Analysis Overview
Threat Level: Likely malicious
The file https://drive.google.com/drive/folders/1SA9-T341C3nJ4RB4Up-f-mkAPO9Wkkad?usp=drive_link was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Adds Run key to start application
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Detected potential entity reuse from brand STEAM.
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies data under HKEY_USERS
Modifies registry class
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
NTFS ADS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 19:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 19:36
Reported
2024-11-08 19:56
Platform
win10v2004-20241007-en
Max time kernel
1200s
Max time network
1197s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Program Files\Koalageddon\Koalageddon.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Detected potential entity reuse from brand STEAM.
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_5.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_button_select.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_neptune_gamepad_mouse_gyro.vdf_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\libavformat-61.dll_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_down_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0210.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0320.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0150.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0302.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_l2.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad_right_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_down_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p2.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\friends\BlockCommunicationWarningDialog.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\GameOverlayRenderer.dll_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\bin\SteamService.exe | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\chunk~1a96cdf59.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_schinese.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_ring.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rb_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_ring_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_left_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PayPal_Success.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_touch_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_right_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files\Koalageddon\app\tinylog-impl-2.6.0-8726c27d582d10eb1d365cdeb0c5524.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0324.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\GuestPassRedeemed.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_110_social_0308.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_left_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_b_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_click.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\ru.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0402.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_r3_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_100_target_0120.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steamui_czech.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\overlay_schinese.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_x_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_r2_soft_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_portuguese.html_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_down_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_button_logo.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\btnStdTopLeft.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_french.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_czech.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_x_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r1.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_soft_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0130.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\overlay_brazilian.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_ring_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5a40f4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a40f2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a40f2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI450A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI418E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{C71B00F0-5060-3665-A444-1BFFD31FA5F7} | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\gldriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d4141155d34ac580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d4141150000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d414115000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d414115000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d41411500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Koalageddon\Koalageddon.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Koalageddon\Koalageddon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Version = "33554433" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductIcon = "C:\\Windows\\Installer\\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\\JpARPPRODUCTICON" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\PackageCode = "EFEAD4423A6F1324DB76D9F43705B59D" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductName = "Koalageddon" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F\DefaultFeature | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\PackageName = "wwwwwwwwwwwww.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4\0F00B17C060556634A44B1FF3DF15A7F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 46726.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 19679.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 573135.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files\Koalageddon\Koalageddon.exe | N/A |
| N/A | N/A | C:\Program Files\Koalageddon\Koalageddon.exe | N/A |
| N/A | N/A | C:\Program Files\Koalageddon\Koalageddon.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1SA9-T341C3nJ4RB4Up-f-mkAPO9Wkkad?usp=drive_link
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02b446f8,0x7ffc02b44708,0x7ffc02b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6852 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\wwwwwwwwwwwww.msi"
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\wwwwwwwwwwwww.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B81E83D6AA788AA1FAFB187122AB010D C
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 8CD75D3A53FB778628D8EBE43610A544 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5952" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x26c,0x270,0x274,0x268,0x278,0x7ffbeee1af00,0x7ffbeee1af0c,0x7ffbeee1af18
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1588,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1592 --mojo-platform-channel-handle=1580 /prefetch:2
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2300,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2304 --mojo-platform-channel-handle=2296 /prefetch:3
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x504
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2828,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2832 --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,2700939852319932998,9301361085970186429,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3104 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 915A3A2E6F9625435DC49A3B5EF8FC4B
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files\Koalageddon\Koalageddon.exe
"C:\Program Files\Koalageddon\Koalageddon.exe"
C:\Program Files\Koalageddon\Koalageddon.exe
"C:\Program Files\Koalageddon\Koalageddon.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,653141575639932511,15825737422585949257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | drive-thirdparty.googleusercontent.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.1:443 | drive-thirdparty.googleusercontent.com | tcp |
| GB | 216.58.213.1:443 | drive-thirdparty.googleusercontent.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | drivefrontend-pa.clients6.google.com | udp |
| GB | 142.250.178.10:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.178.10:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.178.10:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.178.10:443 | drivefrontend-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | ogs.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.213.1:443 | drive-thirdparty.googleusercontent.com | udp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| GB | 142.250.200.10:443 | people-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| US | 8.8.8.8:53 | contacts.google.com | udp |
| GB | 216.58.201.110:443 | contacts.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | udp |
| GB | 142.250.178.14:443 | ogs.google.com | udp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.194:443 | th.bing.com | tcp |
| GB | 92.123.128.175:443 | r.bing.com | tcp |
| GB | 92.123.128.175:443 | r.bing.com | tcp |
| GB | 92.123.128.194:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 194.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 151.101.3.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.205.23.2.in-addr.arpa | udp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | accounts.google.co.uk | udp |
| NL | 142.251.18.94:443 | accounts.google.co.uk | tcp |
| US | 8.8.8.8:53 | accounts.google.pl | udp |
| NL | 142.251.18.94:443 | accounts.google.pl | tcp |
| US | 8.8.8.8:53 | 94.18.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| US | 8.8.8.8:53 | clients6.google.com | udp |
| GB | 142.250.187.238:443 | clients6.google.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | udp |
| GB | 142.250.178.10:443 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.238:443 | clients6.google.com | udp |
| GB | 142.250.187.238:443 | clients6.google.com | udp |
| GB | 142.250.178.10:443 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | ogads-pa.clients6.google.com | tcp |
| GB | 216.58.201.106:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.clients6.google.com | udp |
| GB | 216.58.201.106:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | addons-pa.clients6.google.com | tcp |
| GB | 142.250.180.10:443 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | udp |
| GB | 216.58.201.110:443 | lh3.google.com | udp |
| GB | 172.217.169.78:443 | docs.google.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.178.14:443 | ogs.google.com | udp |
| GB | 172.217.169.78:443 | docs.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| GB | 172.217.169.78:443 | docs.google.com | udp |
| GB | 172.217.16.225:443 | drive.usercontent.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| GB | 2.19.117.21:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | 21.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.124.170.33:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 33.170.124.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ext2-syd1.steamserver.net | udp |
| US | 8.8.8.8:53 | ext1-syd1.steamserver.net | udp |
| AU | 103.10.125.156:27029 | ext2-syd1.steamserver.net | tcp |
| AU | 103.10.125.148:27035 | ext1-syd1.steamserver.net | tcp |
| AU | 103.10.125.148:443 | ext1-syd1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-lax1.steamserver.net | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 162.254.195.69:443 | cmp1-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| US | 8.8.8.8:53 | 156.125.10.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.195.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.125.10.103.in-addr.arpa | udp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| US | 162.254.195.69:27018 | cmp1-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-lax1.steamserver.net | udp |
| US | 162.254.195.75:27018 | cmp2-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-sea1.steamserver.net | udp |
| US | 205.196.6.132:443 | cmp1-sea1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-dfw1.steamserver.net | udp |
| US | 155.133.253.52:443 | cmp2-dfw1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 75.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.195.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.6.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.253.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e5.o.lencr.org | tcp |
| US | 205.196.6.132:27018 | cmp1-sea1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-sea1.steamserver.net | udp |
| US | 8.8.8.8:53 | cmp1-atl3.steamserver.net | udp |
| US | 205.196.6.133:27018 | cmp2-sea1.steamserver.net | tcp |
| US | 162.254.199.165:443 | cmp1-atl3.steamserver.net | tcp |
| US | 205.196.6.133:443 | cmp2-sea1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 133.6.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.199.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-sea1.discovery.steamserver.net | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| N/A | 127.0.0.1:57957 | tcp | |
| N/A | 127.0.0.1:57956 | tcp | |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| GB | 92.123.128.176:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 176.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.193:443 | r.bing.com | tcp |
| GB | 92.123.128.193:443 | r.bing.com | tcp |
| GB | 92.123.128.183:443 | th.bing.com | tcp |
| GB | 92.123.128.183:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.17:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 193.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 20.42.65.93:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | clients6.google.com | udp |
| GB | 142.250.179.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.178.10:443 | signaler-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | signaler-pa.googleapis.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| NL | 142.251.18.94:443 | accounts.google.pl | udp |
| NL | 142.251.18.94:443 | accounts.google.pl | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 216.58.201.110:443 | lh3.google.com | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| GB | 172.217.169.78:443 | lh3.google.com | udp |
| GB | 142.250.187.238:443 | clients6.google.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.clients6.google.com | udp |
| GB | 172.217.169.42:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | signaler-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | ogs.google.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.clients6.google.com | udp |
| GB | 172.217.169.42:443 | waa-pa.clients6.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | peoplestack-pa.clients6.google.com | udp |
| GB | 216.58.212.234:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 216.58.212.234:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 216.58.201.106:443 | peoplestack-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 216.58.201.106:443 | peoplestack-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | espresso-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | scone-pa.clients6.google.com | udp |
| GB | 142.250.178.10:443 | scone-pa.clients6.google.com | tcp |
| GB | 142.250.180.10:443 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6ney.googlevideo.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 173.194.183.169:443 | rr4---sn-aigl6ney.googlevideo.com | tcp |
| GB | 173.194.183.169:443 | rr4---sn-aigl6ney.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.183.194.173.in-addr.arpa | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nsr.googlevideo.com | udp |
| GB | 74.125.105.134:443 | rr1---sn-aigl6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | 134.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr1---sn-5hneknee.googlevideo.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | udp |
| GB | 173.194.183.169:443 | rr4---sn-aigl6ney.googlevideo.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.179.238:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 142.250.187.206:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| GB | 74.125.105.134:443 | rr1---sn-aigl6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | clients6.google.com | udp |
| GB | 142.250.178.14:443 | clients6.google.com | udp |
| US | 8.8.8.8:53 | drivefrontend-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | drivefrontend-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 74.125.105.134:443 | rr1---sn-aigl6nsr.googlevideo.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | updates.dorkbox.com | udp |
| DE | 130.180.80.214:80 | updates.dorkbox.com | tcp |
| US | 8.8.8.8:53 | 214.80.180.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 142.250.200.10:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 216.58.201.106:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.180.10:443 | waa-pa.clients6.google.com | udp |
| GB | 216.58.201.106:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 216.58.201.106:443 | signaler-pa.clients6.google.com | udp |
| GB | 216.58.201.106:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| GB | 216.58.201.106:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.187.202:443 | waa-pa.clients6.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_1260_ICECROVXGJDRNQZQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2061e1c7b42ff3ea2a43903345690ef6 |
| SHA1 | 5f26c5c653040c29886c32123ef3c0b8d9be9d82 |
| SHA256 | b32a45f9d09f1b6cb078125cb9d6bc859594e21051c7f13094abba25ddf25601 |
| SHA512 | 640f1d37be18ff7a48c8fcce146217d856a030ca00077ac42aca6837265d3276ff5f7e297728df5ea5a591f72fcd511e1d3d84051fbe9057098ace97493aa92e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e8bea2b581f5a7f68a67cca359538ff5 |
| SHA1 | bf00ce1a2e28726d6ad736e56e3e99dae3dc60e7 |
| SHA256 | f92e613a1028ecc5eae19cf808475e6044cae9b601c0fddd65f6fd462ca27909 |
| SHA512 | cff9c232c0c392f2d43206837ea53194778c500f2f37589c65d852cca727a35336e4626c0f92fa9d9b44cfcc8deb8d1ba27cc5a8a8631ef710cf5544ed071abd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47fd40b728e4b25b267c78d78eeb7443 |
| SHA1 | 429937f0ac26834862b58afd768d007eb26d701c |
| SHA256 | 0173a3408e600f09d09e5b72200c2daa33a0f128b32d9a20df5f90b6e1e55fcc |
| SHA512 | ea507998c8b0394608a63d7bc8bdc9e3ec90bb038a9a20e4ebedd4ea3006982092c33b6776f0abc6ae330791b9d88e54b07a8881d2fea48db263f49d8a77c029 |
C:\Users\Admin\Downloads\Unconfirmed 46726.crdownload
| MD5 | cbc8b390e065c29572494901b151989e |
| SHA1 | 238243867b2f2daf54ac0dd5f3b68f9d99f8abaf |
| SHA256 | ca1fa9a7609ab10b7926400559cf073e5888423cc156af72c6027d72a89eea73 |
| SHA512 | e8deb190d9b00d9931f480754cd46b0fa16c4080bf12c25d024ee2c14e75e27a7ed9f9b357a456037c9123537910d5186b7361f359d44a25b175f55bfb9affa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7df81dfd795d863ec1e8b918f5224d31 |
| SHA1 | 8b4e7cffc4746d6dbe4ee2da9a71f7a27e59c5ab |
| SHA256 | 724c739118e02df5461a4681b4c01685e40e12434477380634a67dbb5c958786 |
| SHA512 | c708532a3507fc332c4b1911132cb99659e290b74d2ba18b2e7fd7b3c7ba6093cb458030e94d0fd3d0557104443dcc4e885103ed2e81442a6216476be9ac90a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e109.TMP
| MD5 | ea80798a4e08e815867acf46e926a4bb |
| SHA1 | c36aac50c2e128ef828227867a232f47d7fe1fd9 |
| SHA256 | 231b7b055f667f9dbe28edc02f30041ef6e3bd36cec6f7d4edf22fbc2500755a |
| SHA512 | a14d31f654c80b19dc2c414949abddf0b233f8d3ff03eae7bf025aa969db12c5b7fd8034e97f0ad190b5fbf683e15ec249ddcd02afc47fe28098302e4f46c8a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de831404997ab8230ef5f83ebfd40cbb |
| SHA1 | 66d642f44e1308c2987d9a6952eb683f2a543b8a |
| SHA256 | 2dd6e320bd360726875ecb7227eeead02afae3b76f78412a5d11e623d9c95ad4 |
| SHA512 | e1471c7479b9c673ad99a5b6ac1313c2a269de23e0f58134a2611eaa4f0340ff52d45c9cd7a7d528c23f0dde2642446f7290b1454c563cc7eebaa0aa38381cef |
C:\Users\Admin\Downloads\Unconfirmed 19679.crdownload
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | f61f0d4d0f968d5bba39a84c76277e1a |
| SHA1 | aa3693ea140eca418b4b2a30f6a68f6f43b4beb2 |
| SHA256 | 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc |
| SHA512 | 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e560fd17f48c6d0f68c9d8d48fca5581 |
| SHA1 | f2778270e9ac8f27d9fd5f583bab6dcc64365fae |
| SHA256 | 84daf64e28d9092e471419f82c41591232c0cbe5ad93f51e10f5b19ded8bb7a4 |
| SHA512 | 5488e03f148a6467deba326d6f15063de92a3f8667f16b6006567ea68cbe6f74794abe6fb220beae0efa0e3ac7dcd614acc69bb497af3b2a82be2214cf5e6b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4fd394b7f06bfad32de478753dbebaee |
| SHA1 | 97205938adb2f685051f36509d49ffb280fb6ed4 |
| SHA256 | 3299d62d616c03d35972e09676aae26e2bd6a49ecc45d88aed574802b1d51cd4 |
| SHA512 | 8ae4dfec2b22de48ab5ddb02501dc26f5450309ab57230f253cb13fc577596a931828fa448f585b9d467fec37b7ebbaed6026bd836f94047c134640b98b63ac6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 203cd4a74dbee7c9421112ceab313a9f |
| SHA1 | d34acfbe58a00e7ea94c6930da95caf62da7d329 |
| SHA256 | 548c39fe53e02167ad4cc729f3c7f9fa6b56f54993d9a968a200b3212317f84a |
| SHA512 | 4380cbfd9fe97868a04e67b124b3723adf26df9aaaa5cf7f8deacc635091e84ed0729d22ef2fdc43b1d26107200ee688bbe3e9b69832b0cdb9e987de8e70c25a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ad65035483c1749e72c597ab18b2786 |
| SHA1 | 95213c0e1f967c5e2faced90189de84e5be8fbd7 |
| SHA256 | d88d8289b334530eea7bb1d9118e998fe9b54ec1ed03fe433782b78d6ccbf00a |
| SHA512 | 83d1fa43a81b81ed483aaa3001aaac2b33553e39304cc2ef80b26777bd71b6432267b9cfb9fd12794198d281aebd6e8ad4aef3fad5ea272f93144adef857b330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 80b2d6dc17f365342a447aa431c78e19 |
| SHA1 | 459a6fdbb7c98252933bc0dd27956417f4f91c67 |
| SHA256 | b9129985bfb98b4175b841e7e471577b7578954f365bc8758996ded553b20415 |
| SHA512 | d0e4495cf204f39b49527cc9f15f0983cd05ef3186f61da278fc1ebfe1d8123c0cd2c1b8ee64f2589ab8af440b030f12255c280b6b9a185b1514d6a97a32cd67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b402c745c8ca2381b5d5eea4752e0227 |
| SHA1 | e72c26f536e283b1ab1f863424d34ead27fb7c58 |
| SHA256 | 44ac595890c0fc15d9cf601f0a6a1fe57568f75f33d72e61c41b95106ed491ad |
| SHA512 | 7dfdbd010f737a2f95e1ae4f3baacc02f14ab9b78e13809c518bab15ad739076e79b05731c2af846e730b0be805f1e77a8cd47920c93a29650787a38973c7312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089
| MD5 | 510ffcbffd047369f46c632c43be30f0 |
| SHA1 | 671a1c05a49a4ba418c3ccc8dedb4f1c3f099e0d |
| SHA256 | ed9ea8779eb1a8f90b06b0718b9e80858d8f86089e95e58602cebef0ee0caf2f |
| SHA512 | 6d8e04354fe17c17863e1820c38c49f5846dcb9b1fd973cac0018944550ea1bc97063e8cd8b029c14e33596565d20c8e40070ead9386d2d6d151d58900cc3879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8fec703e21d39bfdf675da4c85cdede8 |
| SHA1 | 2dfb9f2504f604637611cdab3160ac7f2ca8a96d |
| SHA256 | f6d8ff80054e38a0ce16d7b34480955d79f4442fdd48efbad402b5d23e255c57 |
| SHA512 | 81bb8ede8000e503bf15fbbc847470b49c2c7bfe9bc636c9f21873ed47c9ea2e62eaeec7b3bf525d97991fa922158e79f3b621a28b560eff7d518ec45102a17b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9ab28e18dab4e45f4837d328b34c3379 |
| SHA1 | 9e4e498ab6bd03a5f2f22477d8d0a1b72ae25c03 |
| SHA256 | 19bedc4bae7c95266579275f940a4b5f659f4b67e1c1483b6108ae750e0ab70f |
| SHA512 | b945d57d57e8c4d0a5b4f8d413b8ba9d439a5f49af8434ba058bc9b2eee7b8c627fe1f5dff9cd5151b8342b6d15c93234a97af21f6d74eeb358bca92138dd048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
| MD5 | 98eaf699f517ff88bb2f595bddb2c5d8 |
| SHA1 | eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca |
| SHA256 | 7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582 |
| SHA512 | 7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fe74c93c4742afb250c25333d4a898cc |
| SHA1 | ba573b0d68472f3a28db8b9736af68adb74a5c99 |
| SHA256 | 0466b35d3cd262b82545d277fbd89c3cbc9d315d6b35ac797b92a8d559d149ff |
| SHA512 | 517df22d15726f4a74b723a826cdc4b0f581887ae492e003aa3871deb756c3097f9957e5b4335ae89e1d4d71ae0920ab5d3e7d3bd3d456c98d53ebe6f0e591c9 |
C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\System.dll
| MD5 | a36fbe922ffac9cd85a845d7a813f391 |
| SHA1 | f656a613a723cc1b449034d73551b4fcdf0dcf1a |
| SHA256 | fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0 |
| SHA512 | 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b |
C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Program Files (x86)\Steam\bin\SteamService.exe
| MD5 | ba0ea9249da4ab8f62432617489ae5a6 |
| SHA1 | d8873c5dcb6e128c39cf0c423b502821343659a7 |
| SHA256 | ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d |
| SHA512 | 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b |
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
| MD5 | 4c81277a127e3d65fb5065f518ffe9c2 |
| SHA1 | 253264b9b56e5bac0714d5be6cade09ae74c2a3a |
| SHA256 | 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9 |
| SHA512 | be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a |
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
| MD5 | 0340d1a0bbdb8f3017d2326f4e351e0a |
| SHA1 | 90d078e9f732794db5b0ffeb781a1f2ed2966139 |
| SHA256 | 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544 |
| SHA512 | 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93 |
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
| MD5 | 10c429eb58b4274af6b6ef08f376d46c |
| SHA1 | af1e049ddb9f875c609b0f9a38651fc1867b50d3 |
| SHA256 | a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13 |
| SHA512 | d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46 |
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt
| MD5 | 6367f43ea3780c4ee166454f5936b1a8 |
| SHA1 | 027a2c24c8320458c49cd78053f586cb4d94ee6f |
| SHA256 | f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998 |
| SHA512 | 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32 |
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
| MD5 | eb8926608c5933f05a3f0090e551b15d |
| SHA1 | a1012904d440c0e74dad336eac8793ac110f78f8 |
| SHA256 | 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04 |
| SHA512 | 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a |
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
| MD5 | 9b0b0e82f753cc115d87c7199885ad1b |
| SHA1 | 5743a4ab58684c1f154f84895d87f000b4e98021 |
| SHA256 | 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32 |
| SHA512 | b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df |
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
| MD5 | 58e0fcbee3cca4ef61b97928cfe89535 |
| SHA1 | 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b |
| SHA256 | c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425 |
| SHA512 | 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
| MD5 | 7913f3f33839e3af9e10455df69866c2 |
| SHA1 | 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25 |
| SHA256 | 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c |
| SHA512 | 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804 |
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
| MD5 | 202b825d0ef72096b82db255c4e747fa |
| SHA1 | 3a3265e5bbaa1d1b774195a3858f29cea75c9e75 |
| SHA256 | 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314 |
| SHA512 | e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566 |
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
| MD5 | 7e1d15fc9ba66a868c5c6cb1c2822f83 |
| SHA1 | bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7 |
| SHA256 | fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265 |
| SHA512 | 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406 |
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
| MD5 | 8958371646901eac40807eeb2f346382 |
| SHA1 | 55fb07b48a3e354f7556d7edb75144635a850903 |
| SHA256 | b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585 |
| SHA512 | 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554 |
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt
| MD5 | 1514d082b672b372cdfb8dd85c3437f1 |
| SHA1 | 336a01192edb76ae6501d6974b3b6f0c05ea223a |
| SHA256 | 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4 |
| SHA512 | 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55 |
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
| MD5 | 18aaaf5ffcdd21b1b34291e812d83063 |
| SHA1 | aa9c7ae8d51e947582db493f0fd1d9941880429f |
| SHA256 | 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5 |
| SHA512 | 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154 |
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
| MD5 | 189ba063d1481528cbd6e0c4afc3abaa |
| SHA1 | 40bdd169fcc59928c69eea74fd7e057096b33092 |
| SHA256 | c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695 |
| SHA512 | ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903 |
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
| MD5 | 5c026fd6072a7c5cf31c75818cddedec |
| SHA1 | 341aa1df1d034e6f0a7dff88d37c9f11a716cae6 |
| SHA256 | 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382 |
| SHA512 | f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12 |
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
| MD5 | 9e62fc923c65bfc3f40aaf6ec4fd1010 |
| SHA1 | 8f76faff18bd64696683c2a7a04d16aac1ef7e61 |
| SHA256 | 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7 |
| SHA512 | c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035 |
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
| MD5 | da6cd2483ad8a21e8356e63d036df55b |
| SHA1 | 0e808a400facec559e6fbab960a7bdfaab4c6b04 |
| SHA256 | ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6 |
| SHA512 | 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925 |
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
| MD5 | 31a29061e51e245f74bb26d103c666ad |
| SHA1 | 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc |
| SHA256 | 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192 |
| SHA512 | f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8 |
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
| MD5 | 03b664bd98485425c21cdf83bc358703 |
| SHA1 | 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb |
| SHA256 | fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115 |
| SHA512 | 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d |
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
| MD5 | 2158881817b9163bf0fd4724d549aed4 |
| SHA1 | c500f2e8f47a11129114ee4f19524aee8fecc502 |
| SHA256 | 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7 |
| SHA512 | f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28 |
C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nsoC0DC.tmp\StdUtils.dll
| MD5 | db11ab4828b429a987e7682e495c1810 |
| SHA1 | 29c2c2069c4975c90789dc6d3677b4b650196561 |
| SHA256 | c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376 |
| SHA512 | 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e08dc07ab2db16f9b03957fb6f015e6 |
| SHA1 | d14fae26b0dad4c18911c1a61cf7d2225f867e40 |
| SHA256 | 61b566559037c9d161169914afbe47d8d1fecf9d0e6d417744863c3ffb416d0b |
| SHA512 | 145b570b70e6538df8cfcdc70585c0bc09db883804214db699320de13175a0f06ba818f9ae065c3b77958cf89448c32cadcbf1bd0de700c6751ba59bdae8b1fd |
memory/5640-1083-0x0000020789A40000-0x0000020789A50000-memory.dmp
memory/5640-1099-0x0000020789B40000-0x0000020789B50000-memory.dmp
memory/5640-1115-0x0000020791E90000-0x0000020791E91000-memory.dmp
memory/5640-1117-0x0000020791EC0000-0x0000020791EC1000-memory.dmp
memory/5640-1118-0x0000020791EC0000-0x0000020791EC1000-memory.dmp
memory/5640-1119-0x0000020791FD0000-0x0000020791FD1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e848fcb3790e87d91bf6b5c851b2133 |
| SHA1 | 68ad4bc027478c948b1af89f00fc6b8cd8bf8a57 |
| SHA256 | 70a239d9b70db34b69f79e1f0da2b2550d341f8c2be55c62a8dd92a3f16489ee |
| SHA512 | d87cee8926a42817d067c7dd3ca0c25cd0fbd12947f4f0b391e5b38ac7973e80407a5228ad0a74220a6f033b25cfafd982f9d7980291a1f1bb85bf51cf8307ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87e08956e0e9e7758ba4a6ca7445337d |
| SHA1 | e6708cf99093d5086bd647ec760440e9dda3db02 |
| SHA256 | 7752f8ab0fd75f14c6675591aad05facbf142416e08ec976d0e297e8f63451c2 |
| SHA512 | 34d5af7ccc99d9ce124e201582ee7f5a40a2757ae39087674c43a01e684106c84cf84a1ec2733acdcf2d60d9e2bcd77c00bcf0ac4c13d0b5612972d0e311e131 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ddd6c451492823ff598bc06bb78a6350 |
| SHA1 | 6d7e8534c9a85684e482d68adfb4aab284709988 |
| SHA256 | 0b3d9e7f4b7772e746cf2a546652856f52973d927aa31967b404809738dd8e33 |
| SHA512 | 41587fd5a60954dd492046b28042c8347994f787dd5f1d749a1b2f2e369ca1377259107547352c14a2edf3067a2774f93c5eb049a3385d13072d4c8920a6fe61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b5a9110f6e6dd6ce01c623339af8ec4f |
| SHA1 | 2d5d856e0096c06af9d951cc76e12bb6efaac253 |
| SHA256 | b0e037f367e1f34011467cab22d9c52ae07833fea424d1e187a6a1c7de0798f5 |
| SHA512 | ff260eb05187727820bd426db4fa921c1d302833b50e76b41ec45cc405c4c62756afd7ef349430fd20783345d58e1a6593023c3ebadda7d4335da932c0d03ec6 |
C:\Users\Admin\Downloads\Unconfirmed 573135.crdownload
| MD5 | 155295f8dbaae190dd34adadecfb302e |
| SHA1 | c720229eb480dadd40649a2447b3e618a83d568c |
| SHA256 | 793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8 |
| SHA512 | cd6d4405bf387faa538426a2cfefdecd4c7f3a649f4cfce1eab85cea22a345f304525d222a48785528b7e19f83b76a536a1895e3f32ea8153d93ddae29850dd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6068d4cc1e28d2f59e02e3ff0764c3a4 |
| SHA1 | dedb2b203d9ce12f0015bcdcb8813dadeba2522b |
| SHA256 | 188acb8c48d9492ce9a120235b8fcb4a50fa4165d8aeaf1dc759f75488cc8521 |
| SHA512 | 9d88f7ad8ef4aef714d03fd81f42733427f002ab38d4d1083afef7b719d753b9969a4c64b0c97cd8018351ce7404dd18ba5fb06e8afe3a61074d5b0cd8c1ae53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 717719d74a306d9058260361e08de898 |
| SHA1 | 7cbf9921bc8d6dabb1da7815118db7152d2423fb |
| SHA256 | eb74552f0f91df9dcd6c39e1cd065531760c82630ab4a70170dad8768ca94e11 |
| SHA512 | 4e1fcbd143febc7d1a8241d5eff6ee7d02b0ebf2e8c57b6be80e49dd927fa3fa90fbc0cce111d9888288e4ed01d2de6f1ce94a782c07dca75c6cb7c0aa752dc1 |
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d283916b2cb01fb27567b66e111c63a |
| SHA1 | 8a88ac4a85c02b217484c34276fc80e0bba15a92 |
| SHA256 | 00007c18c23ccbe408a44be42586439600998e612c694cea714721c35a6c6ccd |
| SHA512 | aa06f056fd7f7d025302146f88c19318572390d5c8182ea74e5a4df2a99b420a2ae2ca1d35d7ff49dc7cd828f77196140043f3767172abba015d08ea0781483e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 44c2ee8886c7204d5cf0fba3faec33a6 |
| SHA1 | c75b5cbc0512ffed4189ac132185c3f0698afe1c |
| SHA256 | 6ec85acb904715237e16882647dea69682df6c782a2fb8807dc6431229da0022 |
| SHA512 | 44e0170b5e7b452cbcc5b43f9e13068c694b31a78654b9b1874ae3fdea455185eddabbf515aee4e01450d7ceb7dbe56146497c8e3f76f4b4c5ab3cd598c4e6a0 |
memory/1804-13411-0x0000000000590000-0x0000000000A42000-memory.dmp
memory/4652-13447-0x00007FFC0EFB0000-0x00007FFC0EFB1000-memory.dmp
memory/4652-13446-0x00007FFC0FD90000-0x00007FFC0FD91000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 6e6a2b18264504cc084caa3ad0bfc6ae |
| SHA1 | b177d719bd3c1bc547d5c97937a584b8b7d57196 |
| SHA256 | f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53 |
| SHA512 | 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679 |
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a3961.TMP
| MD5 | 3cdebc58a05cdd75f14e64fb0d971370 |
| SHA1 | edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe |
| SHA256 | 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7 |
| SHA512 | 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a2ec2e91c3ef8c42e22c4887d032b333 |
| SHA1 | e2c738a2e9400535b74e2263c7e7d1ecefe575f2 |
| SHA256 | 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3 |
| SHA512 | b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b665a16cd63d1dff3c5c5390f16d30e |
| SHA1 | 6c0c09b8f042abc9e70d75924f3d430d43cf7b64 |
| SHA256 | afb1ca5e1fcbb3de8cc25181f52fbf0d21b4589a0f162a8485eae7057cbfb88b |
| SHA512 | 85902ad983e0d6d814776c13a1fe93f9ac0ae8aa457f5242c33fdfcd402ba8dfaf2972485c0e6a4476d131fcdec228de8c2d790827a50191c6c9f88ae949fc47 |
C:\Program Files\Koalageddon\runtime\legal\java.prefs\LICENSE
| MD5 | 16989bab922811e28b64ac30449a5d05 |
| SHA1 | 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a |
| SHA256 | 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192 |
| SHA512 | 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608 |
C:\Program Files\Koalageddon\runtime\legal\jdk.unsupported\COPYRIGHT
| MD5 | 4586c3797f538d41b7b2e30e8afebbc9 |
| SHA1 | 3419ebac878fa53a9f0ff1617045ddaafb43dce0 |
| SHA256 | 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018 |
| SHA512 | f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3 |
C:\Program Files\Koalageddon\Koalageddon.exe
| MD5 | f3fee249c9335225e3af98f11d805f34 |
| SHA1 | 1d5065a559c156c11caf81ebfa9f3366caba76b2 |
| SHA256 | edfc0e68e302b33410c0bcddca6bd2112f0816861cc9360e22b80c0004852e24 |
| SHA512 | f0652631f55e2530ff6e4b5462a48df7109a1969f14af8c9778b413fea84a0113e30c9281ff772921a981d45e8dcb9150d141cbc9b33d0fb98d3fec7a62e4896 |
C:\Config.Msi\e5a40f3.rbs
| MD5 | 69083a29022e8820d451ec85c795a0f7 |
| SHA1 | 2c745cca19a677d28983fb0fc258963a336f9540 |
| SHA256 | c8722d1f526bfd06eea9b38ce7ebc8ed32a0f65b882eaf3ebc43d161c64e9e20 |
| SHA512 | 2e7e24519368d04a651fb0b66cfdcd0f5b336c665be8bcde176bbbd3a049b97985837bc992b6158bbcd0389acb9ae2e939f6a9532ea7759fd9f84585e6075809 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 79d9a690cad205693370300299235879 |
| SHA1 | d54c3d50aae53c34b1ac9b27cb0fea80275ee046 |
| SHA256 | 634196c9e42820578e9c811cc1eab3a25207c421358a8a530f7a25eba2129508 |
| SHA512 | 5679449d3e2a9e91b0682c2c90c9f1249847d6f1bb800414cd3aa6bb209b29f429c2ea2675599b98f9eff8a15603f460dc51ac4c03c57986bb4419b394d7f373 |
memory/5952-13835-0x000000006DB50000-0x000000006EE91000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 8426d1c71cc3b8002675ed69cba8c191 |
| SHA1 | 4e366ea62376459004857725bde4b3b0bb2fca34 |
| SHA256 | 95bc772e6ed26b4f549615b979d3c446fe1811036b73c8db1f4d61c65b6696b0 |
| SHA512 | 43c32506b51d3faffb05a34ed61d46b00155fd23fc5b5a91e2baacae5231a8ae41a2b1a8996fce85c4f342fe89934ede440b0a27ed66c14c1116e620c9364ae6 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 1c94cf165896f111f54b5baf71970e9e |
| SHA1 | c8051df2d76f690e3552837676899925a2b0fb54 |
| SHA256 | e2b2a319be8dfe7dca82be79bc1a476efbb0ccd5e7bbd72d68f90e1142e5de96 |
| SHA512 | 33b88d9d49eda7410ccb6b6ccb17f6dc64a534020326f914fad2aad5d0f97df106597d018371ad4954740d031e1104c0452d85dfafdf00f39be5a10c4649fe91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea62aa4522424e944f9cd88024f74fe0 |
| SHA1 | 3aede78b81fcf31b68f0e523cf640661a4de1629 |
| SHA256 | 7dc3815ddb83dd49082755ce857a078fbeea81b30d2475fc4bc8a6623b71eb16 |
| SHA512 | dd2d9560aad8b66656bcd4da4cb0b00c79e55621e860b6028ddda2c193d7a48976edfd6ca138fb0e1db84c837d3d73f927d66e6a6c7d4460de4b9a759a12e22b |
memory/2196-14006-0x000002434AF90000-0x000002434AF91000-memory.dmp
memory/2196-14007-0x000002434AF90000-0x000002434AF91000-memory.dmp
memory/2196-14008-0x000002434AF90000-0x000002434AF91000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna15333509564287943045.dll
| MD5 | e02979ecd43bcc9061eb2b494ab5af50 |
| SHA1 | 3122ac0e751660f646c73b10c4f79685aa65c545 |
| SHA256 | a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a |
| SHA512 | 1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 603703664cff99f8f8539029896b0233 |
| SHA1 | 21303ae7ff7fd12f0f066df971163db6a72f7d26 |
| SHA256 | 01e35039d5ae75c34d12c38824ed2fbec176ea44b5849cf87de666ccebca09f5 |
| SHA512 | be143f4384e6c4ec41f604e05a7c4cd81746b88cb1bd32a918d5dce266d31eb85700c6c4cbdd0bdeaa76b3b09d76380c2d6adf4871597f43900a21fbffc1fff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0f085757bf4f53b2c29ff4e107b8fa2 |
| SHA1 | 0a0d79f4dfe3669d8ebab3accdb50a257c8f7169 |
| SHA256 | 71778a83f75e5b7e887aa7e3b8e62c23a83204743623855654e3877533e27ed9 |
| SHA512 | a86dff38129a112b47e8d959522b81acb1479161c20c55c89332d74242c9f9e38df9dc05e651b276630039ba712adee35303fb5104cf25b340d3b14133f67685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.dll
| MD5 | 4a1a823e5cf4fb861dd6ba94539d29c4 |
| SHA1 | 8e2f160783e159fdd33e806acbc5afb37f84ec4d |
| SHA256 | f874fa379dc8557f5d640a17753900a7c1a1d5f93a13aeeef176316b8ccf0764 |
| SHA512 | 018768c3dbee58ce5c42d00577160ab9766284200c37a173c0fb711c82db6ea6d8e7a80a66e0be5afe853dd8ab07a378db25dea0de0b6adc43b1fe9b7cf46e52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ebe724411fc9d464e8470bc585a2cbc7 |
| SHA1 | 059a4724c79877d1e846586958a59021050a25f8 |
| SHA256 | df0d7f26045af50949f0b4a6830f276162083e185827570af904a594802edbfd |
| SHA512 | d2d2714e2c5584ec59ecc26c98ec6426be8b08d17e7842bc92e1c3d0bcacbd30d81f2a56e80bc998dc69e5bcd791b2a171bf4bab05e66ec149b8cb497af4611d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae2a362940307d75c4623c943325a6ec |
| SHA1 | 84446cb638f6ddf07d5e0f77e6d44866bdf23462 |
| SHA256 | 336061cb158df5bf6548c257c46d14283785cccd5f1fc66a8a4fb03e2b74e995 |
| SHA512 | cc5366b6fd6dd8f5d9482e617951cdb72b21b28b9d3b2965b76554668098b0907a612e843970782de69fbef073effca6f19551a199b2b69dc43f0594338ff399 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7561fc8e638291ce5edd55b140e79a39 |
| SHA1 | 0d8772ef261b217861b4504cd21b6132c68443f3 |
| SHA256 | 0dc786c89595d41936fc96f77f834d099085defe3d7bb46549a499eff779dd85 |
| SHA512 | 7a7df470ae235ca7386c15c9e1d575053d3aa8ec4dde440cb471574fade0dff55c3f254ed6ec5300128704d21e7a3920cbeffe79f4323a03383cf62ae1c00af6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 48adbcf4a6eecfa6df46a5e53a6b72b6 |
| SHA1 | de24e4c1890f72fd708f243be561e77eb387e68b |
| SHA256 | 9b4a46bf267e4cceb9ef57e92afc275607530bbd2104151c4f863711e3dfc75a |
| SHA512 | dbbba5a12a7a554c0e813c45059819088867f7186fb89193d4dae9cafa79ddd81cf14fc95ae920556f092ee667e7fc9574074dd2f9da06542475e57473322576 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | f5977200311bb39aad58a9eb47b3a6e1 |
| SHA1 | 5ba8b3083344c9ec89a25488b7606ba89ca2afcb |
| SHA256 | 755b737d65dcbe08c4ed9e7c7a0f624ddef88ef4542ac9a0b7ba74fbb1cfffb6 |
| SHA512 | b35610bde7741e2448dd6810585a472f556c2d6a6b915b1a8c682dabfa6287b98020a85482f49360da0ccc3ea6454c87a4b89f34724d5544e92676edafa90eee |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 09154e5dc15028b9ee808a0467dbc330 |
| SHA1 | 606dce49f7a1f6928d019f8e3fa13af38a636560 |
| SHA256 | 6e0cdec0fc86fbb8c9915404e058e3b5218a260bde54347dbb99421a2f1f41ce |
| SHA512 | e5d9c3172a272c2061a689129e60a1daaeecae79d1a0588bf08b59f598fb6034436a3623e5a327a39e8f106b2c4875c159f28d301f20e5488b583ec544d2ebc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d
| MD5 | 74271be4cf454fcbf6e96ac88b08277b |
| SHA1 | e89d89325746581b630e8d88ac9977cbb089b47e |
| SHA256 | 8e2e82123fa233106cd4589032c566df9aecf7f7a7b496e6aec2fb0123289316 |
| SHA512 | fd2e13fb77254eb99ca16b8b6174fbb676ab13f593c0a60bce285ae04d9679214eb110218f2496e50432ffebf05219564f9d53e823f86746327a60680bfd6470 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 9a95812cb17f16b3be234454aae14f6d |
| SHA1 | e5786798e510473ab441c232d9e0e413a10333e0 |
| SHA256 | bcafb4b7e44312e55ead0b9804468198f31b2faeb746ee704da79e73b7237ab9 |
| SHA512 | f194cbed627bac70c24ce6af1b53be7bcbdd3b181501a35480711af7a7371512580328e56c2577afe0a558d60053297d008e501eee514c42a1ceff164fc03a2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d616a5ec366266fe586ac63dccc437ba |
| SHA1 | 40120f3b10b40232d48bf35a8708d7becf776a8b |
| SHA256 | bf3970d3b322d7959d5bc2ba8dd792e11113708b609e5e8410774c0d868597e5 |
| SHA512 | 143b66f4f75bc20ad53e70f4f8624f52d2b73ce2b5677854855d7277b83fda261892a7b5367e2838735fb53dd0bc1ce3618486d912fd312c74fa4611c55ec478 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 638486a3b721a9d13a53bb8dd631b22f |
| SHA1 | f67b871f79e201b7bd61e85e9717e76d2f4f845e |
| SHA256 | 3ded29fc3a6244cd81e8ec426f748a7b38aaf396e90d7f6f93edb00de6be2dc1 |
| SHA512 | bee37cbf459673966c01c04f6d566daf02b349a59b09a58da4202e588efcbdb8f2eca98d3052be85e110028551ad9361906d3b8c193c50979b17f8db8985145a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 748da140c27a0d76a59a210178f24aed |
| SHA1 | 191b440d1942a24863d81867bb80a3568a4c6887 |
| SHA256 | aee0bff9283c83c48da206dd3efa4d5cb47379746f855ea927c8d86895b3c86d |
| SHA512 | a6f21792e8358a3a053600eea5e4ba19d1aa90c403ade43429a7a9cf326278cf830b0f3329d2dd98fe8534dcd58a4f873947744606f44276c54508e248100ee4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088
| MD5 | fb3c276741b32988a924bd18a77b4be7 |
| SHA1 | 274e35017eed901fa830dbba4b964e0b520f291e |
| SHA256 | 06dcea053e8b47cf1f427e8d926330565c599ae1a79635adeafe72e4ec7091f9 |
| SHA512 | da31004dfba075828254757ecfc63bac611cd8067af2048dc346ff8153f6cab032cbf5b5e1b64e42b3e82aa86ee6d63372a864404940dfd9fc5543c77c05796e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e84abd223b5fba0_0
| MD5 | df6eb965a68b3270bb21550cd43c6619 |
| SHA1 | a844a3f090d346a8b3187a05ddde7745381cf372 |
| SHA256 | fc00d3afdfb2e0c12b57920dd35479f204a7bd364d004c5d8ca9085f1c8194b9 |
| SHA512 | 804a8c6bf6a3d3f603b91f5e62afa6521d7a7db05e6b50eef044fe64acaccf6481dd1e474d8c41aab803af1dbf14d2d9010042e5cee191c1f49e26f246ff2a23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083
| MD5 | b369a6c1b7bc38b74276602c7fc6dc0f |
| SHA1 | b016f10facafad9b45054375e3ced0dd0576de2e |
| SHA256 | 3e2fc21acde96a96aa664d5520144e24dfd567ea4a7ae00ff1583cafd4b7e072 |
| SHA512 | 2f8f43fd1a199fe54c17d2a05b8cee4aa8a3b021533e90c0d5129be59db636999d834a5ef127069150234c1d04a6376a84b123e0c057b9080262240462300b3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98e3059f988c5c4bb02fe79b448edc10 |
| SHA1 | ce886e9d850278eb46046ca4e855b3d5bb9b6463 |
| SHA256 | c621d7453037740c1f939c2e146f69bbd172ace15ce973017c6473c2ac9c2a64 |
| SHA512 | 61aae128502b53bc531c37be33f2b215461f7774c0a96df97272a0034397dc6a04bf5d8ae89197b086076e6512d460fd6dd9ec0051408262c78c329d1e97593c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f48be751edc130c134164415155ba2e0 |
| SHA1 | 3555965dfd5a35d3234288dd818553aa36705861 |
| SHA256 | 3e50f171fcd3abd673251f0fa2acc7b1662e5b428e20a99d9046f23317c6531f |
| SHA512 | ab20e3fd1ff89573b704e9efce1444c6233ad41566d517180ba1519aa942c8ea358266d55e7775b7f943eac7c54e87de68e86d964df74bd3a1fc5383ab222b9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ba2274d2-341f-4006-9d31-49a7668ac768\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2892eee3e20e19a9ba77be6913508a54 |
| SHA1 | 7c4ef82faa28393c739c517d706ac6919a8ffc49 |
| SHA256 | 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2 |
| SHA512 | b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 413f042139471d88dfee5db22146786d |
| SHA1 | db32701fd1dfeeb9a1b51f5d56d891f07e928af7 |
| SHA256 | da03361182b2b87edacf9033ff6a8f26fa1d83090140ec5f989b5fe498640166 |
| SHA512 | d41099b4b722f1b98c13b18a091a24fa09a980143b479c9568a615659640ca7ca2f16a28a719d556c82ea4045f34116de9b7c152870724b3d1844e374f605622 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 08f9f2b5fb8571c53b086c594242d879 |
| SHA1 | da3d31c06dd9d1b6b88b851a6f355ce141934012 |
| SHA256 | 35498f6f10005256a82626873e33fd3b59410929adbff9dbf1f676217e12fc2d |
| SHA512 | 24365a7f9c6fd512bdf413287f7eb483f2082baf6a5e7bb9edfb0cbc404abbcb842c37280387dac4a5c920e33ae5b3fa6b1fe70b9f1eb1a81e6642c633a73181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cf7dc6a9e12ba05a4943d89ea7deee3f |
| SHA1 | b1bbd26c33482bb1d46d70136126ea4066e00696 |
| SHA256 | 3a3aedf7875a2f534d161bcd1e22099380c62254075d5f59d214b0b909921dbb |
| SHA512 | b609773563d1aa7cbb7c4fa4c5f5c57b5c9b74229b393310a3d43806c72d391a91478c8152a796d8c36413038206edb263dc7d797f7539d079be699d9f65494d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 869c91071b92ae0d9a0fe6ecef193874 |
| SHA1 | 3f8b2314e442c7bf2ecd117b35c30f48686fadc9 |
| SHA256 | af6a83e355a10724c4ba307c204bdd07a80271149abf484508bfd0514fd63724 |
| SHA512 | ebba5e06f10e5a9ff3c8cbfeb9d08325e221d4037c27c1598a13f04c9638043ae4196b758144e362408568efea3c2fac65ff48bd851d4bfc00d9baabdc244602 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 609ab19b06410be8a216b2b7b20aea30 |
| SHA1 | 5150f11b0e7ebbd9c42f97d593d49a36928a2271 |
| SHA256 | a14706ba30d1aa1127278fbb008b3e5e56f2db8baac11bf37074ba402b70061c |
| SHA512 | 99c616016fa885c770f873b4856d5568898039c4b5ec6aa300043f231dcc81e93ac82e6763b8a2e659804f37c3294a41d9a85d5f52d3f866350f8c1757d6361c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011c
| MD5 | 1183ace68690f4de0c3571f4ed05cc57 |
| SHA1 | bd7478a0244ec28985db90d59e72604c687fcf1e |
| SHA256 | 87a41d8b8a5ea4808d65574908b2c63e0b925b06a8e2809b69b9c204f235f62c |
| SHA512 | 0a82d1ed585d014a25ca4ff3af2e64e83f3a529352a8893b24f4f1150a495de45906430e0ec0bbf0b91ac62e94c80985ad64dea2df45fb8ae2a7621be2dd5d9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa1be44ee1b84118eb0dfded24d273ed |
| SHA1 | 6a0fd5359bd386ddd0518233480edee4ab3de6d0 |
| SHA256 | c80c7e49447df6345587ce0107aafde31dd771bed293f9c612796862b398f7c3 |
| SHA512 | 7e145140d46c2153344abb6a11e20c9f2b8770008b5129ea235dc714e3cc943b0462897afdd78964c5962e2d38c026dd920c2ce4b08c4b6b09453cacc0b899ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011b
| MD5 | 18a64802714cd620582e3070cfe247b6 |
| SHA1 | 8b07b5a18b9378816ad4ea50545aae6c28796262 |
| SHA256 | c920432f90cdfb91ca4074cf59d22871407e1d2ac429b95c5ca46690ea4314f2 |
| SHA512 | f8a66354bf3b6ac887994f48e84d5d35fa38684c0c621f90fc9c846074518ddec7e3f89ca6a924456c1f54f8323ed2d5649893bc2d62061724e281a9a9028ab9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24bd0d66cd4daf35cb1f08d82eef3a09 |
| SHA1 | cf0725412bec0c01f31c65f571f454131ef7f0a9 |
| SHA256 | 297456197106a7988283793c58facc5c6f6581770b14eaa3b23380b4dee120bf |
| SHA512 | 5f97da611500d23decf6a97c5b586fead7efd030332682fdd919d7c2c1c6103e5f20461f8aecd828f0443c4d429f8ae74e46672d5223a3c452ce7fe9b9d036a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9499efd929c8531549762f94b3de564 |
| SHA1 | 9d6b84abd82d5b5902916549edbffc47613244dd |
| SHA256 | b061e8fb79474a304b90c4a41c3f67782c262faab39d77dc954cd489ef672461 |
| SHA512 | 9c881bf0f1a68e10d511647b5391d4e59bde25a39c7277274769348046e6f054843b3f08493cfe6c9bf3aa5158e5c4cf7f03a6eabfc5861ecc89fe3e71ad4cd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 532fd1ab422d4bb9746ebc9e7a03d3e7 |
| SHA1 | 3e6ade09bf4f9171a0b3413625e77ec85b69c651 |
| SHA256 | cc68a9ecf8d6a7de35f96033d5d80c0e0f5c1b80faf89a7982ade22861399e54 |
| SHA512 | e666ae3122dcb03c5037ef7b1db051edb34c9560f6ef48839a7950dfe06ee192ad36d56dac5f6dde9a8f4a3496e7b08abd6a784502fb72b8ad45de159995020a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c72a7.TMP
| MD5 | 1b993732d3be9f1c117b581d5a5b296a |
| SHA1 | 6134f5f1d99231a14357411635e94218c1c0eb5f |
| SHA256 | 5a091038718771fed7dccbef676ad9203b0c99c4d1f7b97e8bb47cfae2ca6786 |
| SHA512 | a4c12e2c5aca34d475f54de441f60111c79bc855cf58758bd3a9033f053b86451cb08b54c917eebbaafb7380fb2612d573ca3f2883328688718a4c8f4729e40e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 272ec2ff2ae74fbf617372c3bbe546b9 |
| SHA1 | c62c939a637271fb40c5fbe0521cea2542940916 |
| SHA256 | 854f815e9240ec11fbc8eefa09b6fcd0eaf469ab74a6a7e06e7dcbbd159e806b |
| SHA512 | 45e47895cb3fc183a10a353ad9ab14a2b0fd7d4362863fc4dd09a9aed547621ccc8d7d03b20ca290bc37db41a98e6d0cb96628661f91a034c8c8605bf7da118e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dac30d4dc4c3a4df5c0d30d92e86d4c0 |
| SHA1 | 4ebfd7831df5c0c67d04c0ba497629d3d1fa4338 |
| SHA256 | 725d8393a597d67142371108ba524eb672de5824f62de38c5903df3d79c90a48 |
| SHA512 | deab8939d10bddf6f1c6de5967ed8028ae4173093ecd95dd2c181113e16a10342af3237b0a2f3636633b59f4fbf844d26617b3a859e5fe315c1b57fc3b5c12e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d3b1ef1-9848-46f6-9510-ba3e65be4de1\index-dir\the-real-index~RFe5c8082.TMP
| MD5 | e71f1a11a057cfff9103ba7fb21e7f89 |
| SHA1 | 833beec3c88c12d6aeabd907a384083929d94b2f |
| SHA256 | 50dca4d427eb5230336e4c073d5a12417e285e53ff1fe3e53f29d5354eaac0c2 |
| SHA512 | a6c5d6306866235ec4150fda6bf8d191349bb48c277bc8f5d67da67c25f85f888e7a91e293b72c74d5bc423c6c285f6de6269e8eea1332cfdafac05a33afb2e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d3b1ef1-9848-46f6-9510-ba3e65be4de1\index-dir\the-real-index
| MD5 | 22b445b5c8783bcbe2f351d68e2a3761 |
| SHA1 | 494ccb0ad3511dea853925148a5ecbf1da0e2ac7 |
| SHA256 | 49537d1bd8f5b7afd29718c0fc8191eff5b179ed7c327fcae5c9df06ce9bfa3e |
| SHA512 | da2ecc535764b82a6d76ed6a5f4fb916911f2bc0afb1e383b35605fd16d75650d1a79044a026dd921505b8f14909b620ad10d53c05386410bcc9233a4342e360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6852fe39-85b3-43d9-bed0-eb8b9291dc65\index-dir\the-real-index~RFe5c841c.TMP
| MD5 | a9e29e6292730da26ce4f2589343eb9c |
| SHA1 | 43d388530b5ee5a30c2111ad2c6df1ca38cc159c |
| SHA256 | 88ec829425105038e029fbcbc2746307b8aebd006f6c27851fadcd94527e8e48 |
| SHA512 | 7d545332d67c47fd258b69e58a4b1bb9bc196320fd170d5a4f03ad3b1e6c44810b88ea4ff9657bdc87004b4aecd8af17705e3cb8a9ac0c5b6ae855c926ad7b49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6852fe39-85b3-43d9-bed0-eb8b9291dc65\index-dir\the-real-index
| MD5 | 2c5d12929de65fb3745221329835e400 |
| SHA1 | 73c9f780a484c43ce725c47c96e621fbe3e07e9e |
| SHA256 | fe4fd4475be56ebd33f9560037abee132dc100c9260d413b9dd4db0a663febf5 |
| SHA512 | 0a65600c8c85a1c57698739afed341d20c4110385c8718fdd2d9950b88880cede119b8b10037e9664b24691d04a3c103b45da8063d19e6e51a10fab2e24f2f0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1a9d8c59be386e54d37569ab504cac91 |
| SHA1 | 268b4289c68ffa3bd5ff1ab495317f82819df6e4 |
| SHA256 | 9a7ffaa4894ff5aa3825b455adaa2c26206bd20628a1b400282d4696fef1f752 |
| SHA512 | 629eb06985fd3812a44e37845a089699f7b50ddfa79151e5a5446692cc18007847627d43f939a1c06d13bed8c7dfc6d1125b2753b6b85bbbe1e33c484c80b810 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c48b22ada7e32c427ba01422fba7a8b |
| SHA1 | 9f4377b717b27dd1333b84a06374b4a6056ff3a2 |
| SHA256 | 4bf10d7050d2abb75c7ec1bc2ac1fbd21327398dce6beb9c0f4dee6720a2ca8e |
| SHA512 | 068fbebcd33a4814d69e1aa050cf7fb2e44f8aa38c575b38173a7fc415bcc592c01321a4d94fd510e5219aa31bef4b3feb9b78ae3125a1316d346e6f22949ce4 |
C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json
| MD5 | 6b996582c7f18d47def5d0309e070573 |
| SHA1 | 6e4fb5cc554d780baee894937d9912ac43fde5f9 |
| SHA256 | 2d6e2997c46d8134c6c1b593f1f678e60b1b36f7c26a97a08e69021c1237e575 |
| SHA512 | 2a73cc63e4efe1bbeafc57c5505fbb54b1eace6b41f86e1449a90acfe83d7eabe84578ebed551e45ffec0f6299e3e12e0c7fa36885d1ac5398e5d259f39d9259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab
| MD5 | 657e4123495b24c07e4439e77c68315b |
| SHA1 | 2376950689f7fca24b12e1f4c7b575f781c635df |
| SHA256 | 8780c68fbf1411627b172305e057d6bc764fe6b21415f68fa79788e60e879328 |
| SHA512 | 58be54dd8b8bf5f0f18f85f2ce260f88b43432241d5a6ac5df738fb8b48844c844515724a56f6cef532e73f35a196f7d4a40618794c20d4ebf15623e717670ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af
| MD5 | e5f64900f6aa40e98bfb5e0d2ccd8b57 |
| SHA1 | f0d4f379dab620aec6013fc34a3a13c44d2bab69 |
| SHA256 | f7a0a1b89761ccbfc86ff4750aea0e2103d8fd9cc61edcbda1cea13f8378a5a1 |
| SHA512 | cd788fe4dbfe052dd3ec9f61f820a16639c803a7898483cfb7f594a636f39cf5714d3a8d31bfcd58fe1439dea39ec335910ec1953cd33e570c5b319f3fc7f2bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8
| MD5 | abc17c281da1d55e7117539bcb6b5307 |
| SHA1 | 116b9fb89602b77a9fdc22243210d7b0776e53bb |
| SHA256 | e0314fca4fc65bafb23ea76167b002a0fbca126d9d72ff9767d00cce80fa39d6 |
| SHA512 | 8ee84adbb15ceb5872b46782b1e0da1e9689f41cc7a9cf63cff9eaf0bbe0f0008306e46ed3372a12c00343e43c6b02f27be7e6bd69dfc1f4a22cf25ebee11c8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2
| MD5 | 66537f38aa4fa3c401cf6f6bd8462775 |
| SHA1 | 64ffbb55fe056eba6bf3612c9a5d1285f9a3980e |
| SHA256 | 556599f140a88d3a4af9d208511944a7d4b8299b0e7814b79f003b33a72a2653 |
| SHA512 | a4829963bed35031f8e84d4c50937ba7f7320d865f3c11128bbeabae4784154e2542bd1184dd374644a37a12fd58e2157b9636a17e7f919e63862045426fdf49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5
| MD5 | 8943c357ab330704505e0edb24eceb39 |
| SHA1 | fd878380524cf1972e38405eafb6631cd8f2beb6 |
| SHA256 | 78a417178031c8690c8ab8f70041b2cfccb730d38aa5bf354445e42d047cbb48 |
| SHA512 | 38ed85c5a08387bb9b7669f15bda894dd6adc899cf65983f1fc396bd491604505658c86411659fde0b9660fa244715d58d8e4bc1189fbe194d9139939e791562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2b9eb761479c4a4667d428f44b57b45f |
| SHA1 | eb86e00a68ce64ca46e501dde0685410ef605483 |
| SHA256 | e4904421cb78ff7f63760187f783098d91285afaec75a843dc9338c53ddd1d9e |
| SHA512 | 8bf6b78dfbd2469e1d1a3aff5a2d42bc82d78234cb64ee7f9d42f94614e2269899411cfa03d600f29155a8800bdb87aa5f399e5cf616861e7ff2125bf6896959 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30a275f02af888ab3c4bcc8a69c1127d |
| SHA1 | 95acaad3987e5b6f659bd6c422939815063cabad |
| SHA256 | 24f068b5383b00f6c1844bb44084eb1abab3c1fffc88ef33f41972af1fa4aeb4 |
| SHA512 | dde56746326f24b1dca816691c1de750bf0397dd51545b879c85f397f9548748581044185ad5d676967b96d510ba80097d57f087fc9fe58a246dfea42bd0872f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 51998396493142295907a5fa03fcd05c |
| SHA1 | dc54a360d2c7e359b98ae3da2e1385563073ceb8 |
| SHA256 | 64c69a2a5c532f1cac80799bc767d7f3b772974a9c72c5881d1ec21e93f56f70 |
| SHA512 | a4b0c661486b04e12ca986802109bc0ffa6b5b99bf8584b47c2aa5a118c445778faaaddd703988bc4b0aa7578b4bbac589dead2007524c2e4c62b2f8347bdee4 |
C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json
| MD5 | 24a3f6a6603d36c05353129abae4bed0 |
| SHA1 | 6a625cc8bc059c5f967a4cca2c15108826d4ce8a |
| SHA256 | 8ef59451080a07c9675a4bd35a3755fe3a2bef03ad1f622fdc0602d6ae12e457 |
| SHA512 | 6d44d169ca957b13304a7f0b2b550ae5392c8bb0f0cad8476da510b523def73e0bf267f0585141d5528950fe86b7fa0348a7f092b20d92213d90b7addb53d940 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fc913c2c-3d46-4a37-9172-260e09029ce2.tmp
| MD5 | 926f6c727505d382cc631a70e7217f9d |
| SHA1 | e6976cd9554ba14d6fec21b0acca4555311adbb8 |
| SHA256 | c6670082a90fa57adeba5cb6ef4b9a636c094b1f135db8d8ecebaf6b58e25c64 |
| SHA512 | 5892c6f0638d9dce21e6c55c8381f74919a3faf2b28dfb01ef00d5b618c8b38cd6c8d2518f95a1f1904b679162ef014d36513213ca019a94c5262dde432d4e58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37e3080c4333075bf31d165e67692a66 |
| SHA1 | 45a7582d03bb93a768ed3470b89363938f2446f0 |
| SHA256 | 79d3125ed04e3141b7bec7156f03d2af770d2a152e38cfeb9491e54d6f1906a9 |
| SHA512 | fa8effd1fb5c613e21951d600c4c657c4717e5e48d0fbfdc52e6c790ea77440e295b38bc9d57a37ae18f13a8951d14fc39b0de5ff716e4d9eed33fb4d91250b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000130
| MD5 | 61d2aac654fe09ec49dda2cdd43ff4ca |
| SHA1 | 859a68ec8e7442a312ffb40795da92cb13124aec |
| SHA256 | 9fa2e0d54ae431f520f59b3b1b6adf26681e4925c9e9bdc4a1813e290014a29c |
| SHA512 | 1b4daf67deaf1edfe59094c326dc8295879794d1f7f1d0d83a279a5e5fdc8498f7b6a918cdf5efd8ee757d4831dea3f62c4311b4d78d692afce21ea903d61730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135
| MD5 | bd67a61a222902ee40ff29f6e3406e3a |
| SHA1 | 46792711a44521b5b076129476e5b017c4d6a127 |
| SHA256 | a1117a0c088cf5b800823c02a191853007a73b3179a95f21b40586cfde174b60 |
| SHA512 | 97469732f31924632047e62806c490a7112c8b60bd8bb445f1c8131415d120c171cea3d09c228873e4e0033b98cf9d91cbbe61bf05dc4e026205e0a3f6a36a4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4fe5e84ff7f974ecc3da0139d14b9bce |
| SHA1 | 5f787d15340f59c6de98df97aadb1944116ab404 |
| SHA256 | b52efb1aa54b5e80dd7a3664294a492c3a310dacf552c186ad1832882b99154b |
| SHA512 | ee624be738c1935d1fc18511fb5e8dd6cc41880e93c0f614c357ae87f6fb6bdd1ffa6c89bb8673e0fdeb06c64cd424cc01bfc9e27a2a1e16a706a92e0f1277cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70a3a53675e97a9e9d7fcf9ef76ac127 |
| SHA1 | d17df332493a5821c939e76aa0545bbd6640cccc |
| SHA256 | c4d5c0ccb3303aa1a3c5e408f2db9059f4fc753c453204cd4ba71b9f31f7ada5 |
| SHA512 | f2eb0d7954aa702a83677d7e102e426168be8a28265cac656d3e90d074eb72736b2ddd2b0d75c82d645a8429cc75d2fbcc9b08cac2de18c57d9fe1b3d053d2fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1aaa37af56655756a34c778bcf3b42dc |
| SHA1 | 7c31f5f602e032c2e1cde9791916aefd3f9ed02d |
| SHA256 | 4bc064c8f8b3cdfcad4511440e28465802a7f50c27195d534b0882dd0c2b3aa0 |
| SHA512 | a2711eaed4b99cb09ad173a92103fab82e3f7d432b5736fefcc996cb1d4276a70c03c2e7042d070cad842c04b2cd172c425e8392e7c0bcbfa411bf1cc6b9e77d |
memory/2196-15862-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15863-0x0000024333720000-0x0000024334720000-memory.dmp
C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json
| MD5 | d4c055b08e5a720f4505cf8ca0f86ec4 |
| SHA1 | 56eabf01ee27a5c7122e1fc7d2a051471e9075e9 |
| SHA256 | b3d205be1efbbe16c46454b56cfd4ed33ac4a6901c1835f1d473fa9b4bca219d |
| SHA512 | 099df20801c9740eaf605d2f2063f6b95a51710f77c8e81990173ab1936dd214de47de05a20c525fc830039c732a5bb06b2b5fc318b3f2a96e52bdd136c8243f |
memory/2196-15880-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15900-0x0000024333720000-0x0000024334720000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6852fe39-85b3-43d9-bed0-eb8b9291dc65\index-dir\the-real-index
| MD5 | c678351269704cd3f78fc389d80963e1 |
| SHA1 | 844565da08c561168a5d6a9001f30ad695a7c47e |
| SHA256 | f8190f4b071b33e634fb7356b117763252be1886d124ce652538d19abc5b18cc |
| SHA512 | 52426382443fbc33ca7de272bbac320557861f055cb016460d6f9b6517c44cc54bd32317ddb29dc20fa4664d15f445d888330d230902ab3167f239d4057a2e84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ba03e68cc1e0b7015a5fc062498f29fa |
| SHA1 | 196ba6a8293c1b38bfb16a3d1cc7d16f6f5419d8 |
| SHA256 | 04e16acc20fb92a55e4502ca5f2056bf78280309c5cb74b7b5e978ed09adb20d |
| SHA512 | a2962bcb96e328427c20eecdaf42843ea6dbfac88d8bc190ca8c7da75045c4ffa5fce9560c34662a6b60595d40b8c9cb64e5c37708c1f979d7af69f4fdeb8695 |
memory/2196-15948-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15949-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15959-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15960-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15961-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15962-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15963-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15964-0x0000024333720000-0x0000024334720000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbb40f58e8c622802fb44f252462bd52 |
| SHA1 | ca866117d974584ff4973fae441c145e97409c41 |
| SHA256 | 679ab38d57ad91711218554a482edd508c0a803cb1cdf6fda687b3b332b1bf67 |
| SHA512 | 667b113d9ce704cce20b3cf7d991db5da7bdd84463992bfdc58c97aa7b4d249d8c5d5b6f9331b76ef163a79be83443c8da611da49815499a8ed507e560952b4d |
memory/2196-15985-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15986-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15987-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15988-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15989-0x0000024333720000-0x0000024334720000-memory.dmp
memory/2196-15991-0x0000024333720000-0x0000024334720000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff9a03f1c1e66d311897713e775dcead |
| SHA1 | 0b3f9d0beac6dabcb14353f00e2901a8aa9624e2 |
| SHA256 | fb374e7c6a1b502d7154a1bd190a769aeb29b90840c09e3a834125fdd771bdd5 |
| SHA512 | ac203846508dc72b08dbe74558d0ad48f54b6913e639861dfcf7e727404d98d4b7e2795fb29b78ff1e748afdb9fd67731fcb8c0e0bada13f2d157c9439ea9104 |
C:\Program Files (x86)\Steam\version.dll
| MD5 | 7e92b09ee4fe34c50415140a0c1130ab |
| SHA1 | 638669c749cd493c4407e8c674ecff60a317da80 |
| SHA256 | 2665a951793eac577c89d9115aff15b3c69f87af4da15a93a81200c890a4cd00 |
| SHA512 | 26d7b8039c579fb1f83102afbf2ad82c95a4d957fef45a134428d6df55c9df576541627e061f0bd6cb280075be8d7c0c1aab2945ab42fe76590f41f59e5cd367 |
C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json
| MD5 | a3bbeddf50b71ac919c8a0b0c6b4ae07 |
| SHA1 | 2d7a144728be7e3947c7b54640583682384d5055 |
| SHA256 | f3795f3f6049b8966760479b1b2abc6fd895b2bb91fb5e7df6028bf17ebca021 |
| SHA512 | 27397fe58cd816a5c5dc52c11dd24f4fae7cf5e0c4da1fee6a7ae4549581ad4c8ef63607e04cf74db2765fabdf659b879bfe38fcd210dd8417dcedc950b26475 |
C:\Program Files (x86)\Steam\Koaloader.config.json
| MD5 | 3216bf75d8748e0632462d5b29d2b3b8 |
| SHA1 | 827575a7afc62c988fc0ec81521bea07b65b4715 |
| SHA256 | 485549f36767167fae934f7c82701ef3c42d4aed2a6debaf3c89288c346c6859 |
| SHA512 | afd2f776c167df7e78c15ec5e52de542ead31fa8ef637283bb604a9494f08dbac69c0ded4c2007d7fc01b9a1cba73877663be5d6bfce6d121e0015fad2fee364 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad2a7a82b4f76c36c4455a8b8d2e5b81 |
| SHA1 | ea6c64a0ac37401606f9539cf83a4649a7ed8ac8 |
| SHA256 | b3375cf1b925bb363544aaa7cac4010a2b0196049bd58386cfe265383a4f363a |
| SHA512 | 5d2bd860043e51f50a4926e452c73561f6dba9bd0790459a49d8969e4b7dec55024216eda1caa3d4fcd895e5e3e0021b377256a12cb2bc649f7b4733bbf72b8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9768ddf8dd2b5cd0bd6f7f2d54043614 |
| SHA1 | 7023afad3b920efac070177b053ce7bb778cd050 |
| SHA256 | 93d089ba86bfca90b2c5e1981888260f5e827da4c1472b0c26a75b84069cd5f7 |
| SHA512 | f6e619d794a24d559bfdc124f3579510fed4398e297fbe8e16ad163fdcb0f8887d2d97341c793be1d266c41c455c45042db139dc21479f92ac3435271b7caa95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26053d5f7eed2e6a4f0677f4990f9066 |
| SHA1 | a3d01ca5de9712fab81c10e749a480b0f6da9e1b |
| SHA256 | 9226b45821ae547ad70e87788456b65d2b9255220c467a7bacfe424198e01786 |
| SHA512 | 1bc05e843311ea005af9262d9c520a4d101c2431bc246c9fd7108650928184dc569efa9d467eef5a10d0402af273fad9f7197af601e548712ecf89d72d03225f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 2d4168be5de0ba896ce1ccbbadf19914 |
| SHA1 | e0996f57811f38b7a61bc6cba49f9b5e24b2ac40 |
| SHA256 | 04ec4bd03f377152feec2db5d8b7af692f420bc86676a1d595c54f739efa90ab |
| SHA512 | 4ce3bc237017c63df5d6f5ffcc6a02cef8c9178446c59f46ad1014ee2fc716376777b956d81fbeaf8ccbb484fed45ea8ec51c6811ecdd4361ef9f8ecebfa3e6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 4bdf73f60c4edec9d15cb6502882d71f |
| SHA1 | 19ed46d6296dc470b30f09ab32bd7200ed1dcf4b |
| SHA256 | 068e4f1de17cf863ef036ebbb4232da0db9c1bf44f8fb28de72baeae32128154 |
| SHA512 | f537de4c4211a24091af5fe438ddd99c66d71bba5e6f8f44c28488da02798f7f95b73eada3c45a534132b8009288fc12350df896ea88e9c91ef8b0017834c34e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6ffa4f74d76ddfb3bb9821f92bd51ca7 |
| SHA1 | 66308d3c976fa19bd2dca343c542ca539b5c2ab2 |
| SHA256 | b2286690e0d280e37d4a95a914275d03afcd50a689960b5d6524923c3ba07da7 |
| SHA512 | 56e26818aeade629d0e1a1607d4bd76a8e027b953185a99f7349c33009441e28cf373752d5f144164ba5e43b85c0218594cf1f24db8c9e5f033f01e785bff8cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4deb8b7da6954fc56a1697766057cf1b |
| SHA1 | e9a3bbf84d9aa62b59d858e9b121f603215c4423 |
| SHA256 | 5c15e1f3d7de2807a4c44299059fd0303b41ecf9ecc48054a959de95c90e9f6f |
| SHA512 | 8a56465d9111e8205b714de81901ee426eea51cfe2133359c6ebd8c28a47569a14a3f28e6a1469198d13de4cc2aba505ea62b694b8f6ef091017d50935e205e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dd6d7204854d1f8991fc4a7aac9d36fd |
| SHA1 | a403f813e3adf819f3ca097cf59f716dc3bb55f4 |
| SHA256 | b9567e12050d8fd4ad1396b1536d1ea2396364c79d691fee114f7cf267be0a36 |
| SHA512 | 63aa4a88f1af6dbf3e2e938d17f7b142a9e39b9e057b89fb981740b47e812eb1236fb794e9344c6cdf44de9c9bb7941edf4fe3bc127cb8b41f6ed35de834df30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e956cacf0d3fafb1355672c956ab76b4 |
| SHA1 | efc068722c41f84f1865a6d2856e642d77d8f478 |
| SHA256 | c30fa611e266e856927d48c75ead63dda59eed1a6792260517827977704a1589 |
| SHA512 | 17e2b1660701b4671b8e8c83aa6e933076249b7c0ade1b255d44a49be2cad27671fea86453232b819702986738a07ffdf20d9239259c2bb032658e7cc7f3897f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bc187cb25b5cfebc57d52e01703141ee |
| SHA1 | e8a2a1c9aba9352c0aff4b44548c29a6f1c01d79 |
| SHA256 | de5ea0505a3f3b9757cd5db9f51d6981ffecd257fd9f8760211d791c2c2ed8db |
| SHA512 | db409c360d9351506cea98b42a27ff2fc3f0f597e2568fb1d3b77592db2638c42a82bab900cd26c209dbd1208ffce793d391c86caa62d4297400ff61f18002c9 |