Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/whizkydee/Awesome-APIs was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 13:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 13:13
Reported
2024-11-13 13:21
Platform
win11-20241007-en
Max time kernel
481s
Max time network
482s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit\BALDI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/whizkydee/Awesome-APIs
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc89243cb8,0x7ffc89243cc8,0x7ffc89243cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7596 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,10281335142386143409,14221778582608629347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7760 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_baldi-1.4.3-windows-64bit.zip\BALDI.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_baldi-1.4.3-windows-64bit.zip\BALDI.exe"
C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit\BALDI.exe
"C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit\BALDI.exe"
C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit\UnityCrashHandler64.exe
"C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit\UnityCrashHandler64.exe" --attach 2436 2419398873088
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.176:443 | www.bing.com | tcp |
| GB | 92.123.128.195:443 | th.bing.com | tcp |
| GB | 92.123.128.155:443 | r.bing.com | tcp |
| GB | 92.123.128.155:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | th.bing.com | tcp |
| GB | 92.123.128.155:443 | r.bing.com | tcp |
| GB | 92.123.128.155:443 | r.bing.com | tcp |
| GB | 92.123.128.155:443 | r.bing.com | tcp |
| GB | 92.123.128.155:443 | r.bing.com | tcp |
| GB | 92.123.128.155:443 | r.bing.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| GB | 2.19.117.166:443 | aefd.nelreports.net | udp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.160:443 | th.bing.com | tcp |
| GB | 92.123.128.160:443 | th.bing.com | tcp |
| FR | 51.91.224.30:443 | www.snokido.com | tcp |
| FR | 51.91.224.30:443 | www.snokido.com | tcp |
| US | 8.8.8.8:53 | w8.snokido.com | udp |
| US | 172.67.8.12:443 | w8.snokido.com | tcp |
| US | 172.67.8.12:443 | w8.snokido.com | tcp |
| US | 172.67.8.12:443 | w8.snokido.com | tcp |
| FR | 51.91.224.30:443 | www.snokido.com | tcp |
| FR | 51.91.224.30:443 | www.snokido.com | tcp |
| FR | 51.91.224.30:443 | www.snokido.com | tcp |
| FR | 51.91.224.30:443 | www.snokido.com | tcp |
| US | 8.8.8.8:53 | universal.wgplayer.com | udp |
| US | 104.22.2.60:443 | universal.wgplayer.com | tcp |
| DE | 18.155.153.3:443 | cmp.inmobi.com | tcp |
| US | 104.22.2.60:443 | universal.wgplayer.com | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 12.8.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.2.22.104.in-addr.arpa | udp |
| FR | 51.91.224.30:443 | www.snokido.com | tcp |
| DE | 18.193.40.240:443 | api.cmp.inmobi.com | tcp |
| DE | 18.193.40.240:443 | api.cmp.inmobi.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.160:443 | th.bing.com | tcp |
| US | 198.185.159.144:443 | www.basicallygames.com | tcp |
| US | 198.185.159.144:443 | www.basicallygames.com | tcp |
| US | 151.101.64.238:443 | images.squarespace-cdn.com | tcp |
| US | 151.101.192.237:443 | assets.squarespace.com | tcp |
| US | 151.101.0.238:443 | images.squarespace-cdn.com | tcp |
| US | 151.101.0.238:443 | images.squarespace-cdn.com | tcp |
| US | 34.160.236.44:443 | definitions.sqspcdn.com | tcp |
| US | 151.101.192.237:443 | assets.squarespace.com | tcp |
| US | 34.160.236.44:443 | definitions.sqspcdn.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 34.160.236.44:443 | definitions.sqspcdn.com | udp |
| US | 151.101.192.237:443 | assets.squarespace.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 35.186.236.0:443 | performance.squarespace.com | tcp |
| US | 104.18.5.160:443 | gamejolt.com | tcp |
| US | 104.18.5.160:443 | gamejolt.com | tcp |
| US | 151.101.65.91:443 | f4.bcbits.com | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 104.18.25.184:443 | s.gjcdn.net | tcp |
| US | 104.18.25.184:443 | s.gjcdn.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | udp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 151.101.129.91:443 | f4.bcbits.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.200.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 35.186.236.0:443 | performance.squarespace.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| DE | 52.85.92.67:443 | global.proper.io | tcp |
| DE | 18.155.153.62:443 | api.enthusiastgaming.net | tcp |
| DE | 91.228.74.244:443 | pixel.quantserve.com | tcp |
| GB | 54.230.10.119:443 | vplayer.enthusiastgaming.com | tcp |
| DE | 52.222.191.32:443 | rules.quantcount.com | tcp |
| DE | 52.85.92.67:443 | global.proper.io | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| DE | 18.155.153.79:443 | abcheck.proper.io | tcp |
| DE | 18.155.153.79:443 | abcheck.proper.io | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 79.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| US | 35.241.45.217:443 | pghub.io | tcp |
| GB | 2.22.249.19:443 | pxdrop.lijit.com | tcp |
| DE | 52.85.92.104:443 | sb.scorecardresearch.com | tcp |
| US | 172.217.4.35:443 | csi.gstatic.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 104.18.14.32:443 | download.gamejolt.net | tcp |
| US | 104.18.14.32:443 | download.gamejolt.net | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 104.18.14.32:443 | download.gamejolt.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fc959921446fa3ab5813f75ca4d0235 |
| SHA1 | 0aeef3ba7ba2aa1f725fca09432d384b06995e2a |
| SHA256 | 1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c |
| SHA512 | 899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06 |
\??\pipe\LOCAL\crashpad_1620_BBJSMRNTVZHGYRSH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e9a2c784e6d797d91d4b8612e14d51bd |
| SHA1 | 25e2b07c396ee82e4404af09424f747fc05f04c2 |
| SHA256 | 18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6 |
| SHA512 | fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 066835006551a8c7097587876bb1d182 |
| SHA1 | 98ac96bb63b5697ccefd57b964b3defc9258716d |
| SHA256 | 48cd5670e5b84fe4a1a3d8e69c2f0c37e0625d6b12bf2f5f9b0bad6148a1b4d5 |
| SHA512 | fe47498251c39f6f9ea601e1a0f0bcd928eeb708e7f9a20e2162f1b4aac4dec498d154e062b8db125a132f8994daa1e89f5e211e335d4ab4b60fde718aefa111 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c7074015e7100cd100544624838dfae |
| SHA1 | 5d78f5ab0ea3eacc748b01fb8ed1c28f07314a29 |
| SHA256 | b2b8fe21bac9c12b288340e826805bca5d8300742624ca11c0bb91523f0acadf |
| SHA512 | 3744e2a36ff358df6e692a5457199a88898aba4e15e8009ac5329df0303ee0e21e836d5fdb8097bc2f032744c6543a79b3c623356caf258af2729cfdefabfd70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a49d6def2272e0fa1b3dd1db0af41f5c |
| SHA1 | b4b172b1692439f9250de3f2e6b13457fb5cad2c |
| SHA256 | 1584c551070ee745aae399458a36d7eadbfffef2a0078b50bbbe5949a319140b |
| SHA512 | 6a7290840a6624c4039d4857d6ea35f2a6cd49409a26b5155101503cf16a0183bd443d51f0ce01022fec2ae92eb27f6cbf19b50a09fe2a6e8f302f5af90a51a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d12cfb8a2ec16ac1079d20e51e23b00 |
| SHA1 | 368b819ad39a52ddb318a4d180834653c3546f9b |
| SHA256 | 8920a106c9d559df19b3e18663321ca462657df91543aa7b441aae20b3dbf3c9 |
| SHA512 | f8d5fdbb4060047134319f26316768f13097e6fb1c02038251b6c0b399e419eac9926e7e55715c3bec7b223a40384f872e383c9e5601d26b6993e4dcdb91e28b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b41f0ada26e06730870d282b1f9f4fba |
| SHA1 | 634ef4d06ad48db587f2c1f60e4cffb143808cb5 |
| SHA256 | 3ee779c0c71e06489603834e7294f56702b639147021f691a64f316494505e75 |
| SHA512 | 5d1fdd4a53b03ba1461b9977d13ca02757232e6a2f2bd0ccaa6aeae1634164cdba16f86a942a9cd56e6c1272d6ac1bfd65ff5f344479600c3d9b0c84ca5789ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584f15.TMP
| MD5 | fae357fa082f265fb4d3954a089c1b37 |
| SHA1 | 6a74990241c2ca8577a973c715eb324c4e218473 |
| SHA256 | ece3c18db04128db802c09ff261c7036207e551894becd3f201ef7867ddff7da |
| SHA512 | c36269ed050c94456c34920c3feff11b127d9b7259b4351c87e698a6595037a93d3df03dc261d2b40f1d4571aa442c79b4c477642c72348db2f25afb2e7c0b61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e1ab2227a31fbf0d75a07c57c5a2fb31 |
| SHA1 | a804272f8ca6b314ea642cf118c66ecd93c245e4 |
| SHA256 | 8d6dff1dd908f7fa17e9db731b16d2ac5185f93edf1a215d3e3359898f3ccce2 |
| SHA512 | 170e2634f498e1ab639dda928811f602c408e51580615533a7a3ba0b145ce12e3918f47372f62732678577450f8b57d14149129237e421a0303f672e1f88a5f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 83fb1454a364974c63bc9d5ed5db846e |
| SHA1 | 6f4cacf70d886831df39986f39aef4c8daced806 |
| SHA256 | 612d8d7178476b5af0925685dfb45ec8ea3a8451c31a7e6d1b31b8aebed16a52 |
| SHA512 | ff285650a9f6ecd8099b106ca87a5598048d9a513b9929ae90fb4250c714992559d9338b560a08ec0abae90ed097a31d3fe78b74dc4682087a15b04dd5ddcf21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 114bc1d2f9e61a7e3bf6b990b2221ea5 |
| SHA1 | 917aed1bb03cf84b02c3d551fbd6f7b0397fed07 |
| SHA256 | ad6f919304b9a8d5f148ba2cbd044b4094c701be53044714e76721ffba88b24c |
| SHA512 | 0824a9b9fc497e7a183000c3b25d217a6ddb2a53ae07e3211225f617f44921504d01eb5e7a2f8b34ebe04e698940102f266894555e1fb2eb448fda9e94b9582c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a38b065350beb121373d6af872f2ee3d |
| SHA1 | a850cc3e35f036af229b420949b40fc7587aff48 |
| SHA256 | 75f5d6cda1e53e465ba289ded44d275e194b90c0b6811cc23114aabba2af2ed4 |
| SHA512 | 612ac822381a169e699bad21f4761e6c6d2909a3e731a65faca647d835b5915d5be639701db2f069edfdb0d5b80c3b3210c36d64d118a26ffd299b90e9dafa0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b02bdd630e7702d5681584e4c1bb2040 |
| SHA1 | ff72ac60b593fc588dded87f6ea9b0ae9352b99f |
| SHA256 | 0178d261fe59de6c8c6a59991d4ac5c2674b465915918ab1a3f91345c8c37797 |
| SHA512 | d4386b0e5f3c0d68a640af91d4490bf583fc083ee5d76984b45e0940a28ed16c6dacfd0730282680dd9109a002507ca0fa6e253d32eedee18573bf0a02ad82b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 228b4dcb602630295c3e1a4ae6bb5e1f |
| SHA1 | df4d5220f6e3bf6ef4a2787dca844ef7dac1d42d |
| SHA256 | f02c42b0f30b324a482cb0f2694ac662412218715068fe59d3d0efd3a19f3bdf |
| SHA512 | 995a74bd28638953ceced235b5089c74177d985e298d900f0165acf6266a32f400abe103a0e463c9631f7a2c72c7c79a2f9214e6fe4ec3940ac0da8fac660f50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 770fc38a6aed405afcd96f4d19f93f64 |
| SHA1 | 8d1f9870eb96ebe3484f0e8cf4d710259cd9c3ca |
| SHA256 | ba60076a0cc9c6ad32e83a6d362c61913e323399fea94b803a0de8adb6ce8cce |
| SHA512 | a205964282db6afb7230b63154f6f7b524c5739650ee9e2d9c2c965562cfc5a85db059b44c768cf13add092dd4f5a07c4afc646e6a1db1c445a5b20c15882649 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10dbd81025bd7e4ede6c538d63cd6056 |
| SHA1 | 72887a95ee239ef820f7e79cf9114df5f86199ab |
| SHA256 | f2098fb0c4854c0b339513397599622e996740317add8f8315c4aa1f0496fbd2 |
| SHA512 | 4982d009b99f580f9a8f8de94d288a05542746a6ecba7ca61f28733ebcdefc70f29350e7b51c453303430cd1071b026c320258460f070f07e283f3626bb4a476 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 5d3ce42109b12727912b41cecfbd88e4 |
| SHA1 | cd7569d3445b6def68022bedd0605ed8085daf4a |
| SHA256 | 11efa3a564b8d77be5dd2893fcfefa3de3bbe6e37849810ff84f5d3365d13c27 |
| SHA512 | e2c3b8c9d28a124b53b6394ecdddbbbddc352ee07a563f4a3ebfc60419a23f8a41c83180e1f802aff046d2fd3a4ba60441f346ed06d90f1ed5acb9ebbdf1d40f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | cd74fa4f0944963c0908611fed565d9b |
| SHA1 | c18033d8679d742e2aab1d6c88c28bd8f8a9e10d |
| SHA256 | e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804 |
| SHA512 | b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f627143985aea6ee468067c4d5839919 |
| SHA1 | f539bde50ddf7bf578088761248b0ab39fdbe4c3 |
| SHA256 | 1e170d7f5be47a5de9ef1d8965567702a954ece5d77528f3af80e58cbb548494 |
| SHA512 | e812f42df76851481d33daea4964f3c6a145ed14f50a5869b1ca76335bb3ed4b5384f59a3298bc7f3e3d4b7f234f9457c058e8e3756adcfe2e4096cb13176370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57444b9f252a2c5a8234d6e2183ab41c |
| SHA1 | b2eb67fa90c5e0f14216d3128b34c6090c677958 |
| SHA256 | 8adc3a49f8cb3996d76c28d949a721d17727d9961e0a9b6e6a0194606f6ba5af |
| SHA512 | 593960efe309ac2c3e0e601cf078145be6636efc97fff786fc2ff483cd328b24c33fbc1a9e545d16ba568436908ae41c253da122498acff61c500cbb0a9e3b09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_gamejolt.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e3c6bf8a04efe4e8f5aab6305345e521 |
| SHA1 | 751a74036e4b253443d9a68f0ed4e4903a22d03c |
| SHA256 | a7b5e2672246979fb068af043dac750473e7258fa8cb89310f9ec3c77e0d61b1 |
| SHA512 | 9bb89f32bd1fe83d7e6dc961de28db9cb26f76048b039ece9af985d2ff13725865624fd82cc4594a62144f45ad0864b3ed8fb712cd1939e85d86b2c209832650 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c430057b2c26fc94e4c71642679526dd |
| SHA1 | 13b26352372b19649b07c972ea017e1f3e87e209 |
| SHA256 | 578a896eabadf7ff7639e0edeedb3e4063958f807fec475a6d470c91a46008ab |
| SHA512 | 5fa96d2cd69e260e5ce49b3b92657510d05e4d6f9d1b94adbba7de4347a13ec20a55dc4f1544ee3befc3a5f0cb22e1701af8356c613b0e36a04b05722b13ff9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6ffaffbd1775285b64784fe2fc67672 |
| SHA1 | 4dda0abc12a4f1d5822a9bb7285224a69ae0393f |
| SHA256 | 99bdb89d8c7bdf1986266a514240dda8520801032fa87c300bf3e393e7e3a6cf |
| SHA512 | 3fc98728b08474c882a70eeebb74f7da52ead4413bc71939805156d16bf54c6c0632bc6429da5db6c44a62cb09473f6e7ccfa95c00424dec7541ff2e479b767f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 124ed0204d66166ab8325b885ad0b77e |
| SHA1 | 8ad1d594fb638f43341ad63f3d6ae3c82a39193d |
| SHA256 | 4d615839a56b9e393fb741642f00d552138e159e4169726e7dedfc493ef7ef68 |
| SHA512 | 182e7c6b04af526eeb09ffb4406c0b3a430f320f2b2e2776ba292c0a79c0c9e25669bbc4b1cd38384026efcc8647d95212daa7d48627b2e2d537ead63ba1f5fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | afbb696e13b979f98e0ab7db39125a1d |
| SHA1 | 62c661bbb674f067965338a1843288e0ee915049 |
| SHA256 | 3451e97f0bbc4391b75709d8de27b5faeaec0b5e78e522fb6d7e2861a8a01ad2 |
| SHA512 | 9df4bcb662b176f04c85643bbcd5a93a2366357ce1e72ffe1b453fd8b3392d445318fdd7d54d4e336ed144bc72d39712886917815296ea98b34828a05aba2a65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091
| MD5 | 745f9be818c29d89689c2346017f4734 |
| SHA1 | 807a0aca4526846924ae0bcbcfe1a3bb6d091efa |
| SHA256 | 081d2ba1c0cf42df4678992042583ddf82089ba9a951c138880e68b4a30e4789 |
| SHA512 | 5c5e396a9ea506e02c8c140dc02202577390b7eae9e470b8ebde32d7699c108bad54f74fa122495d5fcb2f355a4aa5969a388a8b7c47cbf80a79249cadd5459e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ba710bdf280162f4028b9978833fb2c4 |
| SHA1 | 1a619417e7795a3dc3c33675580de8e8b4ae62e1 |
| SHA256 | 4e44cc967d2de8feb48aae2e00431bc426ca4f1fc7359884a7641dc84d11327c |
| SHA512 | 237280ddb70891266c9056f1c3cef4f7312934dc6da076e745e6e3d0a439d0e8371e690c554e07e6c2855008f8f83a58a813d8fb89ae4060d1312a017d0eda50 |
C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\Downloads\baldi-1.4.3-windows-64bit.zip
| MD5 | 10f17c18e109b9863b77f10d7705ad7f |
| SHA1 | 212c9282bf713f87395dc50c22f42947983bf673 |
| SHA256 | 05749589c32365bc50969aa717430c65ff3a25fbb7b3bb019b1fc4d221147d1b |
| SHA512 | 5f01c9f6f43a9e3f67d33de639123170ea663861fe96f393f39fec5f579e4b07279d5d54e18c108f4e9e2fc945560a217160ccd27eae0fd20e562f57fe865b5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 877d42b0b935d25530ff945fad125c06 |
| SHA1 | a8f1f8cad0f96ab204749bea49b7e7f5c6975abe |
| SHA256 | 476c9853205466217d931cc61f976684aaa186db6ece695647f1d88c663988e3 |
| SHA512 | 874689470ca430f11dbd42581ba9a266cd5ff563326dd888040925522a7da138581059f06314394679eabe0841f5875fb17700342bb820381c88148ee846c7ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 51ae2427e2068ab83349ae6dade0e58b |
| SHA1 | 21a35fccfd5dfb7f428992a38954571c62303442 |
| SHA256 | 0dc830d695ede7edbe31163c709931680d159239fe1ed6ef4c7016a3b91020ae |
| SHA512 | 82e340b2fb931d4f9d93b4447fc39933408faf2335be4bbcae0d73e1204ccdc942ab4b1ec48ccdb36cc398feda8d4fb4a7bd306ccfe98a399ea6d2a39faac96f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cde8a45f9d728203896489411f9bdaf4 |
| SHA1 | fec071a4880a3266b4e1c0932853b8fc722ebc66 |
| SHA256 | 6bf94a38de4182f0264a9271527a94cf928d9b4b235d4eaddd74390aa3697449 |
| SHA512 | 7a44aed585689c9a4f8ac3fef5caa27280216b1f5b7ca1652462d2b6f37a3e794fd628f31cff6fbabf6bd9234ad953353c3c19c0f151cb7189f0db3d891bb90c |