 65 73 70 61 63 65 2d 66 35 30 34 39 63 62 34 5f 38 39 66 32 5f 34 65 63 61 5f 39 39 31 63 5f 33 36 31 34 64 66 32 32 38 39 38 62 2d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 2f 01 30

.............Fnamespace-f5049cb4_89f2_4eca_991c_3614df22898b-https://www.guilded.gg/.0

success or wait 3 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG

unknown 77 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 36 2e 39 39 31 20 63 63 30 20 52 65 75 73 69 6e 67 20 4d 41 4e 49 46 45 53 54 20 53 65 73 73 69 6f 6e 20 53 74 6f 72 61 67 65 2f 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

2019/10/23-16:17:36.991 cc0 Reusing MANIFEST Session Storage/MANIFEST-000001.

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG

unknown 46 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 37 2e 30 33 30 20 63 63 30 20 52 65 63 6f 76 65 72 69 6e 67 20 6c 6f 67 20 23 33 0a

2019/10/23-16:17:37.030 cc0 Recovering log #3.

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\LOG

unknown 72 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 37 2e 30 34 34 20 63 63 30 20 52 65 75 73 69 6e 67 20 6f 6c 64 20 6c 6f 67 20 53 65 73 73 69 6f 6e 20 53 74 6f 72 61 67 65 2f 30 30 30 30 30 33 2e 6c 6f 67 20 0a

2019/10/23-16:17:37.044 cc0 Reusing old log Session Storage/000003.log .

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\MANIFEST-000001

unknown 7 95 7c b9 c5 22 00 01 .|..".. success or wait 1 141C418DE WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 197 of 218

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\MANIFEST-000001

unknown 34 01 1a 6c 65 76 65 6c 64 62 2e 42 79 74 65 77 69 73 65 43 6f 6d 70 61 72 61 74 6f 72 02 00 03 02 04 00

..leveldb.BytewiseComparator......

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000001.dbtmp

unknown 16 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

MANIFEST-000001. success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\LOG

unknown 86 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 37 2e 31 33 36 20 63 63 30 20 52 65 75 73 69 6e 67 20 4d 41 4e 49 46 45 53 54 20 6c 65 76 65 6c 64 62 5f 5f 74 6d 70 5f 66 6f 72 5f 72 65 62 75 69 6c 64 2f 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

2019/10/23-16:17:37.136 cc0 Reusing MANIFEST leveldb__tmp_for_rebuild/MANIFEST-000001.

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000003.log

unknown 7 9a 1b dc 35 17 00 01 ...5... success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\000003.log

unknown 23 01 00 00 00 00 00 00 00 01 00 00 00 01 07 56 45 52 53 49 4f 4e 01 31

..............VERSION.1 success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG

unknown 69 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 37 2e 32 39 32 20 63 63 30 20 52 65 75 73 69 6e 67 20 4d 41 4e 49 46 45 53 54 20 6c 65 76 65 6c 64 62 2f 4d 41 4e 49 46 45 53 54 2d 30 30 30 30 30 31 0a

2019/10/23-16:17:37.292 cc0 Reusing MANIFEST leveldb/MANIFEST-000001.

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG

unknown 46 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 37 2e 33 31 31 20 63 63 30 20 52 65 63 6f 76 65 72 69 6e 67 20 6c 6f 67 20 23 33 0a

2019/10/23-16:17:37.311 cc0 Recovering log #3.

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\LOG

unknown 64 32 30 31 39 2f 31 30 2f 32 33 2d 31 36 3a 31 37 3a 33 37 2e 33 31 37 20 63 63 30 20 52 65 75 73 69 6e 67 20 6f 6c 64 20 6c 6f 67 20 6c 65 76 65 6c 64 62 2f 30 30 30 30 30 33 2e 6c 6f 67 20 0a

2019/10/23-16:17:37.317 cc0 Reusing old log leveldb/000003.log .

success or wait 1 141C418DE WriteFile

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0

0 24 30 5c 72 a7 1b 6d fb fc 05 00 00 00 42 00 00 00 00 09 ce 43 00 00 00 00

0\r..m......B......C.... success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0

24 66 5f 6b 65 79 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 2f 62 63 63 63 62 63 39 32 2f 62 75 6e 64 6c 65 2e 6a 73 20 0a 68 74 74 70 73 3a 2f 2f 67 75 69 6c 64 65 64 2e 67 67 2f

_keyhttps://www.guilded.gg/bcccbc92/bundle.js .https://guilded.gg/

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0

90 24 b1 aa 78 65 32 f4 2e 00 00 00 00 00 bc f2 58 a5 74 61 84 e4 37 6c d7 41

..xe2.........X.ta..7l.A success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0

138 0 success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0

138 32 97 23 8f c4 67 29 4b 90 ee 9e c5 1e 43 2b 67 f5 08 2c 19 6d 32 4e 03 e3 6f c7 81 62 12 b7 b9 9f

.#..g)K.....C+g..,.m2N..o..b.

...success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Code Cache\js\c7d43d944bc0a617_0

170 24 d8 41 0d 97 45 6f fa f4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.A..Eo.................. success or wait 2 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 198 of 218

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8228 36 b1 19 11 68 32 f4 2e 00 b1 19 11 68 32 f4 2e 00 01 00 00 90 02 00 00 90 03 00 01 a0 01 00 00 00 ae 62 2e 84

...h2......h2....................b.. success or wait 10 141C417C3 WriteFile

unknown 8192 6532 80 19 00 00 03 65 47 02 eb bc 19 68 32 f4 2e 00 a1 3b 1d 68 32 f4 2e 00 2c 02 00 00 48 54 54 50 2f 31 2e 31 20 32 30 30 00 73 74 61 74 75 73 3a 32 30 30 00 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 00 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 31 30 31 35 31 00 78 2d 61 6d 7a 2d 69 64 2d 32 3a 45 36 6c 66 58 36 77 31 55 73 6f 41 37 65 4f 46 53 36 44 70 50 6a 37 79 74 65 35 36 4c 76 49 6c 49 42 46 63 2f 43 38 4c 30 72 75 6c 6e 44 45 58 33 68 37 6d 73 33 59 33 4d 65 38 6f 4a 57 36 59 4d 76 54 4f 42 7a 4d 71 36 79 73 3d 00 78 2d 61 6d 7a 2d 72 65 71 75 65 73 74 2d 69 64 3a 36 36 36 34 45 37 46 34 32 39 34 34 31 33 46 34 00 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 54 68 75 2c 20 31 31 20

.....eG....h2....;.h2...,...HTTP/1.1 200.status:200.content-type:application/octet-stream.content-length:10151.x-amz-id-2:E6lfX6w1UsoA7eOFS6DpPj7yte56LvIlIBFc/C8L0rulnDEX3h7ms3Y3Me8oJW6YMvTOBzMq6ys=.x-amz-request-id:6664E7F4294413F4.last-modified:Thu, 11

success or wait 23 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8624 36 1d 06 3e 68 32 f4 2e 00 1d 06 3e 68 32 f4 2e 00 0a 00 00 90 0f 00 00 90 0e 00 01 a0 00 00 00 00 b4 0c 49 c8

..>h2.....>h2.....................I. success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8732 36 93 01 3f 68 32 f4 2e 00 93 01 3f 68 32 f4 2e 00 0c 00 00 90 12 00 00 90 11 00 01 a0 01 00 00 00 32 35 57 b0

..?h2.....?h2.................

..25W.success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8660 36 ac 8a 3e 68 32 f4 2e 00 99 61 3e 68 32 f4 2e 00 00 00 00 00 00 00 00 00 0f 00 01 a0 01 00 00 00 08 3d 73 50

..>h2....a>h2.................

...=sPsuccess or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8768 36 70 30 44 68 32 f4 2e 00 70 30 44 68 32 f4 2e 00 0e 00 00 90 0d 00 00 90 12 00 01 a0 01 00 00 00 e0 17 f4 18

p0Dh2...p0Dh2.......................

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8660 36 51 a9 44 68 32 f4 2e 00 99 61 3e 68 32 f4 2e 00 10 00 00 90 0d 00 00 90 0f 00 01 a0 01 00 00 00 4c 5c 5f b2

Q.Dh2....a>h2...................L\_.

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 199 of 218

C:\Users\user\AppData\Roaming\Guilded\53de1fe0-20c5-418d-9c46-b90cd3d2af43.tmp

0 210 7b 22 6e 65 74 22 3a 7b 22 68 74 74 70 5f 73 65 72 76 65 72 5f 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 73 65 72 76 65 72 73 22 3a 5b 7b 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 2c 7b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 5d 2c 22 76 65 72 73 69 6f 6e 22 3a 35 7d 2c 22 6e 65 74 77 6f 72 6b 5f 71 75 61 6c 69 74 69 65 73 22 3a 7b 22 43 41 45 53 41 42 69 41 67 49 43 41 2b 50 2f 2f 2f 2f 38 42 22 3a 22 33 47 22 7d 7d 7d

{"net":{"http_server_properties":{"servers":[{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 13568 22 1f 8b 08 00 00 00 00 00 00 03 ab ae 05 00 43 bf a6 a3 02 00 00 00

..............C....... success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\6b517e9b-eec6-4836-9329-79d239c254fd.tmp

0 76 7b 22 65 6c 65 63 74 72 6f 6e 22 3a 7b 22 6d 65 64 69 61 22 3a 7b 22 64 65 76 69 63 65 5f 69 64 5f 73 61 6c 74 22 3a 22 32 38 34 30 37 42 31 33 33 34 30 36 33 37 39 42 44 41 38 32 44 42 37 42 36 32 31 31 32 41 31 32 22 7d 7d 7d

{"electron":{"media":{"device_id_salt":"28407B133406379BDA82DB7B62112A12"}}}

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 512 00 00 00 00 00 00 00 00 00 00 00 00 4a 72 c4 bd 00 00 00 05 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

............Jr................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 9 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 512 4 00 00 00 04 .... success or wait 18 1435E5231 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 200 of 218

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 516 4096 0d 00 00 00 01 0d a0 00 0d a0 0d 5d 0d 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

...........].]................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 18 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 4612 4 4a 72 c5 e8 Jr.. success or wait 18 1435E5231 WriteFile

C:\Users\user\AppData\Roaming\Guilded\e32ddde7-d6f5-4dd3-a818-e1186261edb2.tmp

0 262 7b 22 6e 65 74 22 3a 7b 22 68 74 74 70 5f 73 65 72 76 65 72 5f 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 73 65 72 76 65 72 73 22 3a 5b 7b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 6d 69 78 70 61 6e 65 6c 2e 63 6f 6d 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 2c 7b 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 2c 7b 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 75 69 6c 64 65 64 2e 67 67 22 3a 7b 22 73 75 70 70 6f 72 74 73 5f 73 70 64 79 22 3a 74 72 75 65 7d 7d 5d 2c 22 76 65 72 73 69 6f 6e 22 3a 35 7d 2c 22 6e 65 74 77 6f 72 6b 5f 71 75 61 6c 69 74 69 65 73 22 3a 7b 22 43 41 45 53 41 42 69 41 67 49 43 41 2b 50 2f 2f 2f 2f 38 42 22 3a

{"net":{"http_server_properties":{"servers":[{"https://api.mixpanel.com":{"supports_spdy":true}},{"https://www.guilded.gg":{"supports_spdy":true}},{"https://api.guilded.gg":{"supports_spdy":true}}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 201 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 8192 296 e0 27 14 f0 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.'..(.........................

..............................

..............................

..............................

..............................

..............................

..............................

..............................

...............

success or wait 1 141C417C3 WriteFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 8192 296 e0 27 14 f0 28 01 00 00 14 00 00 00 07 00 00 00 06 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 4d 00 00 00 00 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00

.'..(.........................

..............................

..............................

..............................;...............................................................................................................M......................

success or wait 1 141C417C3 WriteFile

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar unknown 8 success or wait 2 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar unknown 4884 success or wait 2 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 172010 7188 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 239174 1934 success or wait 9 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 227857 605 success or wait 8 143F4F46A ReadFile

File ReadFile Read

Copyright Joe Security LLC 2019 Page 202 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 227081 524 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 4892 3580 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 218214 6920 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 84102 775 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 34389 8814 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 34073 316 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 181223 333 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 46313 5224 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 226689 392 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 97730 430 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 97457 273 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar unknown 8 success or wait 2 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar unknown 159828 success or wait 2 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 161430 768 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 160458 972 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10090706 1316 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10100198 291 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10181045 25788 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10257766 10284 success or wait 30 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10147809 1978 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10235587 2093 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10108551 1426 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11209986 681 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11364149 4151 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11190445 1343 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11194901 877 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11193608 1293 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11200889 1780 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11330060 10538 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11286109 2872 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11225871 22435 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 13093595 487 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 13094082 572 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10706355 433 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10773909 4567 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10727261 15593 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22554628 947 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22567336 314 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22567650 4475 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22561406 5930 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22603808 470 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22599697 3034 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 134558 1794 success or wait 1 143F4F46A ReadFile

C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 4096 success or wait 1 144C875C1 ReadFile

C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm unknown 4096 end of file 1 144C875C1 ReadFile

C:\Windows\System32\drivers\etc\hosts unknown 4096 success or wait 1 144C875C1 ReadFile

C:\Windows\System32\drivers\etc\hosts unknown 4096 end of file 1 144C875C1 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index 0 4096 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index 0 262512 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar unknown 8 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar unknown 159828 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12618195 713 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12618114 81 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12618908 1665 success or wait 10 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12649404 43771 success or wait 15 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12620573 1177 success or wait 10 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12694737 2753 success or wait 13 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12697490 1586 success or wait 4 143F4F46A ReadFile

File Path Offset Length Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 203 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12723513 278 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12714253 189 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11945349 1569 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20129260 617 success or wait 7 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22996214 9519 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20129260 617 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20129260 617 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12405637 553 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12396043 6939 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12406190 8836 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12395614 429 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 4870400 558 pending 17 143FAAA5E ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app-update.yml unknown 147 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11375165 2934 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11399669 2241 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11437287 4945 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10799764 5619 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10706788 2779 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 64675 13061 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12618195 713 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 162299 594425 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11109994 499 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11108510 365 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10884602 647 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10879439 4054 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11081497 514 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11078134 2244 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12582262 404 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12581006 137 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25059445 515 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25057814 512 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 15994913 402 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 15993542 252 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25061702 596 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25059960 633 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25066127 417 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25064926 82 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19574527 1295 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11109994 499 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9290239 1808 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9306434 1017 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9678823 617 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9679440 2921 success or wait 6 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9452451 1097 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9478342 370 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9479667 12357 success or wait 6 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9717447 4923 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9709418 3303 success or wait 7 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9515499 1373 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9565074 1357 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9562494 911 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9193247 1171 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9259687 1105 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9273018 1391 success or wait 17 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9731591 8326 success or wait 6 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9257568 1272 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10918751 340 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10915783 2968 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19833680 559 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10893019 412 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12533264 547 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12526772 6492 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9786124 501 success or wait 5 143F4F46A ReadFile

File Path Offset Length Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 204 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9781717 4407 success or wait 7 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9786625 962 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11938433 676 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11939109 1987 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25040115 4339 success or wait 8 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25034963 4889 success or wait 11 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 14966907 469 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 14963066 2764 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11534501 414 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22660853 782 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19459112 572 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20248138 14531 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9951620 523 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9950386 1234 success or wait 8 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19430581 1789 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19420428 1100 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19423197 5816 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19421528 1669 success or wait 12 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 13144389 792 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 13105957 118 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 13313911 300 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 13268791 173 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19838388 916 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22426575 730 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22427305 39575 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22477311 1720 success or wait 8 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21984252 785 success or wait 14 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21978216 6036 success or wait 25 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22249699 118402 success or wait 11 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12251222 516 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25463469 2266 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10044052 1914 success or wait 8 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9948826 453 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9943372 5454 success or wait 7 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19642590 900 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19695795 1238 success or wait 8 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19697033 7584 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19652169 4866 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19459684 2110 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19711347 7989 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 19723213 9600 success or wait 19 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9895089 382 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25766555 279 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25402245 735 success or wait 6 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25248595 153514 success or wait 6 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21768258 588 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21952600 734 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21952464 136 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21784458 168006 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 22400143 5554 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 23007257 1521 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 23265103 10331 success or wait 26 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 23275434 7930 success or wait 7 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25012160 799 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 25010932 1228 success or wait 25 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 23285282 558 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12276651 831 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10865887 372 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20183371 246 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 16029017 2442 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 16082244 364 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 16230552 12376 success or wait 12 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 16250833 12563 success or wait 5 143F4F46A ReadFile

File Path Offset Length Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 205 of 218

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 8977364 439 success or wait 7 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 8975772 1592 success or wait 10 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 14563204 493 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 14623551 39757 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20129927 346 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20130273 1297 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11109994 499 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\package.json

unknown 1270 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\index.js

unknown 1469 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib\utils.js

unknown 12494 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notifysend.js

unknown 2194 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12613423 512 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notificationcenter.js

unknown 2493 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\growl.js

unknown 1820 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\lib\checkGrowl.js

unknown 536 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\toaster.js

unknown 2479 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\balloon.js

unknown 4372 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9397102 1504 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20158208 318 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20157972 236 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 20153852 2849 success or wait 5 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 15179968 1212 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 15179652 316 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11018278 1152 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11016718 1560 success or wait 4 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 15167912 1166 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 15163917 3573 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 15167490 422 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11568461 21794 success or wait 25 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21768846 4353 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 11025017 2319 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21952464 136 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 21784458 168006 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10008053 1794 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10007013 599 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10006516 497 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10013727 941 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10003561 501 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 10004062 1751 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 12324810 177 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9440704 435 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9438182 1350 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 9368469 11895 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 23416 390 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 231590 2805 success or wait 1 143F4F46A ReadFile

\mojo.3212.612.9936922842776821803 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 pending 2336 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 success or wait 48 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 pending 139 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 3680 success or wait 9 14077C699 ReadFile

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat unknown 40 success or wait 1 144561758 ReadFile

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat unknown 40 success or wait 1 144561758 ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index 0 4096 success or wait 1 141C41539 ReadFile

File Path Offset Length Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 206 of 218

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index 0 262512 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 8192 512 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 0 100 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 24 16 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 24 16 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 512 8 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 97051 406 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar unknown 8 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar unknown 159828 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar 4504719 29165 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 24 16 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 0 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 5120 8 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 16384 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 12288 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\index 0 4096 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\index 0 524656 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_3 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 77736 325 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 2 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 1 143F4F46A ReadFile

\uv\0000000008348540-3212 0 0 pending 1 143F57287 ReadFile

\uv\0000000008347DE0-3212 0 0 pending 1 143F57287 ReadFile

\uv\0000000008348540-3212 unknown 65536 success or wait 7 143F57F0D ReadFile

\uv\0000000008348540-3212 0 0 pending 6 143F57287 ReadFile

\uv\0000000008348540-3212 0 0 success or wait 1 143F57287 ReadFile

\mojo.3212.4892.11193490944010046017 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 pending 140 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 success or wait 9 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 success or wait 71 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 pending 57 14077C699 ReadFile

\uv\0000000008348F50-3212 0 0 pending 1 143F57287 ReadFile

\uv\00000000085EBEC0-3212 0 0 pending 1 143F57287 ReadFile

\uv\0000000008348F50-3212 unknown 123 success or wait 1 143F57F0D ReadFile

\uv\0000000008348F50-3212 0 0 pending 1 143F57287 ReadFile

\mojo.3212.4892.11193490944010046017 0 4096 pending 6 14077C699 ReadFile

\mojo.3212.4892.11193490944010046017 0 4096 pending 10 14077C699 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 78061 1854 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 12288 4096 success or wait 2 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 16384 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 13312 8 end of file 9 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 2 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 78 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 78 success or wait 1 143F4F46A ReadFile

\mojo.3212.612.13989346862383033821 0 4096 pending 1 14077C699 ReadFile

File Path Offset Length Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 207 of 218

\mojo.3212.612.3771998298947977358 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.3771998298947977358 0 4096 pending 31 14077C699 ReadFile

\mojo.3212.612.3771998298947977358 0 4096 success or wait 3 14077C699 ReadFile

\mojo.3212.612.3771998298947977358 0 4096 pending 3 14077C699 ReadFile

\mojo.3212.612.3771998298947977358 0 4096 success or wait 1 14077C699 ReadFile

\mojo.3212.4892.8948107139877853457 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.17701210976939984408 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.17701210976939984408 0 4096 pending 665 14077C699 ReadFile

\mojo.3212.612.17701210976939984408 0 4096 pending 466 14077C699 ReadFile

\mojo.3212.612.17701210976939984408 0 4096 success or wait 338 14077C699 ReadFile

\mojo.3212.612.17701210976939984408 0 4096 success or wait 70 14077C699 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8192 36 success or wait 9 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8228 36 success or wait 65 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8300 36 success or wait 72 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8516 36 success or wait 47 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\CURRENT unknown 8192 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\CURRENT unknown 8192 end of file 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\MANIFEST-000001 unknown 32768 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8552 36 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8588 36 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8552 36 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8552 36 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\CURRENT unknown 8192 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\CURRENT unknown 8192 end of file 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001 unknown 32768 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\app-update.yml unknown 147 success or wait 1 143F4F46A ReadFile

\chrome.sync.3212.612.1887497707 0 4 success or wait 1273 141C8C8FE ReadFile

\chrome.sync.3212.612.1887497707 0 4 pending 379 141C8C8FE ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 16384 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 12288 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 16384 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 12288 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager 0 100 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager 24 16 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager 24 16 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager 24 16 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager-journal 512 8 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\index 0 4096 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\index 0 524656 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_1 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_2 0 8192 success or wait 1 141C41539 ReadFile

unknown 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\index 0 4096 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager-journal 0 1 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager 24 16 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\QuotaManager 0 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_0 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_1 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_2 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\CURRENT unknown 8192 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\CURRENT unknown 8192 end of file 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db 0 100 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db 24 16 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db 24 16 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage__tmp_for_rebuild\MANIFEST-000001 unknown 32768 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db-journal 512 8 end of file 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\GPUCache\data_3 0 8192 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db-journal 0 1 end of file 1 1435E5085 ReadFile

File Path Offset Length Completion CountSourceAddress Symbol

Copyright Joe Security LLC 2019 Page 208 of 218

Registry ActivitiesRegistry Activities

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db 24 16 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\databases\Databases.db 0 4096 success or wait 1 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\CURRENT unknown 8192 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\CURRENT unknown 8192 end of file 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\MANIFEST-000001 unknown 32768 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Session Storage\000003.log unknown 32768 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\CURRENT unknown 8192 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\CURRENT unknown 8192 end of file 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb__tmp_for_rebuild\MANIFEST-000001

unknown 32768 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\CURRENT unknown 8192 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\CURRENT unknown 8192 end of file 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\MANIFEST-000001 unknown 32768 success or wait 1 141C41665 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Local Storage\leveldb\000003.log unknown 32768 success or wait 1 141C41665 ReadFile

\uv\00000000043E96D0-3212 0 0 pending 1 143F57287 ReadFile

\uv\00000000043E9FA0-3212 0 0 pending 1 143F57287 ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 78 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\installer_user_data.dat unknown 50 success or wait 1 143F4F46A ReadFile

\mojo.3212.4892.8948107139877853457 0 4096 pending 22 14077C699 ReadFile

\mojo.3212.4892.8948107139877853457 0 4096 pending 12 14077C699 ReadFile

C:\Users\user\AppData\Roaming\Guilded\config.json unknown 78 success or wait 1 143F4F46A ReadFile

\mojo.3212.4892.8948107139877853457 0 4096 success or wait 1 14077C699 ReadFile

\uv\00000000043E96D0-3212 unknown 2 success or wait 1 143F57F0D ReadFile

\uv\00000000043E96D0-3212 0 0 pending 1 143F57287 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8624 36 success or wait 1 141C41539 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cache\data_0 8732 36 success or wait 1 141C41539 ReadFile

\mojo.3212.612.551907101532404575 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.7889329722385976343 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.7889329722385976343 0 4096 pending 8 14077C699 ReadFile

\mojo.3212.612.7889329722385976343 0 4096 success or wait 21 14077C699 ReadFile

\mojo.3212.612.7889329722385976343 0 4096 pending 14 14077C699 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies-journal 0 1 end of file 10 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 16384 4096 success or wait 10 1435E5085 ReadFile

C:\Users\user\AppData\Roaming\Guilded\Cookies 12288 4096 success or wait 9 1435E5085 ReadFile

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Classes\guilded success or wait 1 141CFA334 RegCreateKeyExW

HKEY_CURRENT_USER_Classes\guilded\shell success or wait 1 141CFA334 RegCreateKeyExW

HKEY_CURRENT_USER_Classes\guilded\shell\open success or wait 1 141CFA334 RegCreateKeyExW

HKEY_CURRENT_USER_Classes\guilded\shell\open\command success or wait 1 141CFA334 RegCreateKeyExW

Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER_Classes\guilded URL Protocol unicode success or wait 1 141CFB12C RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

electron.app.Guilded unicode C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

success or wait 1 141CFB12C RegSetValueExW

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER_Classes\guilded

NULL unicode URL:guilded success or wait 1 141CFB12C RegSetValueExW

HKEY_CURRENT_USER_Classes\guilded\shell\open\command

NULL unicode "C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe" "%1"

success or wait 1 141CFB12C RegSetValueExW

Key CreatedKey Created

Key Value CreatedKey Value Created

Key Value ModifiedKey Value Modified

Copyright Joe Security LLC 2019 Page 209 of 218

File ActivitiesFile Activities

Start time: 16:15:08

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1728,10815023912630156839,16051418799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=3828075260392862811 --mojo-platform-channel-handle=1752 --ignored=' --type=renderer ' /prefetch:2

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

\Device\ConDrv\Connect read data or list directory | write data or add file | append data or add subdirectory or create pipe instance | read ea | write ea | read attributes | write attributes | read control | synchronize

none synchronous io non alert

invalid handle 1 1F50260C434 NtCreateFile

File Path Offset Length Completion CountSourceAddress Symbol

\mojo.3212.612.9936922842776821803 unknown 256 success or wait 1 14077A32B ReadFile

\mojo.3212.612.16955843763870931964 0 4096 success or wait 1 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 success or wait 14 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 pending 478 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 success or wait 25 14077C699 ReadFile

\mojo.3212.612.16955843763870931964 0 4096 pending 2282 14077C699 ReadFile

unknown 0 4096 pending 1 14077C699 ReadFile

unknown 0 4096 success or wait 60 14077C699 ReadFile

unknown 0 4096 pending 212 14077C699 ReadFile

unknown 0 4096 pending 4464 14077C699 ReadFile

unknown 0 4096 success or wait 38 14077C699 ReadFile

\mojo.3212.612.16972633029143795516 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.16972633029143795516 0 4096 pending 12609 14077C699 ReadFile

\mojo.3212.612.16972633029143795516 0 4096 pending 971 14077C699 ReadFile

\mojo.3212.612.16972633029143795516 0 4096 success or wait 101 14077C699 ReadFile

\mojo.3212.612.16972633029143795516 0 4096 success or wait 102 14077C699 ReadFile

Analysis Process: Guilded.exe PID: 2824 Parent PID: 3212Analysis Process: Guilded.exe PID: 2824 Parent PID: 3212

General

File CreatedFile Created

File ReadFile Read

Analysis Process: Guilded.exe PID: 888 Parent PID: 3212Analysis Process: Guilded.exe PID: 888 Parent PID: 3212

General

Copyright Joe Security LLC 2019 Page 210 of 218

File ActivitiesFile Activities

Start time: 16:15:17

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe --no-rate-limit --no-upload-gzip --type=crash-handler '--crashes-directory=C:\Users\user\AppData\Local\Temp\Guilded Crashes' '--database=C:\Users\user\AppData\Local\Temp\Guilded Crashes' '--metrics-dir=C:\Users\user\AppData\Local\Temp\Guilded Crashes' --initial-client-data=0x934,0x914,0xb94,0x990,0xb98,0x145c524d8,0x145c524e8,0x145c524f8

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\Guilded Crashes read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 141C3C15B CreateDirectoryW

C:\Users\user\AppData\Local\Temp\Guilded Crashes\operation_log.txt append data or add subdirectory or create pipe instance | read attributes | synchronize

normal synchronous io non alert | non directory file

success or wait 1 141C48F56 CreateFileW

C:\Users\user\AppData\Local\Temp\Guilded Crashes read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision 1 143E7C131 CreateDirectoryW

C:\Users\user\AppData\Local\Temp\Guilded Crashes\reports read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 143E7C131 CreateDirectoryW

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat read attributes | synchronize | generic read | generic write

normal synchronous io non alert | non directory file

success or wait 1 144561834 CreateFileW

C:\Users\user\AppData\Local\Temp\Guilded Crashes\CrashpadMetrics-active.pma

read attributes | synchronize | generic read | generic write

none synchronous io non alert | non directory file

success or wait 1 141C35745 CreateFileW

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat

unknown 40 73 64 50 43 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 16 45 89 cf 00 af 47 af c6 ca e4 67 a7 0f 74

sdPC......................E....G....g..t

success or wait 1 1445616D9 WriteFile

File Path Offset Length Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat unknown 40 end of file 1 144561758 ReadFile

C:\Users\user\AppData\Local\Temp\Guilded Crashes\settings.dat unknown 40 success or wait 1 144561758 ReadFile

\crashpad_3212_DMKUXUWLJHVTVILX unknown 36 success or wait 1 144561758 ReadFile

File CreatedFile Created

File WrittenFile Written

File ReadFile Read

Copyright Joe Security LLC 2019 Page 211 of 218

File ActivitiesFile Activities

Start time: 16:15:20

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1728,10815023912630156839,16051418799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --background-color=#00FFFFFF --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9992040580958664645 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

\mojo.3212.4892.11193490944010046017 unknown 256 success or wait 1 14077A32B ReadFile

\mojo.3212.612.15264665218512001473 0 4096 success or wait 1 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 success or wait 39 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 pending 53 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 pending 174 14077C699 ReadFile

\mojo.3212.612.15264665218512001473 0 4096 success or wait 23 14077C699 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar unknown 8 success or wait 2 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar unknown 4884 success or wait 2 141C41665 ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 284027 7795 success or wait 1 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 239174 1934 success or wait 8 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 227857 605 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 225420 1269 success or wait 3 143F4F46A ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 227081 524 success or wait 1 143F4F46A ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

\mojo.3212.612.359819225083972514 0 4096 pending 1 14077C699 ReadFile

\mojo.3212.612.359819225083972514 0 4096 pending 7762 14077C699 ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

\mojo.3212.612.359819225083972514 0 4096 success or wait 118 14077C699 ReadFile

\mojo.3212.612.359819225083972514 0 4096 pending 378 14077C699 ReadFile

\mojo.3212.612.359819225083972514 0 4096 success or wait 218 14077C699 ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 4 14077A32B ReadFile

C:\Users\user\AppData\Local\Programs\Guilded\resources\electron.asar 245383 897 success or wait 1 143F4F46A ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 success or wait 2 14077A32B ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 success or wait 2 14077A32B ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

\mojo.3212.4892.11193490944010046017 unknown 256 pending 1 14077A32B ReadFile

Analysis Process: Guilded.exe PID: 4520 Parent PID: 3212Analysis Process: Guilded.exe PID: 4520 Parent PID: 3212

General

File ReadFile Read

Analysis Process: cmd.exe PID: 3020 Parent PID: 3212Analysis Process: cmd.exe PID: 3020 Parent PID: 3212

Copyright Joe Security LLC 2019 Page 212 of 218

File ActivitiesFile Activities

Start time: 16:15:39

Start date: 23/10/2019

Path: C:\Windows\System32\cmd.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\cmd.exe /d /s /c '%windir%\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid'

Imagebase: 0x7ff78e2d0000

File size: 273920 bytes

MD5 hash: 4E2ACF4F8A396486AB4268C94A6A245F

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: moderate

File Path Access Attributes Options Completion CountSourceAddress Symbol

Start time: 16:15:39

Start date: 23/10/2019

Path: C:\Windows\System32\conhost.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\conhost.exe 0x4

Imagebase: 0x7ff642e80000

File size: 625664 bytes

MD5 hash: EA777DEEA782E8B4D7C7C33BBF8A4496

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: high

Start time: 16:15:39

Start date: 23/10/2019

Path: C:\Windows\System32\reg.exe

Wow64 process (32bit): false

Commandline: C:\Windows\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

Imagebase: 0x7ff7ab8e0000

File size: 72704 bytes

MD5 hash: E3DACF0B31841FA02064B4457D44B357

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: moderate

Start time: 16:15:40

Start date: 23/10/2019

General

Analysis Process: conhost.exe PID: 3528 Parent PID: 3020Analysis Process: conhost.exe PID: 3528 Parent PID: 3020

General

Analysis Process: reg.exe PID: 3536 Parent PID: 3020Analysis Process: reg.exe PID: 3536 Parent PID: 3020

General

Analysis Process: Guilded.exe PID: 2656 Parent PID: 3212Analysis Process: Guilded.exe PID: 2656 Parent PID: 3212

General

Copyright Joe Security LLC 2019 Page 213 of 218

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1728,10815023912630156839,16051418799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=17680003858392036450 --mojo-platform-channel-handle=2984 /prefetch:2

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Start time: 16:15:43

Start date: 23/10/2019

Path: C:\Windows\System32\cmd.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\cmd.exe /d /s /c '%windir%\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid'

Imagebase: 0x7ff78e2d0000

File size: 273920 bytes

MD5 hash: 4E2ACF4F8A396486AB4268C94A6A245F

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: moderate

Start time: 16:15:43

Start date: 23/10/2019

Path: C:\Windows\System32\conhost.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\conhost.exe 0x4

Imagebase: 0x7ff642e80000

File size: 625664 bytes

MD5 hash: EA777DEEA782E8B4D7C7C33BBF8A4496

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: high

Start time: 16:15:44

Start date: 23/10/2019

Path: C:\Windows\System32\reg.exe

Wow64 process (32bit): false

Commandline: C:\Windows\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

Imagebase: 0x7ff7ab8e0000

Analysis Process: cmd.exe PID: 832 Parent PID: 3212Analysis Process: cmd.exe PID: 832 Parent PID: 3212

General

Analysis Process: conhost.exe PID: 1708 Parent PID: 832Analysis Process: conhost.exe PID: 1708 Parent PID: 832

General

Analysis Process: reg.exe PID: 5036 Parent PID: 832Analysis Process: reg.exe PID: 5036 Parent PID: 832

General

Copyright Joe Security LLC 2019 Page 214 of 218

File size: 72704 bytes

MD5 hash: E3DACF0B31841FA02064B4457D44B357

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: moderate

Start time: 16:15:51

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe'

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Start time: 16:16:02

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe'

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Start time: 16:16:27

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1744,5573674308552818754,12836452795403766593,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=9207653285252888424 --mojo-platform-channel-handle=1776 --ignored=' --type=renderer ' /prefetch:2

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Analysis Process: Guilded.exe PID: 4888 Parent PID: 3040Analysis Process: Guilded.exe PID: 4888 Parent PID: 3040

General

Analysis Process: Guilded.exe PID: 2052 Parent PID: 3040Analysis Process: Guilded.exe PID: 2052 Parent PID: 3040

General

Analysis Process: Guilded.exe PID: 3960 Parent PID: 4888Analysis Process: Guilded.exe PID: 3960 Parent PID: 4888

General

Copyright Joe Security LLC 2019 Page 215 of 218

Reputation: low

Start time: 16:16:32

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1728,10815023912630156839,16051418799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --preload='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar\preload.js' --background-color=#212124 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17956803505755404334 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Start time: 16:16:34

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=gpu-process --field-trial-handle=1720,3612721374803848552,5644943552135916724,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=415695429432039378 --mojo-platform-channel-handle=1732 --ignored=' --type=renderer ' /prefetch:2

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Start time: 16:17:08

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=utility --field-trial-handle=1728,10815023912630156839,16051418799537586715,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --no-sandbox --service-request-channel-token=2573616115676272192 --mojo-platform-channel-handle=3752 /prefetch:8

Imagebase: 0x140000000

File size: 99935952 bytes

Analysis Process: Guilded.exe PID: 2172 Parent PID: 3212Analysis Process: Guilded.exe PID: 2172 Parent PID: 3212

General

Analysis Process: Guilded.exe PID: 4948 Parent PID: 2052Analysis Process: Guilded.exe PID: 4948 Parent PID: 2052

General

Analysis Process: Guilded.exe PID: 4748 Parent PID: 3212Analysis Process: Guilded.exe PID: 4748 Parent PID: 3212

General

Copyright Joe Security LLC 2019 Page 216 of 218

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Start time: 16:17:33

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1744,5573674308552818754,12836452795403766593,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --background-color=#00FFFFFF --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5957444724175207007 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Start time: 16:17:37

Start date: 23/10/2019

Path: C:\Windows\System32\cmd.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\cmd.exe /d /s /c '%windir%\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid'

Imagebase: 0x7ff78e2d0000

File size: 273920 bytes

MD5 hash: 4E2ACF4F8A396486AB4268C94A6A245F

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: moderate

Start time: 16:17:38

Start date: 23/10/2019

Path: C:\Windows\System32\conhost.exe

Wow64 process (32bit): false

Commandline: C:\Windows\system32\conhost.exe 0x4

Imagebase: 0x7ff642e80000

File size: 625664 bytes

MD5 hash: EA777DEEA782E8B4D7C7C33BBF8A4496

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: high

Analysis Process: Guilded.exe PID: 4924 Parent PID: 4888Analysis Process: Guilded.exe PID: 4924 Parent PID: 4888

General

Analysis Process: cmd.exe PID: 4332 Parent PID: 3212Analysis Process: cmd.exe PID: 4332 Parent PID: 3212

General

Analysis Process: conhost.exe PID: 3580 Parent PID: 4332Analysis Process: conhost.exe PID: 3580 Parent PID: 4332

General

Copyright Joe Security LLC 2019 Page 217 of 218

Disassembly

Code Analysis

Start time: 16:17:38

Start date: 23/10/2019

Path: C:\Windows\System32\reg.exe

Wow64 process (32bit): false

Commandline: C:\Windows\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

Imagebase: 0x7ff7ab8e0000

File size: 72704 bytes

MD5 hash: E3DACF0B31841FA02064B4457D44B357

Has administrator privileges: false

Programmed in: C, C++ or other language

Start time: 16:17:39

Start date: 23/10/2019

Path: C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe

Wow64 process (32bit): false

Commandline: 'C:\Users\user\AppData\Local\Programs\Guilded\Guilded.exe' --type=renderer --field-trial-handle=1720,3612721374803848552,5644943552135916724,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\Guilded\resources\app.asar' --enable-plugins --node-integration --no-sandbox --no-zygote --background-color=#00FFFFFF --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11502117636683457093 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1

Imagebase: 0x140000000

File size: 99935952 bytes

MD5 hash: C977E562267A016639C757CF82A38F6D

Has administrator privileges: false

Programmed in: C, C++ or other language

Analysis Process: reg.exe PID: 2572 Parent PID: 4332Analysis Process: reg.exe PID: 2572 Parent PID: 4332

General

Analysis Process: Guilded.exe PID: 4624 Parent PID: 2052Analysis Process: Guilded.exe PID: 4624 Parent PID: 2052

General

Copyright Joe Security LLC 2019 Page 218 of 218