Malware Analysis Report

2025-01-19 00:01

Sample ID 241108-ybllps1jfr
Target https://drive.google.com/drive/folders/1SA9-T341C3nJ4RB4Up-f-mkAPO9Wkkad?usp=drive_link
Tags
steam discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://drive.google.com/drive/folders/1SA9-T341C3nJ4RB4Up-f-mkAPO9Wkkad?usp=drive_link was found to be: Likely malicious.

Malicious Activity Summary

steam discovery persistence phishing

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Detected potential entity reuse from brand STEAM.

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies data under HKEY_USERS

Modifies registry class

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

NTFS ADS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 19:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 19:36

Reported

2024-11-08 19:56

Platform

win10v2004-20241007-en

Max time kernel

1200s

Max time network

1197s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1SA9-T341C3nJ4RB4Up-f-mkAPO9Wkkad?usp=drive_link

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Program Files\Koalageddon\Koalageddon.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_5.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_button_select.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_neptune_gamepad_mouse_gyro.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\libavformat-61.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_down_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0210.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0320.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0150.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0302.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_l2.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p2.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\BlockCommunicationWarningDialog.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\GameOverlayRenderer.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\bin\SteamService.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\chunk~1a96cdf59.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_schinese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_ring.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rb_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_ring_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PayPal_Success.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_touch_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files\Koalageddon\app\tinylog-impl-2.6.0-8726c27d582d10eb1d365cdeb0c5524.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0324.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\GuestPassRedeemed.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_110_social_0308.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_b_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\ru.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0402.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_r3_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_100_target_0120.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamui_czech.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_schinese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_x_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_r2_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_portuguese.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_logo.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\btnStdTopLeft.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_french.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_czech.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_x_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r1.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0130.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_brazilian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_ring_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5a40f4.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a40f2.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a40f2.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI450A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI418E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C71B00F0-5060-3665-A444-1BFFD31FA5F7} C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d4141155d34ac580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d4141150000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d414115000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d414115000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d41411500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Koalageddon\Koalageddon.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Koalageddon\Koalageddon.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Version = "33554433" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductIcon = "C:\\Windows\\Installer\\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\\JpARPPRODUCTICON" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\PackageCode = "EFEAD4423A6F1324DB76D9F43705B59D" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductName = "Koalageddon" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F\DefaultFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\PackageName = "wwwwwwwwwwwww.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 46726.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 19679.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 573135.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1260 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1260 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1SA9-T341C3nJ4RB4Up-f-mkAPO9Wkkad?usp=drive_link

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02b446f8,0x7ffc02b44708,0x7ffc02b44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6852 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\wwwwwwwwwwwww.msi"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\wwwwwwwwwwwww.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B81E83D6AA788AA1FAFB187122AB010D C

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 8CD75D3A53FB778628D8EBE43610A544 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5952" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x26c,0x270,0x274,0x268,0x278,0x7ffbeee1af00,0x7ffbeee1af0c,0x7ffbeee1af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1588,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1592 --mojo-platform-channel-handle=1580 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2300,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2304 --mojo-platform-channel-handle=2296 /prefetch:3

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x500 0x504

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2828,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2832 --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3104 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 915A3A2E6F9625435DC49A3B5EF8FC4B

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com tcp
GB 142.250.187.206:443 drive.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 drive-thirdparty.googleusercontent.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.213.1:443 drive-thirdparty.googleusercontent.com tcp
GB 216.58.213.1:443 drive-thirdparty.googleusercontent.com tcp
GB 216.58.204.67:443 ssl.gstatic.com udp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
GB 142.250.178.10:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.178.10:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.178.10:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.178.10:443 drivefrontend-pa.clients6.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.178.14:443 ogs.google.com tcp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.213.1:443 drive-thirdparty.googleusercontent.com udp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 142.250.200.10:443 people-pa.clients6.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.100:443 www.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 youtube.googleapis.com udp
US 8.8.8.8:53 contacts.google.com udp
GB 216.58.201.110:443 contacts.google.com tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 172.217.16.225:443 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com udp
GB 142.250.178.14:443 ogs.google.com udp
GB 92.123.128.174:443 www.bing.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 174.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.194:443 th.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.175:443 r.bing.com tcp
GB 92.123.128.194:443 th.bing.com tcp
US 8.8.8.8:53 194.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 175.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
GB 2.23.205.133:443 store.steampowered.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.74:443 login.microsoftonline.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.205.23.2.in-addr.arpa udp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
GB 2.23.205.133:443 store.steampowered.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 signaler-pa.googleapis.com udp
US 8.8.8.8:53 accounts.google.co.uk udp
NL 142.251.18.94:443 accounts.google.co.uk tcp
US 8.8.8.8:53 accounts.google.pl udp
NL 142.251.18.94:443 accounts.google.pl tcp
US 8.8.8.8:53 94.18.251.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.google.com udp
US 8.8.8.8:53 clients6.google.com udp
GB 142.250.187.238:443 clients6.google.com tcp
GB 216.58.204.67:443 ssl.gstatic.com udp
GB 142.250.178.10:443 signaler-pa.googleapis.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com udp
GB 142.250.187.238:443 clients6.google.com udp
GB 142.250.187.238:443 clients6.google.com udp
GB 142.250.178.10:443 signaler-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.179.234:443 ogads-pa.clients6.google.com tcp
GB 216.58.201.106:443 waa-pa.clients6.google.com tcp
GB 142.250.179.234:443 ogads-pa.clients6.google.com udp
GB 216.58.201.106:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 142.250.200.10:443 signaler-pa.googleapis.com udp
US 8.8.8.8:53 addons-pa.clients6.google.com udp
GB 142.250.180.10:443 addons-pa.clients6.google.com tcp
GB 142.250.180.10:443 addons-pa.clients6.google.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
GB 216.58.201.106:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 docs.google.com udp
GB 216.58.204.67:443 ssl.gstatic.com udp
GB 216.58.201.110:443 lh3.google.com udp
GB 172.217.169.78:443 docs.google.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.178.14:443 ogs.google.com udp
GB 172.217.169.78:443 docs.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 216.58.213.1:443 lh3.googleusercontent.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 142.250.187.206:443 drive.google.com udp
GB 172.217.169.78:443 docs.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com udp
GB 142.250.187.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 2.19.117.21:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 21.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 246.197.219.23.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.124.170.33:443 api.steampowered.com tcp
US 8.8.8.8:53 33.170.124.104.in-addr.arpa udp
US 8.8.8.8:53 ext2-syd1.steamserver.net udp
US 8.8.8.8:53 ext1-syd1.steamserver.net udp
AU 103.10.125.156:27029 ext2-syd1.steamserver.net tcp
AU 103.10.125.148:27035 ext1-syd1.steamserver.net tcp
AU 103.10.125.148:443 ext1-syd1.steamserver.net tcp
US 8.8.8.8:53 cmp1-lax1.steamserver.net udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
US 8.8.8.8:53 156.125.10.103.in-addr.arpa udp
US 8.8.8.8:53 69.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 148.125.10.103.in-addr.arpa udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp2-lax1.steamserver.net udp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp1-sea1.steamserver.net udp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 cmp2-dfw1.steamserver.net udp
US 155.133.253.52:443 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 8.8.8.8:53 cmp1-atl3.steamserver.net udp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 133.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
GB 142.250.187.206:443 drive.google.com udp
N/A 127.0.0.1:57957 tcp
N/A 127.0.0.1:57956 tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
GB 92.123.128.176:443 www.bing.com tcp
US 8.8.8.8:53 176.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.187.206:443 drive.google.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.193:443 r.bing.com tcp
GB 92.123.128.193:443 r.bing.com tcp
GB 92.123.128.183:443 th.bing.com tcp
GB 92.123.128.183:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 193.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 183.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 20.42.65.93:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 142.250.187.238:443 clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
GB 142.250.178.10:443 signaler-pa.googleapis.com udp
GB 142.250.178.10:443 signaler-pa.googleapis.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com udp
GB 142.250.187.206:443 drive.google.com udp
NL 142.251.18.94:443 accounts.google.pl udp
NL 142.251.18.94:443 accounts.google.pl udp
NL 173.194.69.84:443 accounts.google.com udp
GB 216.58.201.110:443 lh3.google.com udp
US 8.8.8.8:53 lh3.google.com udp
GB 172.217.169.78:443 lh3.google.com udp
GB 142.250.187.238:443 clients6.google.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.200.42:443 ogads-pa.clients6.google.com udp
GB 172.217.169.42:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 142.250.200.10:443 signaler-pa.googleapis.com udp
GB 142.250.180.10:443 addons-pa.clients6.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.178.14:443 ogs.google.com udp
GB 142.250.200.42:443 ogads-pa.clients6.google.com udp
GB 172.217.169.42:443 waa-pa.clients6.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestack-pa.clients6.google.com udp
GB 216.58.212.234:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.212.234:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.201.106:443 peoplestack-pa.clients6.google.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 216.58.212.234:443 peoplestackwebexperiments-pa.clients6.google.com udp
GB 216.58.201.106:443 peoplestack-pa.clients6.google.com udp
US 8.8.8.8:53 espresso-pa.clients6.google.com udp
US 8.8.8.8:53 scone-pa.clients6.google.com udp
GB 142.250.178.10:443 scone-pa.clients6.google.com tcp
GB 142.250.180.10:443 addons-pa.clients6.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr4---sn-aigl6ney.googlevideo.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 173.194.183.169:443 rr4---sn-aigl6ney.googlevideo.com tcp
GB 173.194.183.169:443 rr4---sn-aigl6ney.googlevideo.com tcp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.183.194.173.in-addr.arpa udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 rr1---sn-aigl6nsr.googlevideo.com udp
GB 74.125.105.134:443 rr1---sn-aigl6nsr.googlevideo.com udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 134.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr1---sn-5hneknee.googlevideo.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
NL 74.125.8.70:443 rr1---sn-5hneknee.googlevideo.com udp
GB 173.194.183.169:443 rr4---sn-aigl6ney.googlevideo.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 70.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.238:443 youtube.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.187.225:443 yt3.ggpht.com udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com tcp
GB 142.250.187.225:443 yt3.ggpht.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.180.22:443 i.ytimg.com udp
GB 74.125.105.134:443 rr1---sn-aigl6nsr.googlevideo.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 clients6.google.com udp
GB 142.250.178.14:443 clients6.google.com udp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
GB 142.250.187.202:443 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
GB 74.125.105.134:443 rr1---sn-aigl6nsr.googlevideo.com udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 updates.dorkbox.com udp
DE 130.180.80.214:80 updates.dorkbox.com tcp
US 8.8.8.8:53 214.80.180.130.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.200.10:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 216.58.201.106:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.180.10:443 waa-pa.clients6.google.com udp
GB 216.58.201.106:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
GB 172.217.16.238:443 play.google.com udp
GB 216.58.201.106:443 signaler-pa.clients6.google.com udp
GB 216.58.201.106:443 signaler-pa.clients6.google.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
GB 216.58.201.106:443 signaler-pa.clients6.google.com udp
GB 142.250.180.10:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.187.202:443 waa-pa.clients6.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_1260_ICECROVXGJDRNQZQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2061e1c7b42ff3ea2a43903345690ef6
SHA1 5f26c5c653040c29886c32123ef3c0b8d9be9d82
SHA256 b32a45f9d09f1b6cb078125cb9d6bc859594e21051c7f13094abba25ddf25601
SHA512 640f1d37be18ff7a48c8fcce146217d856a030ca00077ac42aca6837265d3276ff5f7e297728df5ea5a591f72fcd511e1d3d84051fbe9057098ace97493aa92e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8bea2b581f5a7f68a67cca359538ff5
SHA1 bf00ce1a2e28726d6ad736e56e3e99dae3dc60e7
SHA256 f92e613a1028ecc5eae19cf808475e6044cae9b601c0fddd65f6fd462ca27909
SHA512 cff9c232c0c392f2d43206837ea53194778c500f2f37589c65d852cca727a35336e4626c0f92fa9d9b44cfcc8deb8d1ba27cc5a8a8631ef710cf5544ed071abd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47fd40b728e4b25b267c78d78eeb7443
SHA1 429937f0ac26834862b58afd768d007eb26d701c
SHA256 0173a3408e600f09d09e5b72200c2daa33a0f128b32d9a20df5f90b6e1e55fcc
SHA512 ea507998c8b0394608a63d7bc8bdc9e3ec90bb038a9a20e4ebedd4ea3006982092c33b6776f0abc6ae330791b9d88e54b07a8881d2fea48db263f49d8a77c029

C:\Users\Admin\Downloads\Unconfirmed 46726.crdownload

MD5 cbc8b390e065c29572494901b151989e
SHA1 238243867b2f2daf54ac0dd5f3b68f9d99f8abaf
SHA256 ca1fa9a7609ab10b7926400559cf073e5888423cc156af72c6027d72a89eea73
SHA512 e8deb190d9b00d9931f480754cd46b0fa16c4080bf12c25d024ee2c14e75e27a7ed9f9b357a456037c9123537910d5186b7361f359d44a25b175f55bfb9affa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7df81dfd795d863ec1e8b918f5224d31
SHA1 8b4e7cffc4746d6dbe4ee2da9a71f7a27e59c5ab
SHA256 724c739118e02df5461a4681b4c01685e40e12434477380634a67dbb5c958786
SHA512 c708532a3507fc332c4b1911132cb99659e290b74d2ba18b2e7fd7b3c7ba6093cb458030e94d0fd3d0557104443dcc4e885103ed2e81442a6216476be9ac90a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e109.TMP

MD5 ea80798a4e08e815867acf46e926a4bb
SHA1 c36aac50c2e128ef828227867a232f47d7fe1fd9
SHA256 231b7b055f667f9dbe28edc02f30041ef6e3bd36cec6f7d4edf22fbc2500755a
SHA512 a14d31f654c80b19dc2c414949abddf0b233f8d3ff03eae7bf025aa969db12c5b7fd8034e97f0ad190b5fbf683e15ec249ddcd02afc47fe28098302e4f46c8a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de831404997ab8230ef5f83ebfd40cbb
SHA1 66d642f44e1308c2987d9a6952eb683f2a543b8a
SHA256 2dd6e320bd360726875ecb7227eeead02afae3b76f78412a5d11e623d9c95ad4
SHA512 e1471c7479b9c673ad99a5b6ac1313c2a269de23e0f58134a2611eaa4f0340ff52d45c9cd7a7d528c23f0dde2642446f7290b1454c563cc7eebaa0aa38381cef

C:\Users\Admin\Downloads\Unconfirmed 19679.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e560fd17f48c6d0f68c9d8d48fca5581
SHA1 f2778270e9ac8f27d9fd5f583bab6dcc64365fae
SHA256 84daf64e28d9092e471419f82c41591232c0cbe5ad93f51e10f5b19ded8bb7a4
SHA512 5488e03f148a6467deba326d6f15063de92a3f8667f16b6006567ea68cbe6f74794abe6fb220beae0efa0e3ac7dcd614acc69bb497af3b2a82be2214cf5e6b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4fd394b7f06bfad32de478753dbebaee
SHA1 97205938adb2f685051f36509d49ffb280fb6ed4
SHA256 3299d62d616c03d35972e09676aae26e2bd6a49ecc45d88aed574802b1d51cd4
SHA512 8ae4dfec2b22de48ab5ddb02501dc26f5450309ab57230f253cb13fc577596a931828fa448f585b9d467fec37b7ebbaed6026bd836f94047c134640b98b63ac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 203cd4a74dbee7c9421112ceab313a9f
SHA1 d34acfbe58a00e7ea94c6930da95caf62da7d329
SHA256 548c39fe53e02167ad4cc729f3c7f9fa6b56f54993d9a968a200b3212317f84a
SHA512 4380cbfd9fe97868a04e67b124b3723adf26df9aaaa5cf7f8deacc635091e84ed0729d22ef2fdc43b1d26107200ee688bbe3e9b69832b0cdb9e987de8e70c25a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ad65035483c1749e72c597ab18b2786
SHA1 95213c0e1f967c5e2faced90189de84e5be8fbd7
SHA256 d88d8289b334530eea7bb1d9118e998fe9b54ec1ed03fe433782b78d6ccbf00a
SHA512 83d1fa43a81b81ed483aaa3001aaac2b33553e39304cc2ef80b26777bd71b6432267b9cfb9fd12794198d281aebd6e8ad4aef3fad5ea272f93144adef857b330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 80b2d6dc17f365342a447aa431c78e19
SHA1 459a6fdbb7c98252933bc0dd27956417f4f91c67
SHA256 b9129985bfb98b4175b841e7e471577b7578954f365bc8758996ded553b20415
SHA512 d0e4495cf204f39b49527cc9f15f0983cd05ef3186f61da278fc1ebfe1d8123c0cd2c1b8ee64f2589ab8af440b030f12255c280b6b9a185b1514d6a97a32cd67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b402c745c8ca2381b5d5eea4752e0227
SHA1 e72c26f536e283b1ab1f863424d34ead27fb7c58
SHA256 44ac595890c0fc15d9cf601f0a6a1fe57568f75f33d72e61c41b95106ed491ad
SHA512 7dfdbd010f737a2f95e1ae4f3baacc02f14ab9b78e13809c518bab15ad739076e79b05731c2af846e730b0be805f1e77a8cd47920c93a29650787a38973c7312

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

MD5 510ffcbffd047369f46c632c43be30f0
SHA1 671a1c05a49a4ba418c3ccc8dedb4f1c3f099e0d
SHA256 ed9ea8779eb1a8f90b06b0718b9e80858d8f86089e95e58602cebef0ee0caf2f
SHA512 6d8e04354fe17c17863e1820c38c49f5846dcb9b1fd973cac0018944550ea1bc97063e8cd8b029c14e33596565d20c8e40070ead9386d2d6d151d58900cc3879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8fec703e21d39bfdf675da4c85cdede8
SHA1 2dfb9f2504f604637611cdab3160ac7f2ca8a96d
SHA256 f6d8ff80054e38a0ce16d7b34480955d79f4442fdd48efbad402b5d23e255c57
SHA512 81bb8ede8000e503bf15fbbc847470b49c2c7bfe9bc636c9f21873ed47c9ea2e62eaeec7b3bf525d97991fa922158e79f3b621a28b560eff7d518ec45102a17b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9ab28e18dab4e45f4837d328b34c3379
SHA1 9e4e498ab6bd03a5f2f22477d8d0a1b72ae25c03
SHA256 19bedc4bae7c95266579275f940a4b5f659f4b67e1c1483b6108ae750e0ab70f
SHA512 b945d57d57e8c4d0a5b4f8d413b8ba9d439a5f49af8434ba058bc9b2eee7b8c627fe1f5dff9cd5151b8342b6d15c93234a97af21f6d74eeb358bca92138dd048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

MD5 98eaf699f517ff88bb2f595bddb2c5d8
SHA1 eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca
SHA256 7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582
SHA512 7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fe74c93c4742afb250c25333d4a898cc
SHA1 ba573b0d68472f3a28db8b9736af68adb74a5c99
SHA256 0466b35d3cd262b82545d277fbd89c3cbc9d315d6b35ac797b92a8d559d149ff
SHA512 517df22d15726f4a74b723a826cdc4b0f581887ae492e003aa3871deb756c3097f9957e5b4335ae89e1d4d71ae0920ab5d3e7d3bd3d456c98d53ebe6f0e591c9

C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e08dc07ab2db16f9b03957fb6f015e6
SHA1 d14fae26b0dad4c18911c1a61cf7d2225f867e40
SHA256 61b566559037c9d161169914afbe47d8d1fecf9d0e6d417744863c3ffb416d0b
SHA512 145b570b70e6538df8cfcdc70585c0bc09db883804214db699320de13175a0f06ba818f9ae065c3b77958cf89448c32cadcbf1bd0de700c6751ba59bdae8b1fd

memory/5640-1083-0x0000020789A40000-0x0000020789A50000-memory.dmp

memory/5640-1099-0x0000020789B40000-0x0000020789B50000-memory.dmp

memory/5640-1115-0x0000020791E90000-0x0000020791E91000-memory.dmp

memory/5640-1117-0x0000020791EC0000-0x0000020791EC1000-memory.dmp

memory/5640-1118-0x0000020791EC0000-0x0000020791EC1000-memory.dmp

memory/5640-1119-0x0000020791FD0000-0x0000020791FD1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e848fcb3790e87d91bf6b5c851b2133
SHA1 68ad4bc027478c948b1af89f00fc6b8cd8bf8a57
SHA256 70a239d9b70db34b69f79e1f0da2b2550d341f8c2be55c62a8dd92a3f16489ee
SHA512 d87cee8926a42817d067c7dd3ca0c25cd0fbd12947f4f0b391e5b38ac7973e80407a5228ad0a74220a6f033b25cfafd982f9d7980291a1f1bb85bf51cf8307ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87e08956e0e9e7758ba4a6ca7445337d
SHA1 e6708cf99093d5086bd647ec760440e9dda3db02
SHA256 7752f8ab0fd75f14c6675591aad05facbf142416e08ec976d0e297e8f63451c2
SHA512 34d5af7ccc99d9ce124e201582ee7f5a40a2757ae39087674c43a01e684106c84cf84a1ec2733acdcf2d60d9e2bcd77c00bcf0ac4c13d0b5612972d0e311e131

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ddd6c451492823ff598bc06bb78a6350
SHA1 6d7e8534c9a85684e482d68adfb4aab284709988
SHA256 0b3d9e7f4b7772e746cf2a546652856f52973d927aa31967b404809738dd8e33
SHA512 41587fd5a60954dd492046b28042c8347994f787dd5f1d749a1b2f2e369ca1377259107547352c14a2edf3067a2774f93c5eb049a3385d13072d4c8920a6fe61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b5a9110f6e6dd6ce01c623339af8ec4f
SHA1 2d5d856e0096c06af9d951cc76e12bb6efaac253
SHA256 b0e037f367e1f34011467cab22d9c52ae07833fea424d1e187a6a1c7de0798f5
SHA512 ff260eb05187727820bd426db4fa921c1d302833b50e76b41ec45cc405c4c62756afd7ef349430fd20783345d58e1a6593023c3ebadda7d4335da932c0d03ec6

C:\Users\Admin\Downloads\Unconfirmed 573135.crdownload

MD5 155295f8dbaae190dd34adadecfb302e
SHA1 c720229eb480dadd40649a2447b3e618a83d568c
SHA256 793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
SHA512 cd6d4405bf387faa538426a2cfefdecd4c7f3a649f4cfce1eab85cea22a345f304525d222a48785528b7e19f83b76a536a1895e3f32ea8153d93ddae29850dd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6068d4cc1e28d2f59e02e3ff0764c3a4
SHA1 dedb2b203d9ce12f0015bcdcb8813dadeba2522b
SHA256 188acb8c48d9492ce9a120235b8fcb4a50fa4165d8aeaf1dc759f75488cc8521
SHA512 9d88f7ad8ef4aef714d03fd81f42733427f002ab38d4d1083afef7b719d753b9969a4c64b0c97cd8018351ce7404dd18ba5fb06e8afe3a61074d5b0cd8c1ae53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 717719d74a306d9058260361e08de898
SHA1 7cbf9921bc8d6dabb1da7815118db7152d2423fb
SHA256 eb74552f0f91df9dcd6c39e1cd065531760c82630ab4a70170dad8768ca94e11
SHA512 4e1fcbd143febc7d1a8241d5eff6ee7d02b0ebf2e8c57b6be80e49dd927fa3fa90fbc0cce111d9888288e4ed01d2de6f1ce94a782c07dca75c6cb7c0aa752dc1

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3d283916b2cb01fb27567b66e111c63a
SHA1 8a88ac4a85c02b217484c34276fc80e0bba15a92
SHA256 00007c18c23ccbe408a44be42586439600998e612c694cea714721c35a6c6ccd
SHA512 aa06f056fd7f7d025302146f88c19318572390d5c8182ea74e5a4df2a99b420a2ae2ca1d35d7ff49dc7cd828f77196140043f3767172abba015d08ea0781483e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44c2ee8886c7204d5cf0fba3faec33a6
SHA1 c75b5cbc0512ffed4189ac132185c3f0698afe1c
SHA256 6ec85acb904715237e16882647dea69682df6c782a2fb8807dc6431229da0022
SHA512 44e0170b5e7b452cbcc5b43f9e13068c694b31a78654b9b1874ae3fdea455185eddabbf515aee4e01450d7ceb7dbe56146497c8e3f76f4b4c5ab3cd598c4e6a0

memory/1804-13411-0x0000000000590000-0x0000000000A42000-memory.dmp

memory/4652-13447-0x00007FFC0EFB0000-0x00007FFC0EFB1000-memory.dmp

memory/4652-13446-0x00007FFC0FD90000-0x00007FFC0FD91000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf~RFe5a3961.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b665a16cd63d1dff3c5c5390f16d30e
SHA1 6c0c09b8f042abc9e70d75924f3d430d43cf7b64
SHA256 afb1ca5e1fcbb3de8cc25181f52fbf0d21b4589a0f162a8485eae7057cbfb88b
SHA512 85902ad983e0d6d814776c13a1fe93f9ac0ae8aa457f5242c33fdfcd402ba8dfaf2972485c0e6a4476d131fcdec228de8c2d790827a50191c6c9f88ae949fc47

C:\Program Files\Koalageddon\runtime\legal\java.prefs\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Program Files\Koalageddon\runtime\legal\jdk.unsupported\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Program Files\Koalageddon\Koalageddon.exe

MD5 f3fee249c9335225e3af98f11d805f34
SHA1 1d5065a559c156c11caf81ebfa9f3366caba76b2
SHA256 edfc0e68e302b33410c0bcddca6bd2112f0816861cc9360e22b80c0004852e24
SHA512 f0652631f55e2530ff6e4b5462a48df7109a1969f14af8c9778b413fea84a0113e30c9281ff772921a981d45e8dcb9150d141cbc9b33d0fb98d3fec7a62e4896

C:\Config.Msi\e5a40f3.rbs

MD5 69083a29022e8820d451ec85c795a0f7
SHA1 2c745cca19a677d28983fb0fc258963a336f9540
SHA256 c8722d1f526bfd06eea9b38ce7ebc8ed32a0f65b882eaf3ebc43d161c64e9e20
SHA512 2e7e24519368d04a651fb0b66cfdcd0f5b336c665be8bcde176bbbd3a049b97985837bc992b6158bbcd0389acb9ae2e939f6a9532ea7759fd9f84585e6075809

C:\Program Files (x86)\Steam\config\config.vdf

MD5 79d9a690cad205693370300299235879
SHA1 d54c3d50aae53c34b1ac9b27cb0fea80275ee046
SHA256 634196c9e42820578e9c811cc1eab3a25207c421358a8a530f7a25eba2129508
SHA512 5679449d3e2a9e91b0682c2c90c9f1249847d6f1bb800414cd3aa6bb209b29f429c2ea2675599b98f9eff8a15603f460dc51ac4c03c57986bb4419b394d7f373

memory/5952-13835-0x000000006DB50000-0x000000006EE91000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 8426d1c71cc3b8002675ed69cba8c191
SHA1 4e366ea62376459004857725bde4b3b0bb2fca34
SHA256 95bc772e6ed26b4f549615b979d3c446fe1811036b73c8db1f4d61c65b6696b0
SHA512 43c32506b51d3faffb05a34ed61d46b00155fd23fc5b5a91e2baacae5231a8ae41a2b1a8996fce85c4f342fe89934ede440b0a27ed66c14c1116e620c9364ae6

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 1c94cf165896f111f54b5baf71970e9e
SHA1 c8051df2d76f690e3552837676899925a2b0fb54
SHA256 e2b2a319be8dfe7dca82be79bc1a476efbb0ccd5e7bbd72d68f90e1142e5de96
SHA512 33b88d9d49eda7410ccb6b6ccb17f6dc64a534020326f914fad2aad5d0f97df106597d018371ad4954740d031e1104c0452d85dfafdf00f39be5a10c4649fe91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea62aa4522424e944f9cd88024f74fe0
SHA1 3aede78b81fcf31b68f0e523cf640661a4de1629
SHA256 7dc3815ddb83dd49082755ce857a078fbeea81b30d2475fc4bc8a6623b71eb16
SHA512 dd2d9560aad8b66656bcd4da4cb0b00c79e55621e860b6028ddda2c193d7a48976edfd6ca138fb0e1db84c837d3d73f927d66e6a6c7d4460de4b9a759a12e22b

memory/2196-14006-0x000002434AF90000-0x000002434AF91000-memory.dmp

memory/2196-14007-0x000002434AF90000-0x000002434AF91000-memory.dmp

memory/2196-14008-0x000002434AF90000-0x000002434AF91000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna15333509564287943045.dll

MD5 e02979ecd43bcc9061eb2b494ab5af50
SHA1 3122ac0e751660f646c73b10c4f79685aa65c545
SHA256 a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a
SHA512 1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 603703664cff99f8f8539029896b0233
SHA1 21303ae7ff7fd12f0f066df971163db6a72f7d26
SHA256 01e35039d5ae75c34d12c38824ed2fbec176ea44b5849cf87de666ccebca09f5
SHA512 be143f4384e6c4ec41f604e05a7c4cd81746b88cb1bd32a918d5dce266d31eb85700c6c4cbdd0bdeaa76b3b09d76380c2d6adf4871597f43900a21fbffc1fff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0f085757bf4f53b2c29ff4e107b8fa2
SHA1 0a0d79f4dfe3669d8ebab3accdb50a257c8f7169
SHA256 71778a83f75e5b7e887aa7e3b8e62c23a83204743623855654e3877533e27ed9
SHA512 a86dff38129a112b47e8d959522b81acb1479161c20c55c89332d74242c9f9e38df9dc05e651b276630039ba712adee35303fb5104cf25b340d3b14133f67685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.dll

MD5 4a1a823e5cf4fb861dd6ba94539d29c4
SHA1 8e2f160783e159fdd33e806acbc5afb37f84ec4d
SHA256 f874fa379dc8557f5d640a17753900a7c1a1d5f93a13aeeef176316b8ccf0764
SHA512 018768c3dbee58ce5c42d00577160ab9766284200c37a173c0fb711c82db6ea6d8e7a80a66e0be5afe853dd8ab07a378db25dea0de0b6adc43b1fe9b7cf46e52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ebe724411fc9d464e8470bc585a2cbc7
SHA1 059a4724c79877d1e846586958a59021050a25f8
SHA256 df0d7f26045af50949f0b4a6830f276162083e185827570af904a594802edbfd
SHA512 d2d2714e2c5584ec59ecc26c98ec6426be8b08d17e7842bc92e1c3d0bcacbd30d81f2a56e80bc998dc69e5bcd791b2a171bf4bab05e66ec149b8cb497af4611d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae2a362940307d75c4623c943325a6ec
SHA1 84446cb638f6ddf07d5e0f77e6d44866bdf23462
SHA256 336061cb158df5bf6548c257c46d14283785cccd5f1fc66a8a4fb03e2b74e995
SHA512 cc5366b6fd6dd8f5d9482e617951cdb72b21b28b9d3b2965b76554668098b0907a612e843970782de69fbef073effca6f19551a199b2b69dc43f0594338ff399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7561fc8e638291ce5edd55b140e79a39
SHA1 0d8772ef261b217861b4504cd21b6132c68443f3
SHA256 0dc786c89595d41936fc96f77f834d099085defe3d7bb46549a499eff779dd85
SHA512 7a7df470ae235ca7386c15c9e1d575053d3aa8ec4dde440cb471574fade0dff55c3f254ed6ec5300128704d21e7a3920cbeffe79f4323a03383cf62ae1c00af6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 48adbcf4a6eecfa6df46a5e53a6b72b6
SHA1 de24e4c1890f72fd708f243be561e77eb387e68b
SHA256 9b4a46bf267e4cceb9ef57e92afc275607530bbd2104151c4f863711e3dfc75a
SHA512 dbbba5a12a7a554c0e813c45059819088867f7186fb89193d4dae9cafa79ddd81cf14fc95ae920556f092ee667e7fc9574074dd2f9da06542475e57473322576

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f5977200311bb39aad58a9eb47b3a6e1
SHA1 5ba8b3083344c9ec89a25488b7606ba89ca2afcb
SHA256 755b737d65dcbe08c4ed9e7c7a0f624ddef88ef4542ac9a0b7ba74fbb1cfffb6
SHA512 b35610bde7741e2448dd6810585a472f556c2d6a6b915b1a8c682dabfa6287b98020a85482f49360da0ccc3ea6454c87a4b89f34724d5544e92676edafa90eee

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 09154e5dc15028b9ee808a0467dbc330
SHA1 606dce49f7a1f6928d019f8e3fa13af38a636560
SHA256 6e0cdec0fc86fbb8c9915404e058e3b5218a260bde54347dbb99421a2f1f41ce
SHA512 e5d9c3172a272c2061a689129e60a1daaeecae79d1a0588bf08b59f598fb6034436a3623e5a327a39e8f106b2c4875c159f28d301f20e5488b583ec544d2ebc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

MD5 74271be4cf454fcbf6e96ac88b08277b
SHA1 e89d89325746581b630e8d88ac9977cbb089b47e
SHA256 8e2e82123fa233106cd4589032c566df9aecf7f7a7b496e6aec2fb0123289316
SHA512 fd2e13fb77254eb99ca16b8b6174fbb676ab13f593c0a60bce285ae04d9679214eb110218f2496e50432ffebf05219564f9d53e823f86746327a60680bfd6470

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 9a95812cb17f16b3be234454aae14f6d
SHA1 e5786798e510473ab441c232d9e0e413a10333e0
SHA256 bcafb4b7e44312e55ead0b9804468198f31b2faeb746ee704da79e73b7237ab9
SHA512 f194cbed627bac70c24ce6af1b53be7bcbdd3b181501a35480711af7a7371512580328e56c2577afe0a558d60053297d008e501eee514c42a1ceff164fc03a2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d616a5ec366266fe586ac63dccc437ba
SHA1 40120f3b10b40232d48bf35a8708d7becf776a8b
SHA256 bf3970d3b322d7959d5bc2ba8dd792e11113708b609e5e8410774c0d868597e5
SHA512 143b66f4f75bc20ad53e70f4f8624f52d2b73ce2b5677854855d7277b83fda261892a7b5367e2838735fb53dd0bc1ce3618486d912fd312c74fa4611c55ec478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 638486a3b721a9d13a53bb8dd631b22f
SHA1 f67b871f79e201b7bd61e85e9717e76d2f4f845e
SHA256 3ded29fc3a6244cd81e8ec426f748a7b38aaf396e90d7f6f93edb00de6be2dc1
SHA512 bee37cbf459673966c01c04f6d566daf02b349a59b09a58da4202e588efcbdb8f2eca98d3052be85e110028551ad9361906d3b8c193c50979b17f8db8985145a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 748da140c27a0d76a59a210178f24aed
SHA1 191b440d1942a24863d81867bb80a3568a4c6887
SHA256 aee0bff9283c83c48da206dd3efa4d5cb47379746f855ea927c8d86895b3c86d
SHA512 a6f21792e8358a3a053600eea5e4ba19d1aa90c403ade43429a7a9cf326278cf830b0f3329d2dd98fe8534dcd58a4f873947744606f44276c54508e248100ee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

MD5 fb3c276741b32988a924bd18a77b4be7
SHA1 274e35017eed901fa830dbba4b964e0b520f291e
SHA256 06dcea053e8b47cf1f427e8d926330565c599ae1a79635adeafe72e4ec7091f9
SHA512 da31004dfba075828254757ecfc63bac611cd8067af2048dc346ff8153f6cab032cbf5b5e1b64e42b3e82aa86ee6d63372a864404940dfd9fc5543c77c05796e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e84abd223b5fba0_0

MD5 df6eb965a68b3270bb21550cd43c6619
SHA1 a844a3f090d346a8b3187a05ddde7745381cf372
SHA256 fc00d3afdfb2e0c12b57920dd35479f204a7bd364d004c5d8ca9085f1c8194b9
SHA512 804a8c6bf6a3d3f603b91f5e62afa6521d7a7db05e6b50eef044fe64acaccf6481dd1e474d8c41aab803af1dbf14d2d9010042e5cee191c1f49e26f246ff2a23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

MD5 b369a6c1b7bc38b74276602c7fc6dc0f
SHA1 b016f10facafad9b45054375e3ced0dd0576de2e
SHA256 3e2fc21acde96a96aa664d5520144e24dfd567ea4a7ae00ff1583cafd4b7e072
SHA512 2f8f43fd1a199fe54c17d2a05b8cee4aa8a3b021533e90c0d5129be59db636999d834a5ef127069150234c1d04a6376a84b123e0c057b9080262240462300b3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98e3059f988c5c4bb02fe79b448edc10
SHA1 ce886e9d850278eb46046ca4e855b3d5bb9b6463
SHA256 c621d7453037740c1f939c2e146f69bbd172ace15ce973017c6473c2ac9c2a64
SHA512 61aae128502b53bc531c37be33f2b215461f7774c0a96df97272a0034397dc6a04bf5d8ae89197b086076e6512d460fd6dd9ec0051408262c78c329d1e97593c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f48be751edc130c134164415155ba2e0
SHA1 3555965dfd5a35d3234288dd818553aa36705861
SHA256 3e50f171fcd3abd673251f0fa2acc7b1662e5b428e20a99d9046f23317c6531f
SHA512 ab20e3fd1ff89573b704e9efce1444c6233ad41566d517180ba1519aa942c8ea358266d55e7775b7f943eac7c54e87de68e86d964df74bd3a1fc5383ab222b9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ba2274d2-341f-4006-9d31-49a7668ac768\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 413f042139471d88dfee5db22146786d
SHA1 db32701fd1dfeeb9a1b51f5d56d891f07e928af7
SHA256 da03361182b2b87edacf9033ff6a8f26fa1d83090140ec5f989b5fe498640166
SHA512 d41099b4b722f1b98c13b18a091a24fa09a980143b479c9568a615659640ca7ca2f16a28a719d556c82ea4045f34116de9b7c152870724b3d1844e374f605622

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 08f9f2b5fb8571c53b086c594242d879
SHA1 da3d31c06dd9d1b6b88b851a6f355ce141934012
SHA256 35498f6f10005256a82626873e33fd3b59410929adbff9dbf1f676217e12fc2d
SHA512 24365a7f9c6fd512bdf413287f7eb483f2082baf6a5e7bb9edfb0cbc404abbcb842c37280387dac4a5c920e33ae5b3fa6b1fe70b9f1eb1a81e6642c633a73181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cf7dc6a9e12ba05a4943d89ea7deee3f
SHA1 b1bbd26c33482bb1d46d70136126ea4066e00696
SHA256 3a3aedf7875a2f534d161bcd1e22099380c62254075d5f59d214b0b909921dbb
SHA512 b609773563d1aa7cbb7c4fa4c5f5c57b5c9b74229b393310a3d43806c72d391a91478c8152a796d8c36413038206edb263dc7d797f7539d079be699d9f65494d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 869c91071b92ae0d9a0fe6ecef193874
SHA1 3f8b2314e442c7bf2ecd117b35c30f48686fadc9
SHA256 af6a83e355a10724c4ba307c204bdd07a80271149abf484508bfd0514fd63724
SHA512 ebba5e06f10e5a9ff3c8cbfeb9d08325e221d4037c27c1598a13f04c9638043ae4196b758144e362408568efea3c2fac65ff48bd851d4bfc00d9baabdc244602

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 609ab19b06410be8a216b2b7b20aea30
SHA1 5150f11b0e7ebbd9c42f97d593d49a36928a2271
SHA256 a14706ba30d1aa1127278fbb008b3e5e56f2db8baac11bf37074ba402b70061c
SHA512 99c616016fa885c770f873b4856d5568898039c4b5ec6aa300043f231dcc81e93ac82e6763b8a2e659804f37c3294a41d9a85d5f52d3f866350f8c1757d6361c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011c

MD5 1183ace68690f4de0c3571f4ed05cc57
SHA1 bd7478a0244ec28985db90d59e72604c687fcf1e
SHA256 87a41d8b8a5ea4808d65574908b2c63e0b925b06a8e2809b69b9c204f235f62c
SHA512 0a82d1ed585d014a25ca4ff3af2e64e83f3a529352a8893b24f4f1150a495de45906430e0ec0bbf0b91ac62e94c80985ad64dea2df45fb8ae2a7621be2dd5d9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa1be44ee1b84118eb0dfded24d273ed
SHA1 6a0fd5359bd386ddd0518233480edee4ab3de6d0
SHA256 c80c7e49447df6345587ce0107aafde31dd771bed293f9c612796862b398f7c3
SHA512 7e145140d46c2153344abb6a11e20c9f2b8770008b5129ea235dc714e3cc943b0462897afdd78964c5962e2d38c026dd920c2ce4b08c4b6b09453cacc0b899ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011b

MD5 18a64802714cd620582e3070cfe247b6
SHA1 8b07b5a18b9378816ad4ea50545aae6c28796262
SHA256 c920432f90cdfb91ca4074cf59d22871407e1d2ac429b95c5ca46690ea4314f2
SHA512 f8a66354bf3b6ac887994f48e84d5d35fa38684c0c621f90fc9c846074518ddec7e3f89ca6a924456c1f54f8323ed2d5649893bc2d62061724e281a9a9028ab9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24bd0d66cd4daf35cb1f08d82eef3a09
SHA1 cf0725412bec0c01f31c65f571f454131ef7f0a9
SHA256 297456197106a7988283793c58facc5c6f6581770b14eaa3b23380b4dee120bf
SHA512 5f97da611500d23decf6a97c5b586fead7efd030332682fdd919d7c2c1c6103e5f20461f8aecd828f0443c4d429f8ae74e46672d5223a3c452ce7fe9b9d036a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c9499efd929c8531549762f94b3de564
SHA1 9d6b84abd82d5b5902916549edbffc47613244dd
SHA256 b061e8fb79474a304b90c4a41c3f67782c262faab39d77dc954cd489ef672461
SHA512 9c881bf0f1a68e10d511647b5391d4e59bde25a39c7277274769348046e6f054843b3f08493cfe6c9bf3aa5158e5c4cf7f03a6eabfc5861ecc89fe3e71ad4cd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 532fd1ab422d4bb9746ebc9e7a03d3e7
SHA1 3e6ade09bf4f9171a0b3413625e77ec85b69c651
SHA256 cc68a9ecf8d6a7de35f96033d5d80c0e0f5c1b80faf89a7982ade22861399e54
SHA512 e666ae3122dcb03c5037ef7b1db051edb34c9560f6ef48839a7950dfe06ee192ad36d56dac5f6dde9a8f4a3496e7b08abd6a784502fb72b8ad45de159995020a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c72a7.TMP

MD5 1b993732d3be9f1c117b581d5a5b296a
SHA1 6134f5f1d99231a14357411635e94218c1c0eb5f
SHA256 5a091038718771fed7dccbef676ad9203b0c99c4d1f7b97e8bb47cfae2ca6786
SHA512 a4c12e2c5aca34d475f54de441f60111c79bc855cf58758bd3a9033f053b86451cb08b54c917eebbaafb7380fb2612d573ca3f2883328688718a4c8f4729e40e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 272ec2ff2ae74fbf617372c3bbe546b9
SHA1 c62c939a637271fb40c5fbe0521cea2542940916
SHA256 854f815e9240ec11fbc8eefa09b6fcd0eaf469ab74a6a7e06e7dcbbd159e806b
SHA512 45e47895cb3fc183a10a353ad9ab14a2b0fd7d4362863fc4dd09a9aed547621ccc8d7d03b20ca290bc37db41a98e6d0cb96628661f91a034c8c8605bf7da118e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dac30d4dc4c3a4df5c0d30d92e86d4c0
SHA1 4ebfd7831df5c0c67d04c0ba497629d3d1fa4338
SHA256 725d8393a597d67142371108ba524eb672de5824f62de38c5903df3d79c90a48
SHA512 deab8939d10bddf6f1c6de5967ed8028ae4173093ecd95dd2c181113e16a10342af3237b0a2f3636633b59f4fbf844d26617b3a859e5fe315c1b57fc3b5c12e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d3b1ef1-9848-46f6-9510-ba3e65be4de1\index-dir\the-real-index~RFe5c8082.TMP

MD5 e71f1a11a057cfff9103ba7fb21e7f89
SHA1 833beec3c88c12d6aeabd907a384083929d94b2f
SHA256 50dca4d427eb5230336e4c073d5a12417e285e53ff1fe3e53f29d5354eaac0c2
SHA512 a6c5d6306866235ec4150fda6bf8d191349bb48c277bc8f5d67da67c25f85f888e7a91e293b72c74d5bc423c6c285f6de6269e8eea1332cfdafac05a33afb2e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d3b1ef1-9848-46f6-9510-ba3e65be4de1\index-dir\the-real-index

MD5 22b445b5c8783bcbe2f351d68e2a3761
SHA1 494ccb0ad3511dea853925148a5ecbf1da0e2ac7
SHA256 49537d1bd8f5b7afd29718c0fc8191eff5b179ed7c327fcae5c9df06ce9bfa3e
SHA512 da2ecc535764b82a6d76ed6a5f4fb916911f2bc0afb1e383b35605fd16d75650d1a79044a026dd921505b8f14909b620ad10d53c05386410bcc9233a4342e360

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6852fe39-85b3-43d9-bed0-eb8b9291dc65\index-dir\the-real-index~RFe5c841c.TMP

MD5 a9e29e6292730da26ce4f2589343eb9c
SHA1 43d388530b5ee5a30c2111ad2c6df1ca38cc159c
SHA256 88ec829425105038e029fbcbc2746307b8aebd006f6c27851fadcd94527e8e48
SHA512 7d545332d67c47fd258b69e58a4b1bb9bc196320fd170d5a4f03ad3b1e6c44810b88ea4ff9657bdc87004b4aecd8af17705e3cb8a9ac0c5b6ae855c926ad7b49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6852fe39-85b3-43d9-bed0-eb8b9291dc65\index-dir\the-real-index

MD5 2c5d12929de65fb3745221329835e400
SHA1 73c9f780a484c43ce725c47c96e621fbe3e07e9e
SHA256 fe4fd4475be56ebd33f9560037abee132dc100c9260d413b9dd4db0a663febf5
SHA512 0a65600c8c85a1c57698739afed341d20c4110385c8718fdd2d9950b88880cede119b8b10037e9664b24691d04a3c103b45da8063d19e6e51a10fab2e24f2f0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1a9d8c59be386e54d37569ab504cac91
SHA1 268b4289c68ffa3bd5ff1ab495317f82819df6e4
SHA256 9a7ffaa4894ff5aa3825b455adaa2c26206bd20628a1b400282d4696fef1f752
SHA512 629eb06985fd3812a44e37845a089699f7b50ddfa79151e5a5446692cc18007847627d43f939a1c06d13bed8c7dfc6d1125b2753b6b85bbbe1e33c484c80b810

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c48b22ada7e32c427ba01422fba7a8b
SHA1 9f4377b717b27dd1333b84a06374b4a6056ff3a2
SHA256 4bf10d7050d2abb75c7ec1bc2ac1fbd21327398dce6beb9c0f4dee6720a2ca8e
SHA512 068fbebcd33a4814d69e1aa050cf7fb2e44f8aa38c575b38173a7fc415bcc592c01321a4d94fd510e5219aa31bef4b3feb9b78ae3125a1316d346e6f22949ce4

C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json

MD5 6b996582c7f18d47def5d0309e070573
SHA1 6e4fb5cc554d780baee894937d9912ac43fde5f9
SHA256 2d6e2997c46d8134c6c1b593f1f678e60b1b36f7c26a97a08e69021c1237e575
SHA512 2a73cc63e4efe1bbeafc57c5505fbb54b1eace6b41f86e1449a90acfe83d7eabe84578ebed551e45ffec0f6299e3e12e0c7fa36885d1ac5398e5d259f39d9259

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab

MD5 657e4123495b24c07e4439e77c68315b
SHA1 2376950689f7fca24b12e1f4c7b575f781c635df
SHA256 8780c68fbf1411627b172305e057d6bc764fe6b21415f68fa79788e60e879328
SHA512 58be54dd8b8bf5f0f18f85f2ce260f88b43432241d5a6ac5df738fb8b48844c844515724a56f6cef532e73f35a196f7d4a40618794c20d4ebf15623e717670ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

MD5 e5f64900f6aa40e98bfb5e0d2ccd8b57
SHA1 f0d4f379dab620aec6013fc34a3a13c44d2bab69
SHA256 f7a0a1b89761ccbfc86ff4750aea0e2103d8fd9cc61edcbda1cea13f8378a5a1
SHA512 cd788fe4dbfe052dd3ec9f61f820a16639c803a7898483cfb7f594a636f39cf5714d3a8d31bfcd58fe1439dea39ec335910ec1953cd33e570c5b319f3fc7f2bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

MD5 abc17c281da1d55e7117539bcb6b5307
SHA1 116b9fb89602b77a9fdc22243210d7b0776e53bb
SHA256 e0314fca4fc65bafb23ea76167b002a0fbca126d9d72ff9767d00cce80fa39d6
SHA512 8ee84adbb15ceb5872b46782b1e0da1e9689f41cc7a9cf63cff9eaf0bbe0f0008306e46ed3372a12c00343e43c6b02f27be7e6bd69dfc1f4a22cf25ebee11c8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

MD5 66537f38aa4fa3c401cf6f6bd8462775
SHA1 64ffbb55fe056eba6bf3612c9a5d1285f9a3980e
SHA256 556599f140a88d3a4af9d208511944a7d4b8299b0e7814b79f003b33a72a2653
SHA512 a4829963bed35031f8e84d4c50937ba7f7320d865f3c11128bbeabae4784154e2542bd1184dd374644a37a12fd58e2157b9636a17e7f919e63862045426fdf49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

MD5 8943c357ab330704505e0edb24eceb39
SHA1 fd878380524cf1972e38405eafb6631cd8f2beb6
SHA256 78a417178031c8690c8ab8f70041b2cfccb730d38aa5bf354445e42d047cbb48
SHA512 38ed85c5a08387bb9b7669f15bda894dd6adc899cf65983f1fc396bd491604505658c86411659fde0b9660fa244715d58d8e4bc1189fbe194d9139939e791562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2b9eb761479c4a4667d428f44b57b45f
SHA1 eb86e00a68ce64ca46e501dde0685410ef605483
SHA256 e4904421cb78ff7f63760187f783098d91285afaec75a843dc9338c53ddd1d9e
SHA512 8bf6b78dfbd2469e1d1a3aff5a2d42bc82d78234cb64ee7f9d42f94614e2269899411cfa03d600f29155a8800bdb87aa5f399e5cf616861e7ff2125bf6896959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30a275f02af888ab3c4bcc8a69c1127d
SHA1 95acaad3987e5b6f659bd6c422939815063cabad
SHA256 24f068b5383b00f6c1844bb44084eb1abab3c1fffc88ef33f41972af1fa4aeb4
SHA512 dde56746326f24b1dca816691c1de750bf0397dd51545b879c85f397f9548748581044185ad5d676967b96d510ba80097d57f087fc9fe58a246dfea42bd0872f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 51998396493142295907a5fa03fcd05c
SHA1 dc54a360d2c7e359b98ae3da2e1385563073ceb8
SHA256 64c69a2a5c532f1cac80799bc767d7f3b772974a9c72c5881d1ec21e93f56f70
SHA512 a4b0c661486b04e12ca986802109bc0ffa6b5b99bf8584b47c2aa5a118c445778faaaddd703988bc4b0aa7578b4bbac589dead2007524c2e4c62b2f8347bdee4

C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json

MD5 24a3f6a6603d36c05353129abae4bed0
SHA1 6a625cc8bc059c5f967a4cca2c15108826d4ce8a
SHA256 8ef59451080a07c9675a4bd35a3755fe3a2bef03ad1f622fdc0602d6ae12e457
SHA512 6d44d169ca957b13304a7f0b2b550ae5392c8bb0f0cad8476da510b523def73e0bf267f0585141d5528950fe86b7fa0348a7f092b20d92213d90b7addb53d940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fc913c2c-3d46-4a37-9172-260e09029ce2.tmp

MD5 926f6c727505d382cc631a70e7217f9d
SHA1 e6976cd9554ba14d6fec21b0acca4555311adbb8
SHA256 c6670082a90fa57adeba5cb6ef4b9a636c094b1f135db8d8ecebaf6b58e25c64
SHA512 5892c6f0638d9dce21e6c55c8381f74919a3faf2b28dfb01ef00d5b618c8b38cd6c8d2518f95a1f1904b679162ef014d36513213ca019a94c5262dde432d4e58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37e3080c4333075bf31d165e67692a66
SHA1 45a7582d03bb93a768ed3470b89363938f2446f0
SHA256 79d3125ed04e3141b7bec7156f03d2af770d2a152e38cfeb9491e54d6f1906a9
SHA512 fa8effd1fb5c613e21951d600c4c657c4717e5e48d0fbfdc52e6c790ea77440e295b38bc9d57a37ae18f13a8951d14fc39b0de5ff716e4d9eed33fb4d91250b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000130

MD5 61d2aac654fe09ec49dda2cdd43ff4ca
SHA1 859a68ec8e7442a312ffb40795da92cb13124aec
SHA256 9fa2e0d54ae431f520f59b3b1b6adf26681e4925c9e9bdc4a1813e290014a29c
SHA512 1b4daf67deaf1edfe59094c326dc8295879794d1f7f1d0d83a279a5e5fdc8498f7b6a918cdf5efd8ee757d4831dea3f62c4311b4d78d692afce21ea903d61730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135

MD5 bd67a61a222902ee40ff29f6e3406e3a
SHA1 46792711a44521b5b076129476e5b017c4d6a127
SHA256 a1117a0c088cf5b800823c02a191853007a73b3179a95f21b40586cfde174b60
SHA512 97469732f31924632047e62806c490a7112c8b60bd8bb445f1c8131415d120c171cea3d09c228873e4e0033b98cf9d91cbbe61bf05dc4e026205e0a3f6a36a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4fe5e84ff7f974ecc3da0139d14b9bce
SHA1 5f787d15340f59c6de98df97aadb1944116ab404
SHA256 b52efb1aa54b5e80dd7a3664294a492c3a310dacf552c186ad1832882b99154b
SHA512 ee624be738c1935d1fc18511fb5e8dd6cc41880e93c0f614c357ae87f6fb6bdd1ffa6c89bb8673e0fdeb06c64cd424cc01bfc9e27a2a1e16a706a92e0f1277cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70a3a53675e97a9e9d7fcf9ef76ac127
SHA1 d17df332493a5821c939e76aa0545bbd6640cccc
SHA256 c4d5c0ccb3303aa1a3c5e408f2db9059f4fc753c453204cd4ba71b9f31f7ada5
SHA512 f2eb0d7954aa702a83677d7e102e426168be8a28265cac656d3e90d074eb72736b2ddd2b0d75c82d645a8429cc75d2fbcc9b08cac2de18c57d9fe1b3d053d2fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1aaa37af56655756a34c778bcf3b42dc
SHA1 7c31f5f602e032c2e1cde9791916aefd3f9ed02d
SHA256 4bc064c8f8b3cdfcad4511440e28465802a7f50c27195d534b0882dd0c2b3aa0
SHA512 a2711eaed4b99cb09ad173a92103fab82e3f7d432b5736fefcc996cb1d4276a70c03c2e7042d070cad842c04b2cd172c425e8392e7c0bcbfa411bf1cc6b9e77d

memory/2196-15862-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15863-0x0000024333720000-0x0000024334720000-memory.dmp

C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json

MD5 d4c055b08e5a720f4505cf8ca0f86ec4
SHA1 56eabf01ee27a5c7122e1fc7d2a051471e9075e9
SHA256 b3d205be1efbbe16c46454b56cfd4ed33ac4a6901c1835f1d473fa9b4bca219d
SHA512 099df20801c9740eaf605d2f2063f6b95a51710f77c8e81990173ab1936dd214de47de05a20c525fc830039c732a5bb06b2b5fc318b3f2a96e52bdd136c8243f

memory/2196-15880-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15900-0x0000024333720000-0x0000024334720000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6852fe39-85b3-43d9-bed0-eb8b9291dc65\index-dir\the-real-index

MD5 c678351269704cd3f78fc389d80963e1
SHA1 844565da08c561168a5d6a9001f30ad695a7c47e
SHA256 f8190f4b071b33e634fb7356b117763252be1886d124ce652538d19abc5b18cc
SHA512 52426382443fbc33ca7de272bbac320557861f055cb016460d6f9b6517c44cc54bd32317ddb29dc20fa4664d15f445d888330d230902ab3167f239d4057a2e84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ba03e68cc1e0b7015a5fc062498f29fa
SHA1 196ba6a8293c1b38bfb16a3d1cc7d16f6f5419d8
SHA256 04e16acc20fb92a55e4502ca5f2056bf78280309c5cb74b7b5e978ed09adb20d
SHA512 a2962bcb96e328427c20eecdaf42843ea6dbfac88d8bc190ca8c7da75045c4ffa5fce9560c34662a6b60595d40b8c9cb64e5c37708c1f979d7af69f4fdeb8695

memory/2196-15948-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15949-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15959-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15960-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15961-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15962-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15963-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15964-0x0000024333720000-0x0000024334720000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cbb40f58e8c622802fb44f252462bd52
SHA1 ca866117d974584ff4973fae441c145e97409c41
SHA256 679ab38d57ad91711218554a482edd508c0a803cb1cdf6fda687b3b332b1bf67
SHA512 667b113d9ce704cce20b3cf7d991db5da7bdd84463992bfdc58c97aa7b4d249d8c5d5b6f9331b76ef163a79be83443c8da611da49815499a8ed507e560952b4d

memory/2196-15985-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15986-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15987-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15988-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15989-0x0000024333720000-0x0000024334720000-memory.dmp

memory/2196-15991-0x0000024333720000-0x0000024334720000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff9a03f1c1e66d311897713e775dcead
SHA1 0b3f9d0beac6dabcb14353f00e2901a8aa9624e2
SHA256 fb374e7c6a1b502d7154a1bd190a769aeb29b90840c09e3a834125fdd771bdd5
SHA512 ac203846508dc72b08dbe74558d0ad48f54b6913e639861dfcf7e727404d98d4b7e2795fb29b78ff1e748afdb9fd67731fcb8c0e0bada13f2d157c9439ea9104

C:\Program Files (x86)\Steam\version.dll

MD5 7e92b09ee4fe34c50415140a0c1130ab
SHA1 638669c749cd493c4407e8c674ecff60a317da80
SHA256 2665a951793eac577c89d9115aff15b3c69f87af4da15a93a81200c890a4cd00
SHA512 26d7b8039c579fb1f83102afbf2ad82c95a4d957fef45a134428d6df55c9df576541627e061f0bd6cb280075be8d7c0c1aab2945ab42fe76590f41f59e5cd367

C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json

MD5 a3bbeddf50b71ac919c8a0b0c6b4ae07
SHA1 2d7a144728be7e3947c7b54640583682384d5055
SHA256 f3795f3f6049b8966760479b1b2abc6fd895b2bb91fb5e7df6028bf17ebca021
SHA512 27397fe58cd816a5c5dc52c11dd24f4fae7cf5e0c4da1fee6a7ae4549581ad4c8ef63607e04cf74db2765fabdf659b879bfe38fcd210dd8417dcedc950b26475

C:\Program Files (x86)\Steam\Koaloader.config.json

MD5 3216bf75d8748e0632462d5b29d2b3b8
SHA1 827575a7afc62c988fc0ec81521bea07b65b4715
SHA256 485549f36767167fae934f7c82701ef3c42d4aed2a6debaf3c89288c346c6859
SHA512 afd2f776c167df7e78c15ec5e52de542ead31fa8ef637283bb604a9494f08dbac69c0ded4c2007d7fc01b9a1cba73877663be5d6bfce6d121e0015fad2fee364

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad2a7a82b4f76c36c4455a8b8d2e5b81
SHA1 ea6c64a0ac37401606f9539cf83a4649a7ed8ac8
SHA256 b3375cf1b925bb363544aaa7cac4010a2b0196049bd58386cfe265383a4f363a
SHA512 5d2bd860043e51f50a4926e452c73561f6dba9bd0790459a49d8969e4b7dec55024216eda1caa3d4fcd895e5e3e0021b377256a12cb2bc649f7b4733bbf72b8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9768ddf8dd2b5cd0bd6f7f2d54043614
SHA1 7023afad3b920efac070177b053ce7bb778cd050
SHA256 93d089ba86bfca90b2c5e1981888260f5e827da4c1472b0c26a75b84069cd5f7
SHA512 f6e619d794a24d559bfdc124f3579510fed4398e297fbe8e16ad163fdcb0f8887d2d97341c793be1d266c41c455c45042db139dc21479f92ac3435271b7caa95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26053d5f7eed2e6a4f0677f4990f9066
SHA1 a3d01ca5de9712fab81c10e749a480b0f6da9e1b
SHA256 9226b45821ae547ad70e87788456b65d2b9255220c467a7bacfe424198e01786
SHA512 1bc05e843311ea005af9262d9c520a4d101c2431bc246c9fd7108650928184dc569efa9d467eef5a10d0402af273fad9f7197af601e548712ecf89d72d03225f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 2d4168be5de0ba896ce1ccbbadf19914
SHA1 e0996f57811f38b7a61bc6cba49f9b5e24b2ac40
SHA256 04ec4bd03f377152feec2db5d8b7af692f420bc86676a1d595c54f739efa90ab
SHA512 4ce3bc237017c63df5d6f5ffcc6a02cef8c9178446c59f46ad1014ee2fc716376777b956d81fbeaf8ccbb484fed45ea8ec51c6811ecdd4361ef9f8ecebfa3e6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 4bdf73f60c4edec9d15cb6502882d71f
SHA1 19ed46d6296dc470b30f09ab32bd7200ed1dcf4b
SHA256 068e4f1de17cf863ef036ebbb4232da0db9c1bf44f8fb28de72baeae32128154
SHA512 f537de4c4211a24091af5fe438ddd99c66d71bba5e6f8f44c28488da02798f7f95b73eada3c45a534132b8009288fc12350df896ea88e9c91ef8b0017834c34e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6ffa4f74d76ddfb3bb9821f92bd51ca7
SHA1 66308d3c976fa19bd2dca343c542ca539b5c2ab2
SHA256 b2286690e0d280e37d4a95a914275d03afcd50a689960b5d6524923c3ba07da7
SHA512 56e26818aeade629d0e1a1607d4bd76a8e027b953185a99f7349c33009441e28cf373752d5f144164ba5e43b85c0218594cf1f24db8c9e5f033f01e785bff8cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4deb8b7da6954fc56a1697766057cf1b
SHA1 e9a3bbf84d9aa62b59d858e9b121f603215c4423
SHA256 5c15e1f3d7de2807a4c44299059fd0303b41ecf9ecc48054a959de95c90e9f6f
SHA512 8a56465d9111e8205b714de81901ee426eea51cfe2133359c6ebd8c28a47569a14a3f28e6a1469198d13de4cc2aba505ea62b694b8f6ef091017d50935e205e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dd6d7204854d1f8991fc4a7aac9d36fd
SHA1 a403f813e3adf819f3ca097cf59f716dc3bb55f4
SHA256 b9567e12050d8fd4ad1396b1536d1ea2396364c79d691fee114f7cf267be0a36
SHA512 63aa4a88f1af6dbf3e2e938d17f7b142a9e39b9e057b89fb981740b47e812eb1236fb794e9344c6cdf44de9c9bb7941edf4fe3bc127cb8b41f6ed35de834df30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e956cacf0d3fafb1355672c956ab76b4
SHA1 efc068722c41f84f1865a6d2856e642d77d8f478
SHA256 c30fa611e266e856927d48c75ead63dda59eed1a6792260517827977704a1589
SHA512 17e2b1660701b4671b8e8c83aa6e933076249b7c0ade1b255d44a49be2cad27671fea86453232b819702986738a07ffdf20d9239259c2bb032658e7cc7f3897f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc187cb25b5cfebc57d52e01703141ee
SHA1 e8a2a1c9aba9352c0aff4b44548c29a6f1c01d79
SHA256 de5ea0505a3f3b9757cd5db9f51d6981ffecd257fd9f8760211d791c2c2ed8db
SHA512 db409c360d9351506cea98b42a27ff2fc3f0f597e2568fb1d3b77592db2638c42a82bab900cd26c209dbd1208ffce793d391c86caa62d4297400ff61f18002c9