Malware Analysis Report

2025-03-14 21:43

Sample ID 250113-ms8a9aypes
Target https://www.tiktok.com/tag/polarissportsman570?lang=en
Tags
google steam discovery persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.tiktok.com/tag/polarissportsman570?lang=en was found to be: Known bad.

Malicious Activity Summary

google steam discovery persistence phishing spyware stealer

Detected google phishing page

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Reads local data of messenger clients

Adds Run key to start application

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Detected potential entity reuse from brand STEAM.

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Program crash

Browser Information Discovery

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks processor information in registry

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry key

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-13 10:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-13 10:44

Reported

2025-01-13 10:59

Platform

win10v2004-20241007-en

Max time kernel

847s

Max time network

846s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.tiktok.com/tag/polarissportsman570?lang=en

Signatures

Detected google phishing page

phishing google

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\DiscordSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Reads local data of messenger clients

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r1_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\shaders\D3D9Overlay.cso_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_touch_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_050_menu_0307.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_0090.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_r_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0319.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_home.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\SteamLoginDialog.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\bins_codecs_win32.zip.vz.a7f87baba9068542650f4733de1eec6325d55791_5615796 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_touch_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\cloud_pending_sessions_dialog.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamclean_english.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_lfn_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_mid_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rb_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_latam.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\settingsdialog.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_french-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0303.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0326.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\icon_gift.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_touch.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rt_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l5_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\css\chunk~1a96cdf59.css_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_045_move_0170.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_down_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_touch_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0301.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_r_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_y_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\ui_steam_smoother_friend_join.m4a_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0160.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0130.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\tabSquareTopLeft.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_thai.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_up_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\SettingsSubOverlay.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\listview_placeholder1.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_swipe_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_touch_tap_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_l2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p3_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l4_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\c19.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_greek.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_brazilian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_brazilian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_button_menu_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\friendpanel_compact.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Joke\Flasher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DiscordSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Joke\Avoid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Discord\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\Avoid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Joke\Launcher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DiscordSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DiscordSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Joke\Curfun.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Joke\CrazyNCS.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\DiscordSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Joke\Hydra.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Joke\Avoid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\URL Protocol C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\shell\open C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\shell\open\command C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{381344EC-8314-41D6-8699-61B0D41C087B} C:\Users\Admin\Desktop\Joke\ChilledWindows.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\ = "URL:Discord Protocol" C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\shell C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9177\\Discord.exe\",-1" C:\Windows\System32\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\DefaultIcon C:\Windows\System32\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9177\\Discord.exe\" --url -- \"%1\"" C:\Windows\System32\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A
N/A N/A C:\Windows\System32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 846284.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 573886.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 821432.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Users\Admin\Desktop\Joke\DesktopBoom.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2400 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 3520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2400 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.tiktok.com/tag/polarissportsman570?lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd64e246f8,0x7ffd64e24708,0x7ffd64e24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e8 0x3ec

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7756 /prefetch:8

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe" --squirrel-install 1.0.9177

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9177 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=32.2.7 --initial-client-data=0x51c,0x524,0x528,0x520,0x52c,0x7ff7b8696bb0,0x7ff7b8696bbc,0x7ff7b8696bc8

C:\Users\Admin\AppData\Local\Discord\Update.exe

C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1960,i,14054625871935246350,1077656310688624170,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2328,i,14054625871935246350,1077656310688624170,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:3

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe\",-1" /f

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\Discord.exe\" --url -- \"%1\"" /f

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7624 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=14412" "-buildid=1733265492" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1733265492 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffd50e3af00,0x7ffd50e3af0c,0x7ffd50e3af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,1176576469398316912,7933088477342531535,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2216,i,1176576469398316912,7933088477342531535,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2220 --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=2860,i,1176576469398316912,7933088477342531535,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2864 --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,1176576469398316912,7933088477342531535,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3144 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3796,i,1176576469398316912,7933088477342531535,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3780 --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3992,i,1176576469398316912,7933088477342531535,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3996 --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1733265492 --steamid=0 --field-trial-handle=4360,i,1176576469398316912,7933088477342531535,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3816 --mojo-platform-channel-handle=2056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4201971672996364809,7014533741657677821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\Avoid.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\Avoid.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7596 -ip 7596

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault36bf467dh767ch450dha3f4h856bde652adc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd64e246f8,0x7ffd64e24708,0x7ffd64e24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17649372101374741550,5273631234429040280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17649372101374741550,5273631234429040280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe

"C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 9672 -ip 9672

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 1556

C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe

"C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 9964 -ip 9964

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 1528

C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe

"C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 10072 -ip 10072

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 1540

C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe

"C:\Users\Admin\Desktop\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 10208 -ip 10208

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 1528

C:\Users\Admin\Desktop\Joke\Avoid.exe

"C:\Users\Admin\Desktop\Joke\Avoid.exe"

C:\Users\Admin\Desktop\Joke\Flasher.exe

"C:\Users\Admin\Desktop\Joke\Flasher.exe"

C:\Users\Admin\Desktop\Joke\Hydra.exe

"C:\Users\Admin\Desktop\Joke\Hydra.exe"

C:\Users\Admin\Desktop\Joke\Launcher.exe

"C:\Users\Admin\Desktop\Joke\Launcher.exe"

C:\Users\Admin\Desktop\Joke\Melting.exe

"C:\Users\Admin\Desktop\Joke\Melting.exe"

C:\Users\Admin\Desktop\Joke\Avoid.exe

"C:\Users\Admin\Desktop\Joke\Avoid.exe"

C:\Users\Admin\Desktop\Joke\ChilledWindows.exe

"C:\Users\Admin\Desktop\Joke\ChilledWindows.exe"

C:\Users\Admin\Desktop\Joke\CookieClickerHack.exe

"C:\Users\Admin\Desktop\Joke\CookieClickerHack.exe"

C:\Users\Admin\Desktop\Joke\CrazyNCS.exe

"C:\Users\Admin\Desktop\Joke\CrazyNCS.exe"

C:\Users\Admin\Desktop\Joke\Curfun.exe

"C:\Users\Admin\Desktop\Joke\Curfun.exe"

C:\Users\Admin\Desktop\Joke\DesktopBoom.exe

"C:\Users\Admin\Desktop\Joke\DesktopBoom.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.tiktok.com udp
FR 23.33.27.75:443 www.tiktok.com tcp
US 8.8.8.8:53 sf16-website-login.neutral.ttwstatic.com udp
FR 95.101.134.203:443 sf16-website-login.neutral.ttwstatic.com tcp
FR 95.101.134.203:443 sf16-website-login.neutral.ttwstatic.com tcp
FR 95.101.134.203:443 sf16-website-login.neutral.ttwstatic.com tcp
FR 95.101.134.203:443 sf16-website-login.neutral.ttwstatic.com tcp
FR 95.101.134.203:443 sf16-website-login.neutral.ttwstatic.com tcp
FR 95.101.134.203:443 sf16-website-login.neutral.ttwstatic.com tcp
FR 95.101.134.203:443 sf16-website-login.neutral.ttwstatic.com tcp
US 8.8.8.8:53 75.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 203.134.101.95.in-addr.arpa udp
US 8.8.8.8:53 mon16-normal-no1a.tiktokv.eu udp
FR 23.33.27.81:443 mon16-normal-no1a.tiktokv.eu tcp
US 8.8.8.8:53 mcs16-normal-no1a.tiktokw.eu udp
US 8.8.8.8:53 libraweb-ttp2.tiktokw.eu udp
FR 23.33.27.91:443 mcs16-normal-no1a.tiktokw.eu tcp
FR 23.33.27.66:443 libraweb-ttp2.tiktokw.eu tcp
FR 23.33.27.91:443 mcs16-normal-no1a.tiktokw.eu tcp
US 8.8.8.8:53 81.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 66.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 91.27.33.23.in-addr.arpa udp
FR 23.33.27.91:443 mcs16-normal-no1a.tiktokw.eu tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.16.251:443 storage.googleapis.com tcp
GB 172.217.16.251:443 storage.googleapis.com udp
US 8.8.8.8:53 mon-i18n.tiktokv.com udp
GB 71.18.4.241:443 mon-i18n.tiktokv.com tcp
US 8.8.8.8:53 lf16-tiktok-common.ibytedtos.com udp
FR 23.33.27.112:443 lf16-tiktok-common.ibytedtos.com tcp
FR 23.33.27.112:443 lf16-tiktok-common.ibytedtos.com tcp
FR 23.33.27.112:443 lf16-tiktok-common.ibytedtos.com tcp
FR 23.33.27.75:443 libraweb-ttp2.tiktokw.eu tcp
US 8.8.8.8:53 251.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 241.4.18.71.in-addr.arpa udp
US 8.8.8.8:53 sf16-sg.tiktokcdn.com udp
FR 95.101.134.96:443 sf16-sg.tiktokcdn.com tcp
US 8.8.8.8:53 webmssdk16-normal-no1a.tiktokw.eu udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 stun.l.google.com udp
FR 23.33.27.74:443 webmssdk16-normal-no1a.tiktokw.eu tcp
US 74.125.250.129:19302 stun.l.google.com udp
US 8.8.8.8:53 112.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 96.134.101.95.in-addr.arpa udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 74.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 mon.tiktokv.com udp
FR 95.100.203.200:443 mon.tiktokv.com tcp
US 74.125.250.129:19302 stun.l.google.com udp
FR 95.100.203.200:443 mon.tiktokv.com tcp
FR 23.33.27.81:443 mon16-normal-no1a.tiktokv.eu tcp
US 8.8.8.8:53 200.203.100.95.in-addr.arpa udp
FR 23.33.27.81:443 mon16-normal-no1a.tiktokv.eu tcp
US 8.8.8.8:53 p16-sign-va.tiktokcdn.com udp
US 8.8.8.8:53 v16-webapp-prime.tiktok.com udp
FR 23.33.27.80:443 v16-webapp-prime.tiktok.com tcp
US 8.8.8.8:53 p16-pu-sign-no.tiktokcdn-eu.com udp
US 8.8.8.8:53 p16-sign-useast2a.tiktokcdn.com udp
US 8.8.8.8:53 p77-sign-va.tiktokcdn.com udp
FR 23.33.27.96:443 p16-pu-sign-no.tiktokcdn-eu.com tcp
FR 23.33.27.96:443 p16-pu-sign-no.tiktokcdn-eu.com tcp
GB 84.17.50.53:443 p77-sign-va.tiktokcdn.com tcp
GB 84.17.50.53:443 p77-sign-va.tiktokcdn.com tcp
US 8.8.8.8:53 p16-sign-sg.tiktokcdn.com udp
US 8.8.8.8:53 80.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 96.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 53.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 webcast.tiktok.com udp
FR 95.100.200.144:443 webcast.tiktok.com tcp
US 8.8.8.8:53 p16-sign.tiktokcdn-us.com udp
US 23.38.167.232:443 p16-sign.tiktokcdn-us.com tcp
US 8.8.8.8:53 144.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 232.167.38.23.in-addr.arpa udp
US 8.8.8.8:53 s20.tiktokcdn.com udp
US 8.8.8.8:53 p16-va.tiktokcdn.com udp
US 8.8.8.8:53 v16.tiktokcdn.com udp
US 8.8.8.8:53 starling-ttp2.tiktokv.eu udp
US 8.8.8.8:53 mcs-ie2.tiktokw.eu udp
GB 71.18.4.241:443 mon-i18n.tiktokv.com tcp
FR 23.33.27.81:443 mcs-ie2.tiktokw.eu tcp
US 8.8.8.8:53 p77-sign-sg.tiktokcdn.com udp
GB 84.17.50.53:443 p77-sign-sg.tiktokcdn.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 p16-pu-sign-useast8.tiktokcdn-us.com udp
US 23.38.167.145:443 p16-pu-sign-useast8.tiktokcdn-us.com tcp
US 8.8.8.8:53 145.167.38.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
FR 23.33.27.80:443 v16-webapp-prime.tiktok.com tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
FR 95.100.200.115:443 www.bing.com tcp
FR 95.100.200.115:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
FR 95.100.200.113:443 r.bing.com tcp
FR 95.100.200.113:443 r.bing.com tcp
FR 95.100.200.107:443 r.bing.com tcp
FR 95.100.200.107:443 r.bing.com tcp
US 8.8.8.8:53 115.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 113.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 107.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.64:443 login.microsoftonline.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 poki.com udp
US 104.18.143.9:443 poki.com tcp
US 104.18.143.9:443 poki.com tcp
US 8.8.8.8:53 img.poki-cdn.com udp
US 8.8.8.8:53 a.poki-cdn.com udp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 8.8.8.8:53 9.143.18.104.in-addr.arpa udp
US 8.8.8.8:53 109.153.64.172.in-addr.arpa udp
US 172.64.153.109:443 a.poki-cdn.com tcp
US 8.8.8.8:53 t.poki.io udp
US 34.120.56.101:443 t.poki.io tcp
US 34.120.56.101:443 t.poki.io tcp
US 34.120.56.101:443 t.poki.io tcp
US 104.18.143.9:443 poki.com tcp
US 8.8.8.8:53 v.poki-cdn.com udp
US 8.8.8.8:53 101.56.120.34.in-addr.arpa udp
US 34.120.56.101:443 t.poki.io udp
US 8.8.8.8:53 api.poki.com udp
US 8.8.8.8:53 game-cdn.poki.com udp
US 8.8.8.8:53 games.poki.com udp
US 8.8.8.8:53 5dd30ab4-015f-11ea-ad56-9cb6d0d995f7.poki-gdn.com udp
US 104.18.42.70:443 5dd30ab4-015f-11ea-ad56-9cb6d0d995f7.poki-gdn.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
GB 216.58.201.106:443 imasdk.googleapis.com tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
GB 216.58.201.106:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 devs-api.poki.com udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 58c2f51ae0d84addf740cf0c29d7817d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.1:443 58c2f51ae0d84addf740cf0c29d7817d.safeframe.googlesyndication.com tcp
GB 172.217.16.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.201.97:443 ep2.adtrafficquality.google tcp
GB 216.58.201.97:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 70.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 p16-sign-useast2a.tiktokcdn.com udp
US 8.8.8.8:53 p16-sign-va.tiktokcdn.com udp
US 8.8.8.8:53 p77-sign-va-lite.tiktokcdn.com udp
FR 95.100.202.210:443 p16-sign-va.tiktokcdn.com tcp
FR 95.100.202.210:443 p16-sign-va.tiktokcdn.com tcp
FR 95.100.202.184:443 p16-sign-useast2a.tiktokcdn.com tcp
GB 84.17.50.39:443 p77-sign-va-lite.tiktokcdn.com tcp
US 8.8.8.8:53 p16-pu-sign-no.tiktokcdn-eu.com udp
FR 95.100.203.177:443 p16-pu-sign-no.tiktokcdn-eu.com tcp
US 8.8.8.8:53 39.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 184.202.100.95.in-addr.arpa udp
US 8.8.8.8:53 210.202.100.95.in-addr.arpa udp
US 8.8.8.8:53 177.203.100.95.in-addr.arpa udp
US 8.8.8.8:53 www.tiktok.com udp
US 8.8.8.8:53 p16-sign-sg.tiktokcdn.com udp
US 8.8.8.8:53 p19-sign.tiktokcdn-us.com udp
US 199.232.38.73:443 p19-sign.tiktokcdn-us.com tcp
US 8.8.8.8:53 73.38.232.199.in-addr.arpa udp
US 8.8.8.8:53 p16-sign.tiktokcdn-us.com udp
US 23.223.209.9:443 p16-sign.tiktokcdn-us.com tcp
US 8.8.8.8:53 9.209.223.23.in-addr.arpa udp
US 8.8.8.8:53 sf16-website-login.neutral.ttwstatic.com udp
FR 95.100.202.218:443 sf16-website-login.neutral.ttwstatic.com tcp
US 8.8.8.8:53 218.202.100.95.in-addr.arpa udp
US 8.8.8.8:53 mon16-normal-no1a.tiktokv.eu udp
FR 23.33.27.81:443 mon16-normal-no1a.tiktokv.eu tcp
US 8.8.8.8:53 v16-webapp.tiktok.com udp
FR 23.33.27.82:443 v16-webapp.tiktok.com tcp
US 8.8.8.8:53 82.27.33.23.in-addr.arpa udp
FR 23.33.27.81:443 mon16-normal-no1a.tiktokv.eu tcp
US 8.8.8.8:53 mcs-ie.tiktokw.eu udp
FR 23.33.27.88:443 mcs-ie.tiktokw.eu tcp
US 8.8.8.8:53 web-va.tiktok.com udp
FR 95.100.200.123:443 web-va.tiktok.com tcp
US 8.8.8.8:53 us.tiktok.com udp
US 8.8.8.8:53 web-i18n.tiktok.com udp
FR 23.33.27.112:443 us.tiktok.com tcp
FR 23.33.27.112:443 us.tiktok.com tcp
FR 95.100.200.123:443 web-i18n.tiktok.com tcp
FR 95.100.200.65:443 web-i18n.tiktok.com tcp
US 8.8.8.8:53 v16-webapp-prime.tiktok.com udp
FR 95.100.203.178:443 v16-webapp-prime.tiktok.com tcp
US 8.8.8.8:53 88.27.33.23.in-addr.arpa udp
US 8.8.8.8:53 123.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 65.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 178.203.100.95.in-addr.arpa udp
US 8.8.8.8:53 m.tiktok.com udp
FR 95.100.203.218:443 m.tiktok.com tcp
US 8.8.8.8:53 218.203.100.95.in-addr.arpa udp
US 8.8.8.8:53 webmssdk16-normal-no1a.tiktokw.eu udp
FR 23.33.27.74:443 webmssdk16-normal-no1a.tiktokw.eu tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
FR 95.100.200.98:443 th.bing.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 98.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.prod.website-files.com udp
US 8.8.8.8:53 cdn.localizeapi.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 172.67.41.53:443 cdn.localizeapi.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
NL 108.156.61.73:443 d3e54v103j8qbb.cloudfront.net tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 104.18.160.117:443 cdn.prod.website-files.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 117.160.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 73.61.156.108.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
GB 172.217.169.10:443 ajax.googleapis.com udp
US 8.8.8.8:53 stable.dl2.discordapp.net udp
US 34.126.226.51:443 stable.dl2.discordapp.net tcp
US 8.8.8.8:53 51.226.126.34.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
FR 95.100.200.99:443 r.bing.com tcp
US 8.8.8.8:53 99.200.100.95.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 store.steampowered.com udp
FR 2.22.57.122:443 store.steampowered.com tcp
FR 2.22.57.122:443 store.steampowered.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 122.57.22.2.in-addr.arpa udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
FR 2.22.57.122:443 store.steampowered.com tcp
FR 2.22.57.122:443 store.steampowered.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
US 8.8.8.8:53 26.58.22.2.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
FR 95.100.202.16:443 aefd.nelreports.net tcp
FR 95.100.202.16:443 aefd.nelreports.net tcp
US 8.8.8.8:53 16.202.100.95.in-addr.arpa udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 2.19.117.24:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 24.117.19.2.in-addr.arpa udp
N/A 127.0.0.1:63088 tcp
N/A 127.0.0.1:63072 tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.131.75:443 api.steampowered.com tcp
US 8.8.8.8:53 75.131.82.104.in-addr.arpa udp
US 8.8.8.8:53 cmp2-gru1.steamserver.net udp
BR 155.133.227.58:27019 cmp2-gru1.steamserver.net tcp
US 8.8.8.8:53 cmp1-gru1.steamserver.net udp
BR 155.133.227.42:27020 cmp1-gru1.steamserver.net tcp
BR 155.133.227.58:443 cmp2-gru1.steamserver.net tcp
US 8.8.8.8:53 ext2-eze1.steamserver.net udp
AR 155.133.255.164:27019 ext2-eze1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 8.8.8.8:53 58.227.133.155.in-addr.arpa udp
US 8.8.8.8:53 42.227.133.155.in-addr.arpa udp
US 8.8.8.8:53 164.255.133.155.in-addr.arpa udp
AR 155.133.255.164:27028 ext2-eze1.steamserver.net tcp
US 8.8.8.8:53 ext1-eze1.steamserver.net udp
AR 155.133.255.100:443 ext1-eze1.steamserver.net tcp
US 8.8.8.8:53 ext1-scl1.steamserver.net udp
CL 155.133.249.180:27021 ext1-scl1.steamserver.net tcp
CL 155.133.249.180:27038 ext1-scl1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 ext2-scl1.steamserver.net udp
CL 155.133.249.164:443 ext2-scl1.steamserver.net tcp
US 8.8.8.8:53 ext1-lim1.steamserver.net udp
PE 155.133.244.34:27024 ext1-lim1.steamserver.net tcp
US 8.8.8.8:53 180.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 100.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 cmp2-iad1.steamserver.net udp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 164.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 34.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 99.192.254.162.in-addr.arpa udp
US 8.8.8.8:53 133.6.196.205.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
FR 2.22.57.122:443 store.steampowered.com tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 104.18.42.105:443 tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 104.19.230.21:443 udp
US 104.18.42.105:443 tcp
US 104.19.230.21:443 tcp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 104.19.230.21:443 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.22.249.66:443 th.bing.com tcp
US 8.8.8.8:53 66.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 5.180.250.142.in-addr.arpa udp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
GB 216.58.204.67:443 tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 p2p-iad1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.131.75:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-sgp1.steamserver.net udp
SG 103.10.124.5:27020 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.5:27018 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.5:443 cmp2-sgp1.steamserver.net tcp
US 8.8.8.8:53 cmp2-hkg1.steamserver.net udp
HK 103.28.54.101:27022 cmp2-hkg1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp3-hkg1.steamserver.net udp
HK 103.28.54.102:27022 cmp3-hkg1.steamserver.net tcp
HK 103.28.54.102:443 cmp3-hkg1.steamserver.net tcp
US 8.8.8.8:53 cmp1-tyo3.steamserver.net udp
JP 45.121.184.100:27020 cmp1-tyo3.steamserver.net tcp
JP 45.121.184.100:27019 cmp1-tyo3.steamserver.net tcp
US 8.8.8.8:53 5.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 101.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
JP 45.121.184.100:443 cmp1-tyo3.steamserver.net tcp
US 8.8.8.8:53 cmp1-lax1.steamserver.net udp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp2-lax1.steamserver.net udp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ord1.steamserver.net udp
US 162.254.193.75:27018 cmp2-ord1.steamserver.net tcp
US 8.8.8.8:53 100.184.121.45.in-addr.arpa udp
US 8.8.8.8:53 102.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 p2p-ord1.discovery.steamserver.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 69.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 75.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 146.117.19.2.in-addr.arpa udp
GB 216.58.204.67:443 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.167:443 th.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 92.123.128.167:443 th.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
GB 92.123.128.167:443 th.bing.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
FR 95.100.202.75:443 aefd.nelreports.net udp
US 8.8.8.8:53 75.202.100.95.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

\??\pipe\LOCAL\crashpad_2400_JZECTYAPORYCCDHF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa36bd29ab44ecb239cf99826c10587d
SHA1 1e6cb777e567f82a189c65d03e8dcf3a421a3d88
SHA256 55d714d9f580530272075b5e30ccf26e5e97400f9dfedba124b08e60e32589b4
SHA512 c7b6269b8dbfc3935f36a85824aae96f98c3d116eea0dbc399a9a3217a706e49bece17653087647e59281d1230a0129ef703cee44e54767f0e9b0cbb8cf39a21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

MD5 7b414273622fa054a382408528b76504
SHA1 3bd4f9520e848424603517ccd2f18f0769b1c922
SHA256 7baf451bd186c876a7905eabc19ce0acd0eca653fff502e94d970b941564c381
SHA512 e9eee01af0c3db438a6a00f61c2f08132c0952de031066fb02a44a325ef54eeee0d204eda793506d489ea63015a344f6f457701199a7459a74db4f1cf68b8838

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe578964.TMP

MD5 397050ee14989bff52677a962ef8781a
SHA1 a3c7e94a670a88553bfd1935df13ed353af43d4f
SHA256 dfc9df5bac669b89120cc8740f1f5258e3bee7f2ed49267a8a3f38eba09c25a7
SHA512 c58dc2e4dac2bd46b6cb2b26ff05deee55418ac50cc5340e472de634c531c93863d800f645a99fd243fe2478e272f67590c161a41b46b91cfd1228a4dbcaaffc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 5e53ed25086aaa0d3337101b741466ae
SHA1 08b6244aa107201b2b4e6e76ce4c123dcacda182
SHA256 5ac2037030385ad8cf10e486b44475d778eef2e2a377751fbf3c938fd3991b1c
SHA512 7c90e1b48ee9a1dc112bc1921e2a42f4d329d734be246ed488aaead60ff14e2581580e6629bd2b24c109cb66279190df3ee494eb83d1b96f418886cd72f2747a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 fdf2600d905a0faa060d691e0212e1a7
SHA1 62550f0993a219e265ff9a0795a4d9f49b28748f
SHA256 52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972
SHA512 7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7e464fe27eed47bcdbd57ac19c3157b
SHA1 53fca433d88d110d2b21d3e2a5e2149471fcfbee
SHA256 2e132903d9fe3506f98e9634048f8e3d5cfc886ed8bf8e9b144ab2e16b9d0f98
SHA512 e07691306f4941b6b19693e80a4d9ecd2ea7fb95c13bd1d07082d530742208d8e94d3b5301a080d28d6a6088a98bafc7269ee648b86bf53074a96286594a1007

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 347391463ce1794b767747ed48ad0201
SHA1 4252b632203e8c047e1cb23593b2ddcdd752a357
SHA256 46c7d588b9f3a1d2614d6b12b5bfe1b30fc22353d7209160e4efced7261b0fd9
SHA512 3dc2782681c0b22829cf4f1aeca7b3bb7e3891b8003ea01a435e734cfb6e7735d7c8640b0661d3529a69db5eb5ee9c485b6b9e1599ef7cf8ce348c57414c6566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 10f2b2a5e5bed9a28f46d6bd4dc028d6
SHA1 1fb07c9362d20a56b9f6667ea669979df0573158
SHA256 8f9fcf6257e4c683e4bcbb82ca48355606a6dca6452fa1c98912b29c659aa993
SHA512 2bb81c267c79c0528e0d689cffe13418cb884a6b3a3b7e8c88844aa3954de0cc988bd8c0247c190600e8282a42bbd79c39d883abbf9320993ee9137af13d5a74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf66.TMP

MD5 8d52a9f743f7e80b8ca4da411ade972e
SHA1 9f72837f4c9df4f17241b52af943ffa5dbc17190
SHA256 6b6222600d79482b5e67f77dc28c5f05bcd9c5dfe6c23648fa3774802a376968
SHA512 28edf1e42a6f93dbde3f7f26c56ffd24f7b319a1aa2ca7c9d5eaff66246f8a5ef5b4b8a675b840d390075503c244423d4cfa6dfa111e17ec26341284a84476aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d764.TMP

MD5 23e61cece0689668bb6cd22ae1a4d7a3
SHA1 a0444852c336acc681cc79518217a9918d2bc3a2
SHA256 8e84ac5f5d7aaba377f03ca6d5e8b14001aba441e514609db7728a52a99a8a8f
SHA512 bfe31ae9d06e87ca70303b83e50242884f2ac380cdc2c801ecdf0bc0e1f1bfbdcc2aac2ff65d9ede1be546708bc218e78cc92a12ac50b8303207e73408e0c350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d5cbaecd54950bfecf4df91ae6663027
SHA1 5946890032d66f8d230f7e96fce316dc2ceb2a22
SHA256 cd6f78dcd08728f82cee6f745b7ca2b7df6e17ef4ad4ae7aa6b57ade2308ea25
SHA512 67781a056020de92e09f66b5640b9979c7e8aa13305e611f9be3bbb44efd594b356e3d1c0e1d9fb188373c1e597ee3d6aa5138973b7eb97efcee0ea70d75f783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\928b19b7-0cc8-4e6a-b503-70666e9bee77\index-dir\the-real-index~RFe57d7a3.TMP

MD5 36d937ec8aac26a31a3a57eeec7d076d
SHA1 257807ed940f1ad3cc5e530db659f1cdf607da28
SHA256 dccb727b24a5da4d9e711f08dd90a430f937499fbd5c217e48bdcb8259c0107e
SHA512 a2b827ee5b409eff8dddd39a16137f4a42fe617e564be06c4f73b653004806cf588edf71802980147ea6e95b62f28919121369a43f2b1bc46057dcb35a241ef2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\928b19b7-0cc8-4e6a-b503-70666e9bee77\index-dir\the-real-index

MD5 ae20928a6ef17a379665fefdd4fe6a0b
SHA1 a36ba8ef3c3096aabd4ad48e23b0e97c0f386a45
SHA256 e3a1446489fa50baa3712fb8697039a083293ea84940355f746bf10bfd70da95
SHA512 52ced6b1cf8ebb23fd45fda14573164be74f07c52c8405e7ff076608ed14567847c2c45ab1aea81e1333db4af9bda397f450f513777b867f98472ca571ab457b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\108e6188-65c1-4035-bb58-44c929bd6257\index-dir\the-real-index

MD5 c09a31df7066cf4a66e27993db205c97
SHA1 7d0ff7d940d84ebe070c79f842756852fdbeec25
SHA256 909bf265c11d4e150a07bf96a2f0a4ea2c114711cd841a0fd0a8ceb8c18c5c5e
SHA512 e88a310bc3c61f24f55b8a37816df14d78a121579a197800b9dfa74dfb3d17eb963bce8d1dec5e5767875f341965c81f86e4210e033bd1f8e08d788df6dfaf81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\108e6188-65c1-4035-bb58-44c929bd6257\index-dir\the-real-index~RFe57d958.TMP

MD5 cbf902a53998beafa2c553c55935d09d
SHA1 0c7e34afbb878fffdc7c14638deeeeb1217c3721
SHA256 93960cdb3db33cb5f80d9a0c0448adef3621e3cba56516afc6023baa0b4f05c3
SHA512 a6af5cfeba293640b5341d530e977c31b59f53a4cba086a455eb00a5a3f160b5ba4de9549e448e37c6767e9ed9e67b8e94dcd4f6b06d8739801e5b9238547bff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt.tmp

MD5 fd273e530241f25d07a6702b3cd94400
SHA1 b852796fc93906223e3abca2873dc90e7fc351bf
SHA256 942e14202083bb3b262c94daa66b820f855d87b4a3b1841dc22106d77ce5f61d
SHA512 e0c196df07434a67e035aa35ca83ac1af83d1bc4205b7298a51149adfd807b07df2641dda63086fd5bd3a312ac5826fa8cba0746e1c8f852e35791f8b5f0db8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0495b083dcfb2e406a59051386c4083c
SHA1 d13c3c61d004ab28bd54523f51c970bf1a849dbc
SHA256 e56533b356ba576342156006467ae1df691a96a6c5fd180e47b43ae5b9535385
SHA512 d5c5250dd1302aed7e9001ae3280dccf065df2dbe4d3f3685176c6bfada04597fe6bceda479d6503e388fd79f8dfb51ad28e5d24c18ddd5a9831cda5f472b434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d247d464d45067d5edef1e9ff5f1dac
SHA1 912e7cb73f6905054c59988ee8dfffd684ea8ea4
SHA256 5f619fc0d07c2c72f79e9c395978d70b6eacb9c597872717a1ceaea991f095d7
SHA512 4273936d0bdb2f436b0741c0f6d0dbf78f120183ac0ab5164400fef0c3f5e38090ef5ebc3bedebc355ff742b3d0893ea1b074b89f6708c4f95fe5f0881a8910e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 defee844a3ebe395d5c74da420cae0e2
SHA1 da0714b523fb2c411366e079c8fe468ed838bb58
SHA256 2ffb5cbf82dcec13b0c9d17f826c1a60721898b5e0f9801c9a7a021eb25b4d3a
SHA512 08a63a97430cc7a62ca9a0e0eab6c24d2fcb3f17fa949cbf3a6093e3e91471b9172f2d1844f5b8995f148ea9131dd61f88ecc1aeb36b259a5812d175467d656a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

MD5 16315bcf3070d8ac56f4261da98c9447
SHA1 f03e102b8c0c9db837cb487d579589e9ead13b84
SHA256 b789d10251d072554ed3fa88a37193360d45bdab084b1e3db8fb615c2837cdf6
SHA512 8d20666a163cbfe52981ebd144c8820f4bee5e35ce52b6503d5c39192f47b4dd635469d02ce8fe993289e14f9e918266d9eb34e9cabd9f6ac8ea82b7371e99ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c6da42fac12c29dc9be56f5270817542
SHA1 047425be90e70d22968d6af89c85090285ba7366
SHA256 b04fc89c4793a234800a951fc9940fa988dfec2dd643c66925aed4ffb7db5327
SHA512 2675f59bd1b12fd603bf92e7f078276f08d7c1b361f70a6afbe7a08fb6518bdedd153a81cf61456b254f5e1ce4c50a0d30c78ce11d0badfc19a37331a68c9b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 193bcb83f3893de3f532c4a1bab3a94c
SHA1 8ceadbf38e23ca2a7c886c36641846079e67ef2f
SHA256 3f236d83d361371935ed464541dce6c0400c5f1b8e6ae08773baab5c3125c1b0
SHA512 01ac734dd0d17705ade62ec563ffeb3baefcfb84305d4176c914b88cca9a0834c0eda25cabdc960bd8f83ad098263ca9affeee4cb7b0eaaf9a386e00203a4156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 63e627b79c929cb1a9c300db7ddeff3a
SHA1 0e725ef9fcf05875295c40fefe8e27fbaebe37b4
SHA256 79fec3f12ae1d5c0ace7a1792236959c4f64294abb851ada1e1bbbf679f466e6
SHA512 604042197a3b4a3df790b518503a5c4044b4f9774eae8a7089d727bfe74e3ed0adcce899a894a64a8dcc4674a58dec50e27193062c736f976ec7c8b71399cfa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

MD5 afe28b973a6704674eb1096f80da6a32
SHA1 ac4c2f108fd1ab4277f34f958c8d0a5da2210657
SHA256 c76aaccd80a5d15f106ef4d7e5346249381ae7d0354a254d2124945d4a25d427
SHA512 cc35a22096c044214e5b5ea08f85974e713856b60ea9e4a52d98bea9a6ff9a87eac4f44b83e7cdcc4d0429c295bf519f4e037df7853b7c0224185d8b29aa8a80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7058d7f830729e3ee7d3ffc971d5b711
SHA1 7ca7127306f45f5e96450126ec9f0de1db08b3d1
SHA256 f71080ffc587539f93a8d9d29b3af81e992b3012933475dc2cf83859056781a3
SHA512 20126e69f63292ada1c694e411b1db5367342c2f0783c9d3d00a72e033af8b54af0ddd7290b37fe3006f2085c9a75928503d606eb0829137c9b89250937a990a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5635a7bf09514635570c933ee95340e4
SHA1 b5fd21a6deaf9fed9cf6a664e6bf16a1e88ce5eb
SHA256 eceac4504cfa77958786846c12cf079ce5be6508fb29c65afd3f771d49deff20
SHA512 01f965c4bc349befb0195a31c647f8f17cfad2b6ae0c5d7098cd4a20c976f2075bac6e5dc2ac0a023c7904eb7c575219da05c83ec75578eeba52cbfd25c4d4d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 78319701b1e612a3aeb637c1513615e1
SHA1 3736b97b1b47be5d2b46f0b65b9aada8e17876da
SHA256 acc0802628cb19747e1a3f6de5e0a372f98e15cb7a0f1dc00c586c628fd86a73
SHA512 cdc74a830c314234f9d59cf404a6fa785f549e087fae219c113a7718f62c271dfcad8c58e7241406d2e7bdcc68602e96b62fb7ae1010f931c10c6f83c22d84cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 68d1976bc54d64d66682ef4617544cdb
SHA1 ec55a1bc4b01d414d7e6d8ffd5132ccafc8dc854
SHA256 8cda109b9fb8fc8107688bcf64e7ed9cb4800e1208f7d56918905c557dc8ed80
SHA512 2553d0d065041a6348d17204a9d7740cd23835ad2ec2f80ffe7303831bb0c93741625844562b3df690b2a24dc232f9347638427c139c430fc2104011eec8d5cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13c1c16499b00e7a75010dee7936419b
SHA1 4b23de7caf7fdcd872b3b974135a8f7a0b159622
SHA256 a0f8ef4fe92e189588a6e116a4722a32f1155e229d616140e0f681eb24b81583
SHA512 a81cafdd511890e6feceb951e6dbaa8a79c2916e87e966c51a8f3a1c76f859f0c7a22270869d6de587d9ffbcd53488f7466e6a5f8fd9e5c6775b8a08235a4c02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43774c883ff7321f62dbf34787ab6dae
SHA1 360a55b74d034507a9c9706e80d86dccaf0d112a
SHA256 874c2f6659de3f576e3177d1f97d54a77bd1a2f25ebd25b82653359d1fed90b2
SHA512 c199926f1ae945a1eff9f6208e6f79289da939d61a66aea79003765a477478f7e40536c0103e43fc27ce263d6e70ed64525ff8ef79f57958c99f6c31ce7931c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a021bf132a6b1c79f4cc2a64a377588
SHA1 3eb0467debf9618ac31bdbde5bf33d39071a0827
SHA256 3cb3b77bad45aa7d17d2f3ad7d11cb412f796336eb5bd84164de0aa861119b95
SHA512 f7a0088b0f4613f38d70d9dc3b4cdb4929595ba6d84314f012fa6b6547c7fd17e430ab8c91177dfdaf6b5b1c1a92b8f86d82f1d672d8f5a73496ce19a236f8b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab2699182b0f1d29a415ff4794f4c6ab
SHA1 534ef2d4b0f0b3dcd4127edf71dc46e40c80a82b
SHA256 e7cdc9f496ce8559b5bc4b7120b5e678390fe69ce70101426c8a3892639272cb
SHA512 89e354a2a6f9e83c14520027ef1ceb76712777929650039492f87efb7f5bf5185a9f0a2a9074719fda75b0e27b286201a8bd4b162ec7279a7abc88a1c9a9bd84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c177735c2adc44ba474ae2d237d4656
SHA1 f5b8442a79ea7ac5586f093d9cf7f21c997a7709
SHA256 ffd2c96e5b67bb328edd848ab88f70d461f39c44c5e2795c9f1b4073afa81fca
SHA512 29e1c97e3603013a1ae1afee5f93588a23cabe7d93406e0564bf33c8b51c3da83649ace7c9999b53f5168d053ffc4e40eced27057f7dbf81af8f7e622c530c0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\108e6188-65c1-4035-bb58-44c929bd6257\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7f56fb09e6c278368c52d77b6c7b40df
SHA1 e7cf16d5f6b5afaead821768f5252fab01e39d20
SHA256 4c0aef6497262e9f3ba31fb3511c1be438223a8022d09c42d0cb8fe19e5fc281
SHA512 d17807b9ba1761251c5c31303f39b2ee3024483f3872225388fc34f5eed9e6860f02570fcc50302fd1680391c6dc2e81763da630c11a311c75f7fa6023e4a783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 cfd886e1ca849a7f8e2600763f236d78
SHA1 c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5
SHA256 c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b
SHA512 254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6d3dc168941b96777c76712053e4a66
SHA1 17f76d57df5dc6a23814fd3b849d372fae7eb74f
SHA256 b3cf98957db15376924226d2a173a3473f72928e4a0fd9348146bf059c6728a7
SHA512 19988ff18a294b94ef525b7eb87155e9522badc8982bb23f39225b10f93105cd0fef765275c94ccd3b8d458e1ad75c6ff1bc895e07b9b4b5b6f0057639ae209f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e6ecaaecc55903b7aa868f31b7b91ba
SHA1 21ee823deec41722e43c3cac6ed83340ca529807
SHA256 152db6f17e0dad2292712194456a4e34fbb63f4273834cf910dc5d6b37125a84
SHA512 b307ccd74cd674825480d776f77a4b912dbee0c7bd3827fb16f56cd536368ac5c4919dc6daa6ea21e6c5a1102768afc6a02c407f4e942a1d38e61151cfbe8d01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\928b19b7-0cc8-4e6a-b503-70666e9bee77\index-dir\the-real-index

MD5 172c00cabaa20f627b94dec031c5e813
SHA1 9cdf36523c34e7ff91508f25da0bcbb6512fe8ea
SHA256 e592538b6cf361b2d1d9a0e7e421c4aa40ea40a1c7143f6b958001b226c2b638
SHA512 b19804edecdcc4529a749bb6af23c2a4c435c3dc3bfad3a8b4bf928600e447e81754857698cb0d8ab5cbc489281d0b67f77f1f5d6bb16409eb0194d3513be2b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 881cdd3e17655bcf483a022372b85904
SHA1 1042f66cff3f1f22603cf1b47094277a7118d02f
SHA256 9b9c0bb95a59d3856a931934908353b14d747f48d6ce99108626350239bd595a
SHA512 1e160d35b4f2e36d6874dd8eb201c44ec1ef93e7d3ffab0ab552b12016531118a2753fb2e604cc057711574e2a8f259460c95054a114f4b0941379979e11ddb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6679c959da38131a74f08ea30156bca4
SHA1 7efc71b71f2e5c7ecb56070a6c632b7dd8e1876e
SHA256 c7c017bd994934f009185f0c51025012ad60a41ec215f5cd009cdc8e8949342a
SHA512 094a7904419b42e1f2e9f4b822bdff0da428e96d2a067ecdd3b216745bea0a27abbad02ece5a1e899fe4ff7f629e9782a5577261060b52cfbcc106f7b2ba2ce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5132e3e003872be874958a21c6046ff5
SHA1 4410e97b723693be50005eade21465595d6c686e
SHA256 3a8fc3c7c2e21bdaf2c97310013aaf17afda5c428c554c061da5016783701a2e
SHA512 3fce4cd2c191f53a2cb7082dd45fc586079aec52e8a65193b83220e56abd7a14db5c62b5b1adf129c68fbf0cf65efaf5715fda1196ce77eac4dbf37438b8658e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8eecb51e80eb7f459335441b6e8caa3d
SHA1 cdcba2b378a6f0bf28a87e246fdffa0c43f96274
SHA256 dad8bf490944344b1f4c29b0359d71e59e974f891bdac8fac824a7c7c0fe8df3
SHA512 eed92cb4b22e61a38cc99a70b60eaddfe5defb941719d6c906dd229c5ad6febd7162b338c213f4794d32af22b3d85a0a2a1b3f03b766696281f7582df801a6dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c72de4ffe8f9b0712161c53a63fca3e1
SHA1 de3608d7fc87eecc9a9faa345fa5073c8afc9b6d
SHA256 7d544acd089e0932d0efba90f6d2fb0131c3bf75e80138b6e0f1650cc7cea9ba
SHA512 2fd4a93b3b67e8a7707f0b95a106a11c8663ccb3faa2ded0f9b84e484a82481cbb844704ed492203abbe68500ec5211f6f6ab8e0976571914214d007f7bb9275

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3f02c9c117b7a1c14c96e974d1b2fec0
SHA1 12c347b07163462aaeba38251af460dcfa8bbeb6
SHA256 0aa3c25f8524a0737aa2a720d39cc4957689ce845292d0dfdcfbebce4067bd2a
SHA512 f44af46ac1f7e78ccc2aa17173eeef0bff6b08addcdb98ab3b485048596961e683c669d8199f9a3de424d2ced23d593199eea12a76bda63468e4ff38cb8ede92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c91a1d08e11a2275760563050313d0a3
SHA1 717cbf5949f6119ec7944b8f8ff67e58a78a8410
SHA256 19f584fe62169b09ee2fbea501e14b6bae86e26fee7258c5851153a2ad0762af
SHA512 c41105f73686e645d974d2c4055c0cf73c06cbcbc5ff360a152a667b9c8cd42d1f384e91b492c9e45f1129863db1e812f1b11b4e7935f1d04628bebc3c7c139d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 250a26575d73a0a3e6067ae8f1ab55a1
SHA1 9fe726720980c4bdad56d7d2485d9bcccd02e009
SHA256 7dd77ccf223ee8229f49030b8079aaa2b4a5cf524a8dd29fbbdec6190e82f9b3
SHA512 5e536caa3f05617a9947f7dc08c45fbbc3e92af00690af9b1fbf6691fa8aed52516ed4905da16231481737941edbb1f31587a08a1f435448bfaeea3760d53d3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46d5c6cad1c7bb31af5ec85f03ee1891
SHA1 a5d6345155f6dd45897d53b6df8587e5dbcd38fa
SHA256 2b2d71746472aeaebe769c8b7ebb46487ff2359206df05bd54a9f8545aecdc0e
SHA512 ebd79e0ecc4c20312b6aa473cf0731d0db3a4f6e6b2f89537c6182baf0a086c2056387cdcd4eb895302013c787fa4042248b01ac99e4144209483d87bb31350e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3fab7a2817d004f580a006285acf3329
SHA1 9f51c2fd1c77dc88cdfdcf9dc8c6af3023777664
SHA256 a9c0e7746f2daf5ed288eb9201e3d6805c7b66f074a2e01f6a0b36f2dd81c245
SHA512 14bec240fae3224d92ec4bfa409ce1ee6efe2c1abeaf4eccf3e7107fd4d61804915a878d1a47ac8f4a432475c75735163268c0c691833e4779fb8f915d06d2e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 294dd9a5b378fd5162aea469188941a7
SHA1 49765f32d546ec7b12ffdd3aac1aeb795705d300
SHA256 1d4d78bdbc927f3e5e9bd2bf0679f3d0e3fc910eb54e27d0c0796eb359cb51ad
SHA512 4ad97902addca3c3603ba5ffa3d18312579b243fa95da320e3e5e711b77766db09a253fd0dad21631307eece20fec7b7d05c0970654e982e10a2b02616ca5926

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 23d90715380a6804c52713179d3da026
SHA1 715a1273d5ecd05b19673cc7fc5d8b8eb9fc7135
SHA256 3e167214df0bee0db102855a5186d62919331221d4288d3b0c2a7e8d675970ad
SHA512 da429e7432043bb05962a54195420fe88cc10c044771e48aaef7721d9fa10dca86b96d87c997caa8b76ccf03dd4976af3ca082d8709c0363e82311509a22fd46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8028545b712f2d4ddd885ef7cc66df2d
SHA1 d394c87b16f5338e666886649af6026d0ddb145b
SHA256 f3b196fc09758bc1a7992556f998ae200fd54a471d733a73ef0a05768501b7de
SHA512 ba96f5c2e8259eb7f64f79b8f24c63bcbded6d287abd28078273a7e916b9cec35932c0e4fe0bd50f01a5976d58860c61b78e8013ed79fa01d084ab314328e3b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 59bb8761e6faf5d6cbe08cb00c49a564
SHA1 c0124837b95ca5ea9ec8902145cc9a1e51a98b2b
SHA256 74a8e035d0c38185a83a0caeabc675f3a0327905f669a5a5f4dc1df5b646b981
SHA512 c6a4ca26d576d0dec0da8cb5f761b144aeb6d7f1a8de5fa2e34233fd4ec4488eeb97d501db9f3a278ab6098ddcbfeaaf2a2d1981bc8b9aa212430cc7dc846b79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\b6c28cea6ed9dfc1_0

MD5 f33a5d9490be6a5105185001b0a23684
SHA1 27565d35102ce668703d31a2a5c3227aa327f452
SHA256 4217ea11754ec17d6f36b63e6abad57456b98bca724e16969883767f3fc38598
SHA512 bab581e5677e0f346bc787c83586a3c64d8dc00555627530e08eb30f97e9b916fffe3dc8531d98bdccc754184ca0f9adabc35fda5c7bc0ce72a0e01d4d16ee6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

MD5 9494098604798e6a50babb722cd0820d
SHA1 be339ebb9861fe19cba497ec80a75d99ca9c926c
SHA256 3cff0eb4d5b63cb9dcac6782826e9863d1bcc59a4c67a568a289e42e073a6d25
SHA512 7cd9f555cce5f675789e5e5e2806bd116d821fd2af475b1d67760392ebae08574f8eed34a204f4406fe1c5c0007c2dd9bf8f5ccf454343e00be43ffe06a1e17a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

MD5 08ce7a09b61a1efea8446817c6c7fa81
SHA1 0ce5140124dff4fb918383442f9f035370e99981
SHA256 4224cb17905d3b73210a7f17b20914732774679100b4fca8fc4f505f7a997b5c
SHA512 0b5617942759930f738e7c9fa1307f878b88b53007b9b462344d558451a26fdf1ca1b183dae1715395dc64bba140df87077dd5e2215305491b3046f6662e7e81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0

MD5 f0fef2fdc8f4bc38397cedd5fb65fe50
SHA1 315ced0412d49aa2adda2e82d8b36b734a8bfb2d
SHA256 ed083e88d937c2435fb50c00e3ae0e8c72edfaa882ef575328362ffe0641a952
SHA512 3322ba8ce7bc1b9219b9f6e8ba131010898a8f8b4971f680f2934c38d0cf051d87379ed7ab04d895a0132e16b0d9c1a478bed08cbd06fdd1e00b16710e2d0d3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

MD5 749ee4f00f11036c3faee5a03a672edd
SHA1 7a47969fb41d50c67739687f86013d3c31730eb1
SHA256 e2b1bca3918592ba03f317dad5142791e128c25bd506fb2f65cca31788ff1c33
SHA512 e64944fec8fa2e5d75354714e7275c856c03f9510ad09918e0a1cb2224383301a3b0feb258508d5254ee114607f2bab422f130b9dff0571c9830d51fc6f0efca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 6c9c7aa4dad7bfc9c104f608a5125674
SHA1 1ac9825027c7f1df17bdb949347ca98d8b2ea6c2
SHA256 83d5812828583eee6cf712948ec8cfd8acad5df7e7639a503922c982f56c8e4e
SHA512 9a7498a33786354d15d41b75427e2ef30c6b3025f15597d59e4736965be0cb7ec15f5004441a26027652f356e8cfd163fdb2cfea0896fedf4509539268009e9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 ed5f15252b83791db3593694da12629e
SHA1 b5255adc621b36ccb5bf73ba4344d90e4a49bc97
SHA256 850aae720445692c7d95478c7950200d67bc6f654b1e83b1283393f4ccfdcf16
SHA512 cf45a9582a13dcd45353eb086993f4cab77da6a0a95f6fdfbc306d14615131e36e33ff3f03c80a4ea9e719a59d06db2a8a620f351130c056abe26dd661030f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 59d988d3f18687e1da2d2214c214afb8
SHA1 f20d36f6d5a2d9c835fb4527b2600391504f1f42
SHA256 e19b4db92f0152bfb06292c3480ea8d2e95ae7c03456561d4382695098fc5384
SHA512 c9e243a0aa13aaa20e3830a4a20f56d25ac452aff88b35e1191aaf1cd7f7719ed6e7cc3026f1df8129d5d4a9adfdb3d68eb4ab45c616dd7d5686ed39e9eec165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4338d554cac730ad8ba2bf5597979f3
SHA1 e89c204f97962a3133b4594317ba5961d843a97c
SHA256 e1e6a4af9f43b8301d83abef65b98f27c459a4f523fa56bc599f7af572810429
SHA512 92ba4738a1d2bb2e7e547f85ddeee90299fe743b3ef4c75153679dcb3530dd4cd2c878dcd868b964224bce6dd64b977ca2952315b579e09ec5a8b448924cf657

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22fe44e90df9e24b4259fbbea529b22b
SHA1 6dcd0288bfff05eaa90e267f3c18bf885ae1fb65
SHA256 ec6fd3339e9296c10962c58aa146f32573cc103e43068a7c85efd25f78accc77
SHA512 e1b09ff8ba27202ec0e14246732bc82d3eea9da49c9c16df0ff656d88d8021660fe44a816fac294187feb9de73826d408853f7f1540c01b68245adafc92ca01c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b9ae25f2818a9a2460665d74cf7a8f89
SHA1 de0fcaa39fffaa83ef0ad93e952d8cb7c6a1f731
SHA256 7c177ff49138ac3a02866710b171fd89219bf8d2d23118093441a3d75f6d6a24
SHA512 f65855d04f1afcabde4519345a2a99db4709c77bf9fd5a29de96290b40eafc7cf7b7472c824ed8366a25b893e907ea14824c713a98af1b137f9b2a63f718dc0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f037ee0e4f9c8938be34404121a697f
SHA1 54141f2b00b4bab2e7213dcb741e69fe81573f3d
SHA256 dff2295fc143dc535392f40a4daf70ea832d90f2e92d997aaeb6ca13b40a502b
SHA512 c20ab1e7e6b1d8876490b08dc896194c0a1d6ee17279af85450bb5e67b179c344e54dadc067597fc433563c0d2b2255bffeb0e96412ad1c65a836b70f6933f97

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 748557a179cbdeb99cb20f1285d63740
SHA1 d62dc69d9f19a81f9b7c98ef0feee7b5459ee1c8
SHA256 7d3d911783e437aee63b839e8d759cf71c546b8700e9e4283ec35c99074f3caf
SHA512 3787ead5c8ef91e2f70fb3d0f6bbbe1f11fb3d1389a30825cda0958d19b82bc687793916d492b3ce42073b3e0441c2b234d59139426eeaeb96481b14caccd60c

memory/4620-2297-0x0000000000820000-0x0000000000996000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 bf25ff1602b5069c42687b04e344fc09
SHA1 db30ab60c785c1873e6ae8a3defa1a1c547e32f8
SHA256 eda43195cbcfccb0da5628639ba84bfe3529cf9b955366d827f477fe9c5f6edf
SHA512 69f58f88a0ae2e78e7c2f177817545e4d9fe399396f95575ea25a0d9c459fe1c70dc97b3d34cc7b2c3dceb837bea2b6d399d433118feeb17d031a18ea323dd35

C:\Users\Admin\AppData\Local\Temp\SquirrelSetup.log

MD5 b226fc53ef7c9647dc4afbce9c03dd61
SHA1 d07960ff351e5112c5ed83d6f496cf7f7f64b308
SHA256 9d21a1ecc5c75108e77e1da43a323fd496bd88a1a3926f140a8d039216754db7
SHA512 56caf080c7286bbd0f964caaeb64838edccedca7a1a80ef3a11c053f4408046beac12f7e1f2077fd93a90d027a18e9051a6557d30c0a2f23c2de20f0c154de7a

C:\Users\Admin\AppData\Local\Temp\SquirrelSetup.log

MD5 4f1f1cce9563d9661ce6e34f55ab5400
SHA1 bea39aa68d9ed6e66689b63b70270a8e2f8a9602
SHA256 f8941ee1123d05ac870766dedfebc7a8275d95044db8879fb5dfa18aaf8d95e1
SHA512 c815c4be4076605b9a72c90d9d0f5b7baa9fd069e9ad6fd45c57806575f6b475fe5c2867e614edb39da18d1782351fad62383eabb42331f855a62c544e2a90fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\928b19b7-0cc8-4e6a-b503-70666e9bee77\index-dir\the-real-index

MD5 814ed6c02bf891ba84de74ffa931e966
SHA1 30b67b8d064e91978071a14634ba14fa16884b32
SHA256 e9c86af737cf563af473c9cf634812ab789084bc7dda6983346edfa14ccadc2a
SHA512 77a620228eadffd40097983676fb537edfe20141620fd7800873e3933b5a681dfa480a224a3eaf157ad01c6e30a660e98aea2ae3c3f1413147dc01ce47ae9b47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\928b19b7-0cc8-4e6a-b503-70666e9bee77\index-dir\the-real-index~RFe5b8b25.TMP

MD5 aff5b470ff621df58a4e62f392c44148
SHA1 efde82d283996bbef8a74600b15e721abb08f921
SHA256 ab99a5db0ed7a47fe5b410503ef5b1a03aab67c26ff505c851eae672b67f2ec3
SHA512 1d1a3d1b49ee178d3425c5598f35e91fb7b805512762ddf6c9143c1db2603036a3b78c7c1a9299827341e0b9b13478bec2977802c6b5650cc46a16049ff034bb

C:\Users\Admin\AppData\Local\SquirrelTemp\SquirrelSetup.log

MD5 71f0276a164c46750754c368e3332169
SHA1 01522f21d34dc645908ea6913875e4ddae31ad07
SHA256 66e12637d75f0adf967b1e9629fe234f3fb1252d3f363269edd6f01182f4f359
SHA512 0e9629a7eb24e14e1bb6a6729a5c296f90a01b920c56642967515fa20bd020ef0bfa683110c5aac8ee21d79c5bc6dffb90ab8c8eac696a3ba841f57548aba904

memory/2960-2355-0x00000000069F0000-0x00000000069F8000-memory.dmp

memory/4952-2356-0x0000000007A90000-0x0000000007AC8000-memory.dmp

memory/4952-2357-0x0000000007A70000-0x0000000007A7E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

MD5 e3152798ee190e4fc7411c64955c7eed
SHA1 5e6ceb9361df35a5a0fac32b604d3fdd9f65c650
SHA256 bd13a78aa4b2084742da4adf1f239308081ec9f6e47c8ffb070c4a2c0d39a569
SHA512 bdee879b69e620c7927caee863cb7f93fdfad14236b667aef59e1f1c01550fe6d09940ef36961014e8426b8accd91b8ab0c1ff72e492cc745525a652a8833758

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\ffmpeg.dll

MD5 2eecfeea275cade84c09e274b94ec28f
SHA1 4f911d72246261b704f326fccdbae5fabf7f9988
SHA256 d9eb546b72aa016eb6a5972dbfb5fd6c712f49254128e3ba578b40f19e7ccd56
SHA512 17584e96309788a719be323a6af7447baf5f57577c2049b44b0f09bf570580cc9b7d1d8f5288a3947ae312a26047eeee502df10dc988e1b5884b3e00bf640aa6

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\v8_context_snapshot.bin

MD5 c3048304913b58e1f8e0df23f15bc864
SHA1 241013fabc2e905dbcd8f02af4d008676db421b6
SHA256 8ac45d2ee2705bab53e3ff9564936455301ff722c3b0af0680fabb83d3c27bae
SHA512 a9a1e2b3af0fee8eafede606594b4f934ee4f0c34ed288b6366897cd42042a1ce3fa9d55029f9a87e6e692ae7f7d5e83d007bcb8e6bd685d84ef0df0fdffa9e1

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\icudtl.dat

MD5 ffd67c1e24cb35dc109a24024b1ba7ec
SHA1 99f545bc396878c7a53e98a79017d9531af7c1f5
SHA256 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512 e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\resources\app.asar

MD5 71b339d636428cf9319a270728bdfb0b
SHA1 d84de7827e24d0dfb67e77a80a68772059314f17
SHA256 56561c512212ca1215a7f97f1afd03c30068ecf1dab2b030a86d71c98ef06a5f
SHA512 cfb3868bdf798bf186b0fa3241b4f5572ccf14e7d19ee47d0b8fbb5f6490474c3f7fed2da50a97d341d6cd69fab03ca5fe26bf9312dc4aef37f016401c5c7ba9

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\resources\build_info.json

MD5 3cac8e203b550c80dfb9712ebc64da2b
SHA1 b4a2f0c199e7046d65b80baa219db40d015a72f6
SHA256 34f212f0098531a87acd919f00561e7954a9e71edf19dde1ff0f9d4c8d160c6e
SHA512 9c1cd6994cceca0f7aaa473e202f967b16a415a4b1f5d7902e7c0d2e99bcd2b64394d22ee6929f9b3497b2c8cadc2665ec907a9f7c97c362409d11fbce7c3384

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\app.ico

MD5 084f9bc0136f779f82bea88b5c38a358
SHA1 64f210b7888e5474c3aabcb602d895d58929b451
SHA256 dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA512 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\chrome_200_percent.pak

MD5 3969308aae1dc1c2105bbd25901bcd01
SHA1 a32f3c8341944da75e3eed5ef30602a98ec75b48
SHA256 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6
SHA512 f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

C:\Users\Admin\AppData\Local\Discord\app-1.0.9177\chrome_100_percent.pak

MD5 3c72d78266a90ed10dc0b0da7fdc6790
SHA1 6690eb15b179c8790e13956527ebbf3d274eef9b
SHA256 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7
SHA512 b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/3404-2582-0x00000000058A0000-0x00000000058C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05aed237bea51fec72be5bad79ca0afc
SHA1 8776b8d28ced1dc632b8200720689ca7be076b4d
SHA256 3e037793d00f4069e8d66a04a31003c4f4b7bbadd73ec99790338c10ce85bbbe
SHA512 776c4b6a5a01d124161b7c243da2f306aa8195a09c39054f73e702a4b43a7f73112512e0312e902d67f6027fc47b315404a20960988e4ea036ee35677651e63d

memory/4152-2657-0x00007FF7AE2A0000-0x00007FF7AF2A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 957b120155fd88c8269833c15d7ef513
SHA1 408b501da7c46bdfed6d786157042219b9f72936
SHA256 ade218cddbbf14fa3f7032a79b25d8c53bdc3989efe76b9b45b422bc2054827c
SHA512 3e794f392c8d65b1fa9d606e4ef5c73ea50c041710ec2b5dc3510a33a620672a918d1124078156071c7343184d5e9621e0915b1dbfd932d6490b4e11dbb3b344

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd745457e1faef4fa58565ec37f20982
SHA1 5a2d3c285f2f8808c2f63d7c8c133e01cb625252
SHA256 18bb601992dde04b8ecb6e1645b70b01c212dc8b98299f18474a18710908fbce
SHA512 26d34006bb54379d5b46c10558dcb92a8e480a330d75be1a9df35b12f720f358c1ddbf562906c65c8a8d146dcb6dcd818e995e6d2e7a1de8595279e8d6eac696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

MD5 5dea626a3a08cc0f2676427e427eb467
SHA1 ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256 b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 63101108575b9c4cd45e0d594a8b576d
SHA1 10d3576f3cabb4a2d26f11d3225b5a705c659cd2
SHA256 9497988cc9682bee458dfdfaefa762206cac19e3895fdeeb64b0d67fd8171061
SHA512 897269e8b656ddea09ed66f4cbd3b9879ceabc9d4738498395525083192f381367621208ecc4770eaa74ae3d246dd113fcd7301f6930425fc0c9d615f911aab2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2f9a2fc02c20de3_0

MD5 253096bfff921780fcaefc0a7995e551
SHA1 8491e3739d863efd9731cfeaf3dae3d528faa239
SHA256 d72b3b47ef0be4cd3b58a48c2d3c20afaa902ee7f463c61ef1bed471e169bb32
SHA512 b45c002d273478746cc8467c2635ad987c14eecbc5ebcb21dcae0b77568b1727c1965e1a18ec79b472d63aae891d980e5c45c79ec1c85cd7c6dd6af2a8281205

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

MD5 181d4b3672f082ba288a7a86eed5a0f9
SHA1 83ada756d8c8bb0c7ddea66e6adaa03dded994d4
SHA256 002722f507da7c8cc11ee01308e867173ebe8fd418887a55a1d1feaa603c6bcc
SHA512 a2851ceff80a9c7729f77168a4a00da59a05cad964fbf82ec8ae41230a9c605b827f543bc5898b0780efa5a2bc73f7dc51dc80586ed4312ad00b04b69b8b1fdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000160

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015f

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cbaadbd0f5f97ce194d58670b86a7c58
SHA1 307c2e9cbb016fb461cc3afc79baf454fda04fe3
SHA256 08ec93e3d5e0c7313f2a5305e271f216109efa5fd86053374c138abaa9c42a4f
SHA512 8c16e208a4cdf4f1c39be7c2bf82a735186a3af9b0ed392fa31c16df73f56b03e03e6a6952e870b3a871c2a8b907cc9ee6411a7b904e27acb6e5db220f3fee59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f06f27561d3e93b53ae0a3a5113db4f6
SHA1 775c775d8144c7e815966bdb0918c6ed0aa36744
SHA256 61f7d648b411a5afb4c6d78f868d3255907dd9c3a7abe53b0e82ce3535b405ed
SHA512 4268c3c50c5bd3742ca208b91365f5e6cdb7814c8166a801c5327799a5b9fb753207d78c4031d9f480d7a4bcc3ce136caca175a185906cacbf4f751be5b17653

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001ec

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Temp\nsuEC9C.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nsuEC9C.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsuEC9C.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Temp\nsuEC9C.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fca403dbfb8812061be4c8b357623005
SHA1 cd518006cb1f2c196fb85ced4d8c46f323564963
SHA256 9222a73621891acbcfdee14dc37c4db1578edc1ce0844849793db08db9d15108
SHA512 2ccd4e71e73428a9fd176bc48c6fe7c3af3896ba75577e9fddec1ca58f646585c979d33ce03888e5e25b0e4ded3c566de0878699b44651a50e68d5e8492f97cf

C:\Users\Admin\AppData\Local\Temp\nsuEC9C.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsuEC9C.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/920-15366-0x0000000000130000-0x00000000005E2000-memory.dmp

memory/15160-15409-0x00007FFD724A0000-0x00007FFD724A1000-memory.dmp

memory/15160-15408-0x00007FFD73510000-0x00007FFD73511000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf~RFe5dc585.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Program Files (x86)\Steam\config\config.vdf

MD5 9dfb2957a6d3972d5dca9b0c3af069f2
SHA1 6705ae5f3433e70dd5ea082de05028abda2d8236
SHA256 0467c4ceab72a0a9da68d17e5600b21920ad15eadf9e2109fe6299a12f4dcee7
SHA512 de6e4f5a705efa06ad649c9eebc195d62c27bd7c7eabd72ec1d21b5b892f43ac0f76cc869b639f402dee93000b0a064641071bd3a8d4c64ead380b99108eedf2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

MD5 b201e8da90ef456598b8b3bb0e31bf53
SHA1 8bb524c8e9b17920c83d9a06c0b305e41cfca560
SHA256 2c8b630d1edafb8cc8c8cd73fff10c8ab6d06232929a4d458ec34628920f1665
SHA512 50126ac5b7800f5a848ef49ebc8e71d78cb5ee9c1602486b30e697ce57af32c868e46795ac2c157cdfd7fe65c03133c7a752813d520a9106adc3e50620b473f3

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

MD5 46f57737d50e34053f1f7633d74d600a
SHA1 ebb8c24e34d2f6f7e25de8ff516cb46ee8dafa36
SHA256 b49341286ebd650e4486d60e7bed27076f7d583f825f7440faa15d16ba3714b2
SHA512 c72f440d2a1a3fd6be82cc8c2b10a15f045f0c3485d734ede9fcbe436ba1a9f291830830005d386458092a1a6df1431b58cc6ac95fe2ea745e74ba70b050f2cc

memory/14440-15624-0x000002C72F6B0000-0x000002C72F759000-memory.dmp

memory/14652-15625-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15627-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15636-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15635-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15634-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15633-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15632-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15631-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15630-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14652-15626-0x000002C626330000-0x000002C626331000-memory.dmp

memory/14412-15615-0x0000000067790000-0x0000000068AD1000-memory.dmp

memory/15160-15644-0x0000021CE4740000-0x0000021CE47ED000-memory.dmp

memory/15240-15645-0x000002B6DF900000-0x000002B6DF9AD000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c3f3cf3b114747b_0

MD5 b6bbfb572c5d5cf91a0d32fde37bd56b
SHA1 82b765715347c55c6ec61fa475e418ae6915fc11
SHA256 8cc0232464fd32adeedce8f275fa10c06764e15875ffedaedc7d5738cd84e875
SHA512 5d554ecb125b0ac3f235c0e3b3f669f14656d68c5d8d7b945450dd8c211a28ea7c2c9c42744e5e2d12b9eac10a50f00b2461abee52588bcf88225729b1faf883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8da2d64f7c04235a_0

MD5 336a252266813eb0c2b3ec4f693f7816
SHA1 895f19866bfaaa02cb180f0e5cccc8aa85b63ec1
SHA256 f60117ac64daa6640d4f1dfc9823fa066d4fdd54620250343a1b68fc5da5ef3f
SHA512 386ae6ad966c1dc88001c4c8b767c20c727a9a9d32a6bdbe463b22b377e237428dc005041df2578054c50ee85394a8c9cdee900f86caf71ecc60b3a1f780b585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bda03fc6154eedd6_0

MD5 daaba73749ae628dfcd0095731d65e95
SHA1 034a30c8ebce425b0e6886114b5c8b168e494156
SHA256 8a69964d8fd0c5bd30f210620cebd877ee5e45d352bc8e318a5a46d9c3351aad
SHA512 9cb2f5f1a0bb06d6a0d80b24344bebb38fc97013d35a7b236c384778164525ca054eb111870245bb79f6e7eefa2b922b66ee7a18a93eea865508f8f2696298ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

MD5 191d56586d7151342328b6d4fc730ab9
SHA1 db5f711b94f063610c294da35206c19847aaa2ed
SHA256 68afa602eadb76a6ac1c0e52986a6e9a6f526520e574b5b5bee4325ae59bccb1
SHA512 d38dbb6b048ff3a53e6b0c0fd8efac0d7613cae5aa11aa6f4f3685ba16b98c23e25cbd151ada6bbe68ae16d871d29ccb722aaaae27994c51a9d3353d43c6b907

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

MD5 e990dd9ee0657c4a15ea8718077fdb61
SHA1 d40916e12a3a397c4acadbda911d9c0b613201b2
SHA256 7f3fa64ef52f7609a7762509460950899a9f6da5339ed5ff30846f8212eaac71
SHA512 e4a27b13424c58868c3deaaa21d7cdd2156045298257f6da97fb93108ef3c9e6f688b45f6b701c5cb6cfe11e29b619bc5279181ce0f5c0cfc68d3b8fe156faa4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

MD5 8d2920351380d9d9e85623e3e547137e
SHA1 aaf6a82f526a54f175da7243a50efa6495f37e16
SHA256 01aecc9da4f40d5c34901e240323d9f712a3d9427f239e7f87302ce56f9e680e
SHA512 edf1288bf80babe76b3c4710b5e94bb3130d3edb4aff516c85df5ecfea3c7edcd7b2955b9e919647d18f7b4734bbae135541d730db192ce7838bd0cd8c1190e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 21fa0f01af0a21c44a8804d7499e5d5e
SHA1 500fce057e06f955a17f9b335149e2acb8eda219
SHA256 74b5f4a8c7b7974fd90d853f48ccecc1105595e809ce0f29043202485204102d
SHA512 8126ecba38b5a7d326b6e158ba666d07cc2b71971d2e2ca4bd15513a395117108e5a2297e4c967ea729fff2a366f9d2e896668c58a1eb28def68c2eebea4f4ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

MD5 c78c1b0872966128203b559f781e991d
SHA1 561a491534d2fbc06e7c69b62fa15d4d80114ac2
SHA256 8fd55bd94fb77dbd9c905210010218f7a8bdbc23969ea4930b76c7a6948706a0
SHA512 f983ac835dde5dcdfd28f6b703e4f8151529cd58def62cac1b63ba6b9d45c55c3f89e2575bfa61786c7c727a98725cae0b4e710afd16f133c0b25d54f6c7a6b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffb062f3faa1ea0c_0

MD5 900a3c45dd67ab6652edc56a1761a8dd
SHA1 5afd4a0249fe601ce0a2879236f2d1465fb1453f
SHA256 4b7ec99becffc03d454126a310217fcb53cf7661a71c6772a5cfa543de37dc7c
SHA512 2d501b9052651a56a73f0f172ed1b601e26cbcca87697fed8afef4edab376c1dbdf2ddedc74cbe7daa9cff877cdd0199ddf4aaa33b9b4b7b889de47d8ff3cc71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

MD5 65787990ebf14dc71162fccf4d52c0de
SHA1 5a5d8443e32c192fdfec018ec63d59517d078ca1
SHA256 6bad6eacd45b6a19c6f1dea2355bb4f14fe428262d71d635eefd8081450ddd8c
SHA512 98adbe18148dc15e9c113a7679079d327bf90df0eeb1522a02f2187658ac369891e23615bcb55e8d04dbecea89ae75485e859f5b07d296943c7aebdb71530787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

MD5 3c2a9a62613f0fcc515c8dac7134824f
SHA1 ba68e5313647f6f2af81678d5a7dee140cd77196
SHA256 f4c8de11d132f211c97db62878c0d7fb8b21fb7e107389a89d08af3bd7071153
SHA512 151ae1a888437f9590b7ebbaa7d0b2ee1a07deac491472f38c4f9a696b0b9ea46baff7c1876b32d325a553e7fde1382d1e7ebd6a9460bea83f8ef2cd9f9f841e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 ad71b83d5524ac6470d51745f7d0c194
SHA1 a7e52e9d72e39c6722cbb1d92f08ac3858fa0537
SHA256 21070f8e472881032116150bd4b3cb062541892b322d985687a06ded3dac2141
SHA512 7b062d168de43ebfb0968cd9dd7e4e52d54340f950339c22a742fe6a76c2ccc6b5cd5024ea4f1d865bc21fe11339c94837c07286f6d55967f169cec1b67826ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 a4ee63b58e759028a1bd289dd62cf6b8
SHA1 4e3397058efbc0ca181d3091b94b80182ff261d1
SHA256 27625e9c0f8b2209e3afbe7290a4d0e2010b27c4efb139127d61a2d2580b76d9
SHA512 b0107513816809a6dc47266b5c2e5e89b62cfca82188dd4d0bc202d853017184cdda590cd7607b9a70ae77eec182ab452a0fdc809084149dcf9e14ba5b111955

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

MD5 3036559056af3a73d2ea8b0f9f6314db
SHA1 6cc89b35374dfa84b9dcbace5827c2d0b673c90c
SHA256 429eab1c24da32a254a47f0cf7a09dcaa8da1f9cdf79602f5c40f271d167e200
SHA512 646722f22d66c3311ae535a2280764f3e1adc6f1c778565cf1e46b33b9c2ba13bf9500c26eebc56ef38775bd1f1b5e026502dda6da03469828d3fd19ce5925ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 3bfd20d4559ae261314ccd2a4a0ca44e
SHA1 bd275b7b2f50e7913ed37f8f7937f13a3cd2f105
SHA256 05c1889195a4fb100da0106695af61025faa29320ba73d730257285db53cd5f2
SHA512 c0ee8ff7086d737ef5ab4d6a3471faee1633dbc60ab75afcf8dc97f269c49f2d97fa06eaaad4dff97506c51774214a9b3913d167681a63197f0cfb387b4beb30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

MD5 b213ee041dd7ac9588150ed69fe23a2b
SHA1 6b414a9d81f626290d6697352a67b20346a51d8a
SHA256 3c72d27499fe4af8469b3f97fa548995c80ad65d780af3510152fb87b011c521
SHA512 0270f90d09aa5d43850288246aeb42ce22f660391037fcf4476d612f2bf5c4372ca67937ef087846582ec3c0f41c7a35b90837acad6dc42afb6c40b4784c6e68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 4eeb8c5ee6edcc3dd4f665c919451860
SHA1 0098a0d76bb3e6de94b581bffe31cc59c19704b7
SHA256 4456786746081a2a64ad51910b7b2ab95e56f39e67d4f553d37cfa5bc24df2ee
SHA512 3c9f550957ba1ec1e33868b553fe7f513487f9c9af1066532c830de7aacd39ca5742d33078bec3ef2e20b1b5171b6b1fbf8afd8881b1fcb6406f2378addc4ae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

MD5 b59b30a9e9915b537a297f20245cf63c
SHA1 08e4f82512df05b89269ae974a15c9e8a7c63efe
SHA256 b55d7f534a16ea474851ce3019c15fd3ff29b7a9cc70ec259b4dee8692dac137
SHA512 137407435d50d5da7d9fcc74696a46c2e6df7fe20db95298d02631b898fc91f1c9f2ab9853bb1075fab75a5095dde195500c4daa62c5ed3e60babea27b8b3a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

MD5 a05117279694a400f13f39211d3d08b4
SHA1 c067a32472af7fb90a5c8d5092db8354dbad4e0e
SHA256 b5f1155211ee1860895fd3c0c38d798fde20a294dc1ae60c355cafd25bbb3a24
SHA512 294b4c52500f82bed491ca139a582f1e72aa3578270f0cac2db699150f69c9524b298e114385166d24ed2ef40aa39d99ba498edc496918fd344f0b60130bb056

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 7332fc438b0c665e9ee70ebed5ec18a7
SHA1 14b530c52255cb40cf0148fa8564941338faf65d
SHA256 5100d5e1c5abc8a2c2912c5f4cc485cbc76f2b78d1f944e249a94293176076d4
SHA512 b1d2b631d9dd18ef927e9067a0d2717bdbaff84e63ad82cfa8a2488f918bbed84dbdc2925ae827fe464b4bd9a163e625123800de9becc7cb03d097c683ff14fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

MD5 1cc3d6cfe52888950c7efe70287e169c
SHA1 7a8db2d8cd39a29aae14d0bef1df798912053a2a
SHA256 e1f99ee85a1789def64fa082cecd0f28c2228494fd3420236ea83f73ecbf4e12
SHA512 88838255f440293ec8b010607b57c3e511c8f82667e85fc0824c92b9038fca5ae07013856c7fbabdad777a08204ecb479c363cd45c14d0b641de641e88a073e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a514561a7866b0a_0

MD5 9429c006be34fd80f94cc6ad21950cae
SHA1 ca971db8810721bc06de039fc3458a1682c9246c
SHA256 02c9c2a6260a39fdc49e644bc155bb830c3ffa687a0df95df8b49d5b933138ef
SHA512 28fd974cd0bed9625756bb5b0b06344f3b0bc727cca0ee09e00ea6221ebb501bbaba7f258310ba1045d24da791a9191f38ff28c4a6177c4e742622ac51e6d458

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

MD5 fb822185358b1b3a45d1bbaa0037d006
SHA1 18cd945dd322a25ea26aff9328353a892fca477f
SHA256 55a526d1f489970917baf5a36181ea5aa294aa66f465e02516f325378eb0aa94
SHA512 14cf2f1468e081eaab657571550cdf29806ae724c6f90c1c548d5c0c825feceaead574334721621bd288b2c8d17739a804a6833a0074b0030ec2445b8d416f93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a89f635cfc4e3ab3_0

MD5 01b5baff6e169e8ad9182debd0f4ebf7
SHA1 ef91b4f06b5001a16ae730c89ceb579d24f7caea
SHA256 dd80e340824e80e57becc8c6679f0a080893d96a9d131136aa439c1034aa3c6e
SHA512 5eb663fb3281925003c98d61f4ae86bf4dbb660d4cecd6def5db3852989a6f44962b71d94dc1002110043b476f875f32564af07e4b6540230be06b2c190f85e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

MD5 ff89fcd3350b0ca2a8967d6b7e92ba57
SHA1 f5f7f13fef0bf4746e75350c9a18c031d5300267
SHA256 ae8fd3b170c7f2241c6594d54a1430ef9ce30b110c6bc63ed8cb3b6cbf22eeda
SHA512 051ac0ca29c8f0aeb2575812d1ff5cfc48ebf0094f98896ee41e1404e9928a55932738aaa779ced0ba3ed5a7636c88102ceaa00c042beb1541440bdf178dd481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

MD5 bb4deb3f95665345ae96923df85c74d2
SHA1 7182fa59d7003e4050a2b2820f8bb44b84207501
SHA256 71018162717acfae3e39c54af225c6ce6b2d748b5709a3c135abc585f74204a4
SHA512 90ee233f09f6a71086612c74de22232687ccdc97ecba43f15208b157f006d3a9452034c1f9be7004d264244f5b68caba6750bc76e7dff5eb48f669fe626e1cb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

MD5 866b0e786bc53d062b55e1b4bf04d4bc
SHA1 6616e3c48a004268daf3d20f7281f6af9da7a48a
SHA256 17eec07ea2f60d8439221a615e37978b7b71a1e63641a78f37eadf1a3342aa9d
SHA512 a842eba512e2f1ef90e5153da07148c35477c5b64a71ea11053a425ef3f5d5892472774cec992bdff0919d5de03445dd865af72d49f60fcb7e55f192ea7e7264

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

MD5 75d4a38f11752e16241d8bbd8b16e41a
SHA1 804346f9b529be17ac8e3cbf1e711c6e09a2853c
SHA256 d83ee9f5f8625dd4f6fe0af78654ee6038240f404530ab51080f27012c7657fc
SHA512 90133d22a56a48e186987444c8a78d510ffea01b859dfb7240ea198e9727ce4d771b5426ecf8df4f65acdb60e708f96ba507981a8a333d2c920e8dec515e1f76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2076e2a98754e97_0

MD5 f07ce858ddf4d6c3a85325fdad63a021
SHA1 dbdd8ba92572d4f55ae5a95081623c63dbd3cf07
SHA256 4f2874138367d7de4b0c22ca02cfe4d027deb5786c8157f18529cd3b5d236578
SHA512 a9c53a16b300ff8ddd4422a05d5a5a11038158ab134116422118f532c1f3e5e2943ab088c6993b21c27576685720503363cb625e48289013baa5a91d85714b38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 6d9209d3024cdecff3e288ab98f6a4c7
SHA1 1e210dfcdc38a6eb76268b15f0c5206d7b3be8fa
SHA256 56c4423da0a91332c4a5115567635c216ae5d9ac09da21412264f7e9b6fcf867
SHA512 ae4278d8da52aeee3acbe70c7224957d4b76f43bc68579f20561697ff01b227b52e18718dfe68f334dd58cf9dbb6f30a371f2869d6045b2947f7dc18598ecad3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

MD5 45e3340ed7db1d17336729f0de659e2d
SHA1 b74a16bf8d94881331d1f814bd2c2d22c582c279
SHA256 02d6b3466f17a67fd63537e4db7d30f8e7946570312baa0737a7170863ad3a00
SHA512 1d5edaff2f4b8ee063359b0bb7b6bdabe274c2df1d0bc484229d673e5ebb4bb4d77664a4dffc0c1da7e8c9cb5ac0af83423ce0dff44c7dacc6f7b82935d6e68f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

MD5 dc3744a32afa759917c7e64dba66be1a
SHA1 0c38a98eb5d73ebd29ceb6fd0544a5bb76c91506
SHA256 a0fee58ceb483ecfd0f85d5be1eae7a57faa785d53d06d3d2558dde6672e41c8
SHA512 3ea27abb33c31f68b32c2b4ebcc1b1faeaf29c8ee1431ed4f6a4d6d84ad91785ec0364913888f9d4e5101f49e63e998fc74ef2a7cd407059e276b6fbc71fdbcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\55d1a302ab2e2689_0

MD5 3384bd9df5f66d9c314c93a1c09d72fb
SHA1 6c38de113a2ee7dd39dc2437a59373cba9b63584
SHA256 ad0b4d12d7d6ce8b0a9e7897524d703c42ff721c81c2c0fc3190b3ca071f2f2e
SHA512 ccc4455b178237ccff5d09a248092a35eb8b68ca71d42fcd109dab6bf8afa9e48c4bd1c1ff1be5ec3c446785ac614f9e1a8b6251af292f308968f54e1a577935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49f654861166b28d_0

MD5 d4182b7a3cb059d98c8b7108af4dfdb1
SHA1 7e82702c13b4a689c39eb891ae74bf0e981e419c
SHA256 215b4b385f840cf47eef92ea4f2cba1b465916e457a8de7c86158e23fc41c82d
SHA512 7aadf852fa29f1dcb2a263459fa2c9c33e40b75e9fe0738616cb5aca222592218f9b30300fec94c10ae9eaa758de73b1e7db583c567f2cfee0f3740d5adfd2e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

MD5 9c02def830a7ba8024eead83f742dca2
SHA1 8354172afdce34b11c5ce864dfa41d5c4a655f8b
SHA256 4737d1e95eb38b593fa5709ae3a85af7781e2fb2984700fef3eef19735ae4012
SHA512 7afc2a19ef7729035210d30fa6bedcaa36e4a5a4ad93f4a86a7f3174a1986bbacab822a996afdd32024421b1832a69b19c0ab4632f233a3a6f8677d591951831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

MD5 5702887d030bab9803b5d73513514659
SHA1 c3510b6e8194ead3670dcbe483f159be18bdfb38
SHA256 106a3c225e25ca81e5a48d639cb4b5e1c0bcb54d670b4299e8ab3dad08021895
SHA512 37782ddf28cc891938b2a8a7fda34545dc4232382befd48c72c13263ab757d7f792529fdfeea008033e7e0b9008777a46e3c5ea4236b58e9773314524f35620c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

MD5 2f0f6879b9225b6dfce0033f3c88ce5f
SHA1 2cd9fd063f0d8f071d41fc1115d657e711ed178f
SHA256 b9b7584a2f985a4380ad25e1b444b6ceff0130fbb6fd2eaec77ed0554a8f979e
SHA512 058008a2b750ee68be4338bd344fc13bb96e5997cc9ba294f81a664a1bc3a91d7e8a2e2ca40d3de3f874ff85e9df8da0d55939865e80cd1d1b9eb23b0d90c060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\15d2ba66b474cf52_0

MD5 5bcac8197b744e1ce01bf60b99a8b394
SHA1 df10fc83684584d1071712b21bef50e328f05275
SHA256 e1162d6fb49f4890a7fc33e333f407cda766392383bd1b108c83a4b5e821cf96
SHA512 ae0e84077d3ab4cc50ecc161fc8a3bbfa2ca135db0ec5e5d0bc43a0044b16437b5f53b13c2f252a53cf143387df340162bcbce57b6b8013ada70331e52d0f0b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f958d80ab38c515_0

MD5 e408a4221a910d68cd6e05522a85f7b8
SHA1 c49660ca6c668954aeb520f058af2d172151d74e
SHA256 238263a596007ecd210b55d8991cd20cbd0a9e066bcdecc3245d5a74c41aad61
SHA512 8b8eee686f0ecf9fe491066711238af46836d6f12e53005872183c5baf7794eb0c9bfe84a3e0b8ad9d1a8df3db05ab5ac56ba27b08c58753a607c7940f23a0ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b985d8383abda828_0

MD5 26d3454c04e698af85f94078b2bce7c3
SHA1 c269ba262262c7cf8d42c3b4f1506442f3619a31
SHA256 09708382112a39ae5e37ec1a1ecff091c870799a90aa205c6d0ae1542d2ef807
SHA512 f887bee0bad97e2469aa3068e5ce5a9b0ff80897839491afaca7b0fb47ca3adcff96f0f48c8e241efb8f94226de5237b62ef18fbe0faea65dc32383920905365

memory/16072-15762-0x00000246E87A0000-0x00000246E884D000-memory.dmp

memory/16452-15764-0x000001FF51510000-0x000001FF515BD000-memory.dmp

memory/14412-15763-0x0000000067790000-0x0000000068AD1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d82e70d3cf2d5a7114414e32024834ad
SHA1 852d06607fac60bdab1b7e4c55451226e220adcc
SHA256 c3220437e5bf6894ebd7d7f3fc1fe6d6fe33e40e8c5caef8afc73f7c49bae6b7
SHA512 b05276c4675077532c5d33d6e7c06fb2f9cbd582e063a5f9f7568e49431f19be2fc1183b1ff1ae7fd902f544d1380e89085212b2afb34fb37923f9d42232448a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ab445b1ed9cecb15c416bdf6d1851c3
SHA1 111280a4684116da5caab55f178281033ab920cc
SHA256 6766cf24be0a1f03caf5d615a5530e6893cc140d27d8febcff619e40cebd48e8
SHA512 81520700c0dfc00c52291b1a5c1f9163e873615ff8d36f3d7934b668902e6ed1fe75d5bd3449cfb9f6b2a63aa11ca939f401e75b1dc3a3ff186d3b9d052e8ab7

memory/14412-15814-0x0000000067790000-0x0000000068AD1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 82330547be6520d43db38e28b03b453e
SHA1 8fc261f091224decd64ae9c2e563c54c5961d3f7
SHA256 6b1e16034988d8169f94f42015ff4061d5a964fb3a6415e3de1a05e9d065717b
SHA512 5117473a3c46848be41a6faa7f6c3f64a06577bf26dfd84ef406965c88113db574bdbcb56592f13444acf2657dc78cfb5ba72f8d38a2121b4c857bd1736c8f93

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5e3268.TMP

MD5 87b7deb66a9802810e55577e9dd42bfe
SHA1 1e6ca47d1d4cfe150973136934f5a31467743699
SHA256 c5d71e1df9c6c1a835f3846c7baf75b2ef60324e79712b5dba22937fdf68f056
SHA512 f61f5f5bab0e1373452f8a81c454f04efc7f3512c2b94f3e2d7e18109489f647e526ba1424cf7dc7b1a3947604fbafd71ed6080268ea79ea5d515fcb2b8d7052

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38bd8ed1b404f622beeb90a56446568e
SHA1 ba5a64252c8a87fe14cd5ac3b5e83014a561c3df
SHA256 871a24bac6351fdbf1608decdd436e9549fd90f29ed918c5c5296ce9e0cd1b4d
SHA512 11b2471a799f375ab7e29e7fbf2a2cb957f5ca43f55626d84b754e9331ac1bfc18fe95f322192fb9c118fc9a64b24601cc798f9fd34595d8aee5e57c1a578e58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2dc0bc3eda3667ea8dbf15a3d07e824a
SHA1 3357f6005c31ac69dc7995fc2a8b59e150fcdc2c
SHA256 3f5b30c2d873c6bc03069e63d4daea8e6baf9b9cf727d06ee67a564bef7f9a9c
SHA512 85ecfce2b1957ca5ae83a4c56441f40cb4bc78439cf875585c97d9fd29307ba242b3a941ede33ec31a6d0feb2206761ddcf4280506a8ee46311e2e43156a234e

memory/14412-15861-0x0000000067790000-0x0000000068AD1000-memory.dmp

memory/14412-15874-0x0000000067790000-0x0000000068AD1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 500f993b03d298fd0921c39f460b38d8
SHA1 81ebd5afecc3445321c46bd48546fdb99dde2d02
SHA256 cfd0a83a0fb278a6b559213638c00d83e75e7832faf5e56d9e4dc3052110d814
SHA512 d36ab91864fd444f3d1e355a878759c821e0ab39f7c557008ac9b23d991493ed6a3240a620497b5c6a412b2a13de35928f73426dcac64931efcb40fc96dcca4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01bd058ef55ec8ad9049698468a9d3df
SHA1 eadd10e2e92431b9b0480e6923354d888ccc3374
SHA256 56fc6ed0e05b9e7c92e203155e53db00f1b761735d14d4485341dfe8fb9d9132
SHA512 6da9261d2d1372c5a611a1fc07bce71642a53eafe79694ffa07acda4d025c878ba032a9967f3a636bae4a14ab6df5af457e8aa33dfbf13b27bd359214ddcf1d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e14f976f0ecb81af4d8b3662e81a74be
SHA1 6eda85e292cee6d75d7a94de1099a2c64ba7aa1d
SHA256 0eaf910212f54cdf26ebad00e89c7c2e330ed8341e9f7a83e702584821ce9612
SHA512 0cfb4258340a59b1df9591d0f3c01eff0ea81244d4c10fe091801d8e9629899a78d7616ccd6319c43775f3722c9f2c22a390399fcc4d664b5074924643b0fe73

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5ed32c.TMP

MD5 23edd51568fcf539353ac1467a13c029
SHA1 53d7a006221084c541686d555bb02c94151ba572
SHA256 3036ad4ee8c42c3b9701dae837951e42a3fff312a4016b5f6c4d990b012d432c
SHA512 2d8a13210c5b111425caf5e110818a5fb11c1d7aab73684734a931c6f31c93c1a567cc4192d0fce0f7edcf7594ecc984a558b7c510f23432d781734f11408ccd

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 f456b25a05f327302ebde791675e8f39
SHA1 4a8cd723e85ef6f627521d3fa62f7354458e1977
SHA256 3b912063f3546187ae92d6dda3ebecfd5ca5e1303577fc01fbfa4e5ec59edb18
SHA512 f6323c9532562e93a235d37d933cf39309ce7c8ff29c98eadb1f91201c1994c6f65985d3cde833aa7df33997f147d662d28134287215189e98b327c8927c2fb3

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 8a49875106fce7155d03ec5f7dc9e4a1
SHA1 dc009c484f1489886aff2c87bf641bc918823325
SHA256 90f246ce686aebc7c5d9dfa183d32983ea1afaada0ead50448dd2ea755bce576
SHA512 d295ec48cc0d497bff56cd72ff5a523296f195b8245a9498899981b56f92dd00fc4881c4f8089b3f3b7f79162e793b12e0bac4db6a7ab8dd21d973591e8d1958

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5ee6c4.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6598315dfc7dee03a7b7ee69fae62206
SHA1 aa51f8c032f7d9686118ff55afbb8b94779dd7ae
SHA256 17cb0514be2b444811e7cedd4985846354f7eb2ca9414b337dcf9dbbab3e758b
SHA512 431adeb1ef249bd8630aba0e02e2110f2ea84117ee07c7d6e3dada3835b212fb726e12920ad8789994559f180c9245474cab6477a2b5d41cf88de126db20889a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 12715bbf2b39565e1e4c32187fca109d
SHA1 0e4d3187682906928a0f8a974fae4ae7839d80db
SHA256 74b818fa2ef9d48c7cf6228d69bce256a4bf95d7a6ca6084c34d128fa02e4e1e
SHA512 9d605f3577908f8d5365cbff0d80892afd1d0fc63ed9a38358378365ab8e9b6b95a99d47ff939c668dbc3927d0635ffa812b3eec8c0a177406a60f1b82e4a327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c68ced5db179d3a4083d413a6db9e375
SHA1 1af5b36722380310afe4d8442a3b6a0205be4599
SHA256 5cc99ddc79734108264a0d7bb48ca4b4e25e6c4d25d2be463aa849725aedb135
SHA512 c517e39e0e4eff544f420e59d3baf512e8a2f6cfea03e3395b1d45590dc34f3cda23682f4e6f5e911e367427326a743281cd6b6ad567901748d2ff4552571537

C:\Program Files\chrome_Unpacker_BeginUnzipping14440_1395053357\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Program Files\chrome_Unpacker_BeginUnzipping14440_1395053357\manifest.json

MD5 2ff237adbc218a4934a8b361bcd3428e
SHA1 efad279269d9372dcf9c65b8527792e2e9e6ca7d
SHA256 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827
SHA512 bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 021a0401c7d032e9af0c80aaa5bc1ac5
SHA1 4e4f7daa3a27b9fcae4e87e5c8c7efc1b6933b3d
SHA256 6a338519baba70e9da02da1959c7e6bc169e82d1e4c5d22102285ce7406230d9
SHA512 ae91a37b4eae3524453507f0bc2f63a92bc6db7c8132e28302d0bf3ce8768d50fb1cc273ddf8712630af30b2754a32c832128a83efe65641b5c7d88005363302

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 c79b82df4b122515ab3f47f4a369a86e
SHA1 6041aa9d5f066932aa20aa48e77c8252cb543890
SHA256 51fea5e81939309bb0d74e819bd58e7eb56a203dd9c875c08288358f37daa140
SHA512 a1c7f12e6b06791beedb98a73418b8ce72c9c4d821602f323d0afeab598e692ec6aab93ef8b4a5cf482fb5886f217098082edf7528344c7c8965ce31fde00d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84966a11e4384c580328c619f9f959bb
SHA1 12efd6214f96d10dec10078eac801db8dc4b1540
SHA256 297a16f85953cbcea4fe2bd914b7cc7cd86d20fc50c99b2007881cce2fa5f69a
SHA512 43d43debabe306bf67ef3edcda4e1a8218753d752bfa42a43c5c750e506f1ed5d4ee128b9cf1db7af3a01fa7e60a72f1400947bd97297ca6314896ce8b019c58

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 1a1516e6c9816513448cb5b3b926d616
SHA1 4531e52f766c9ebb78d6aa234d23a9544a69b68d
SHA256 ca37de0164481c50e98166b8eabe75bde0cf140f58f4374228b20fca620948bd
SHA512 b325bcd4c8b2502bf666a8aea38a404439685a8adce779bd4cba65630a46878cc64666444e58a53088bac1ad8e1dd5988a109bcdc3a91dcc14dc3217e5e2a006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

MD5 9783faffbd685965100d97d64f1ed615
SHA1 d481c11e6cc00a5c0b8f6405c82e62b0b9ff1bc5
SHA256 da710a4ad6036127e0da20c4119bb131eb3794e8cb07868e3506ace3c095a062
SHA512 d49d3c1c9198f67cf1f14719a56da200f2f0a446938af1934515d5861bd51364012eb54f90b971f94a1c0586daf4bc2c10f92909daf8a3e48ab552b0c47bede6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7f3b4428cb588614fbb9a13a374bfad7
SHA1 d23edcaf18ff14febae4e7427a905351cbfea97c
SHA256 3c5c5a99967b275ed273446b64127257b7f2554ce4c1317ffe023b8057c1412d
SHA512 057a8bbc9c7cba79c6e4ecf04fdf8c0e5e9e6f81e156cc14f5c00578e315003cffc1805f4029d4569114c55045b65f22d0e8ef9f5302afb3078e58c9963ca4e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24ce0af580700be3dd00f6ae90ab42aa
SHA1 219307f18fcd4c6163a2f273aef2a6b0669de436
SHA256 58e3f77fa3f316342ce14bc169e5bf9b8a255c4a9025c50c6c4ef2b2e98a56a2
SHA512 8dc2720a1de3da44fe759e52ba423634afa30b01a30f44ebf2728d4965ae7e9cbd5ed31a377575a4ab074a8f0f111e924db1366cba02ed3f03876a41173f220c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 36e6e73c13ccab2243b7c2c512456b62
SHA1 1c7ce5d3d2616ce6d142f916ed470608b6646cd9
SHA256 bc6b47d528b909d007b9eb8eac912073cfb1f59cb8284093cab72a9c770237fb
SHA512 8a30875fdd008dacaae29f44925788a1ec4a72b8e8a35e0f01ab4fc6b81f839d3ec85db4cebd3fd8324095c9ad689c38b350718d4d8073effdaaee4a7bf18440

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 bc150f15d02dcf6210e13846d465177e
SHA1 d43a4df7cc9f6c0de6e200a0b65e1239e58f11c9
SHA256 51cb4753a88b8c37885adbed71d765f24ba91eb07ee87d7ae52edf7be099363c
SHA512 20a67aa893ff99739788a4b74f85ee3ef8aa1b30831230d7d3c7165e9cdd001e88c067f429edf64e1ea6f1dedcf729844ef2f3b35106b4a113e8fdec8357d395

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

MD5 43eb0ffd3ee4023cbf2698eb32502169
SHA1 369b28e601b0b6e9827db06129b89d17bc88cc2c
SHA256 215f858c4a54c2b4994cca99b938ab61ad5e0ab082fe6cef872d511501ac3a34
SHA512 2ed361fcece5e87ce6f0072cfaee054de05c8c5a63424ede282a76eb17f4993dd6e58ed7cf0510fe50361c600c168caf718c48effc5f174291af340ca5a5cf2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fdd02fff03de4c25_0

MD5 432b2ef3894b68c279fd7735f32db4f8
SHA1 559b3ffe1bc8ef3d30b80da23b04da2502057675
SHA256 1ba6281cb188fef110ce2847d45145a941d5280586771007106ef62cbbab17d8
SHA512 c479f29fa1be116daf0212e7c177245a8261d2a6173224d179e0e41a1b8b94794fb60ad3c04b409ecd64a772a367f52657e62cc092129deb76b4f10a0b80c20b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a849c411baba02242afb1372154b941
SHA1 35377389f9d0b6193cf4a487298aeea82120e41b
SHA256 cb08fd3411e216d5da4c4fc8c57ef79ef9702a8f0008d4b6d2b9d3714745d5a2
SHA512 918d6659c9dea391d87bd10f2425b5fd9ef8ca6887466e58652803478fdfdb063d6e292ac2fc9b7b737608d9d0a27226b1084062368fe772e11bff87634793c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5282a482e1b243664862144fa35b6319
SHA1 0efce0b1d34ce88eb341749b4da5dd963a05d621
SHA256 6a842f312c3bf77c5a28f3bd57690bec31e2d6e4f82af780531aa09f3878b733
SHA512 66258a170921c5fbba203ada8720df1e15f6a9f5de0a7fccc7e7f70a601d449c0e3d0891915977e295f2128abb00f0aacae7ed5ef232af96440028a6371b07e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6188c33e73afb3c21b9fb3cd0e34a064
SHA1 d26282712dabc7d936537ced83b452a8ea62661a
SHA256 6b4645d5ce51255b063204a6df7fbe4fdaabe55fab07ba3d0538087e9c60458d
SHA512 7dd91d8189106ec1d366bfe0c29d33095a39f7ab0ba337b76059267b36858bfa61d71de72e60ab163e228477fe4aa819c7ea84c5d330fad7e6f826d687fc9333

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001fe

MD5 fe6e182c22ce8e0fca04e21242825a4b
SHA1 363fb33914dd0ff41a473aa2fc0f3d8e11670384
SHA256 6648d0b2d3cfade77810ab3e50524488fb4aa8e0dc843c66782c8742149d60ff
SHA512 7442d0b86bfa2386a8712e70a7af21adf0494800d55a518bf3bc1ad55a9f24a1c448c99e4ea5e5a9412105398b68255933a262a8ceab103b676645de039f65fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f4a2679e4de524aa02c91f7e4f61add
SHA1 ee2b451a055cde0d20b1ef57fdc40d7c3e75304f
SHA256 9ec98359ebda203ab2847c08a9b85fee4c06dc587b33f2766d254eb1a54dad69
SHA512 b6e990ca2198b1ac446d6fc35ce3f857078abb4a46003e8ea805f4e5e7db73c4d578bab8c2de5b8e007751cb3e8e793dcc8b1903efa70f4e8fc173ff79318d99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45a9487e33483af3291f54e4c63d6717
SHA1 482b953df8564098ad40d0aeef5b24d4855165f5
SHA256 196e83ff585cf257779bd27430d50381939f35374de9e3169571c5350c8cbbe7
SHA512 43b518b5dbdbb2723766476c13a893bd15501c218124e674965a4b70e16a537318210418cd64648a74634e8655ac0850b2421a479652350595ba98952dc270a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e57bab345e32de1d69212cf6926dc6bd
SHA1 2d0f5025365395d97d094dee9b30527bd63920d2
SHA256 5892914c1c69562ec1cda1343017e24520b1df8136b8bfdccf86a00ca3e0cd99
SHA512 7b1bb24315214aa33d2a7ee8008b78325d0e9df4ae4bd86909d5dab452ff56caf07e5c4a8bc5e549b67caa853029de939a0bf6112e1c7c349c6583224f953cab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4d487dd6595bd94ed0d76e1627eae21e
SHA1 3187ad0748c850ce0b12282d51a24c6c21cbd93f
SHA256 9ddab6cb7d650df18c92c0136c1abecc86aaeda0241a9ad7a96e3a0c8ccc1cba
SHA512 7070fd513af0d8e49d21edf183329f7b304f369443dcc4235dc14b7da3f09e184e54530eca43653c31ec5441aa58550c64f49bd10208c8a91cb8623b4e8ec855

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 76c90db3a6cb45582bb779090fe729bf
SHA1 a99a3b63b545fa17b96d42fb22eb1bc2f0ca2c06
SHA256 3fbeac377d58ee6bf613fafe8acb05a1833f3ae3df8aef3673d3c0f58258e0c4
SHA512 bfa2dbf50420b19673d4f57f6f4ca268a5c6e1b4ec038f41b9ca7f78ca1225a2bdf383c6af4fc5615a7fb7a9779eed05d26d9a739b2899053098ca39e4dcb572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10196aec697ab6c20077b0964306c9cd
SHA1 3a2e71196a67b6770d6e461ecd8b197664a4f561
SHA256 3aa7363f6384c9decb68d14ed26748591bb466af7939b52d91358bcb93b1f598
SHA512 723380712288e05c330d949dcd7cadf10568c7639f996c4ac7e140c0fafc215e09106f925d6def545c076246b87f057ef7c8d8fcc8c72f242de9ee389155bbde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11db0ae83a545558d5d5c66da221b105
SHA1 37a4ee6b90991ceb9395ca686f2a3d1ea77776e6
SHA256 410ad13984c6af3b97540e2c35624fdb7020b6dd6b212c78fa91e326fe0bce63
SHA512 c2cdac80fea8f8720d0fbffd125e91dbb8c84cc6b6c4db909a2eab2fec86dfe7261e9500b49ef21138211591cf096a0a74e6dba5655a39f798bff0c4fbe83b79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 893d6fff65cf81a604add2f61622fd7f
SHA1 f6e6926fed15b715ebe1ef35c770b1f98ab43dcb
SHA256 f8310fa796dfa087a3157069ccac2846fd6fa0023e4bf4d5bd5c5101f2f74d36
SHA512 3011bbc9dd7bc1a80c4ef7d88453f5741d257ef1016506cf7d9cc27c561bc6a4bb7892105a96c4d06c7ce09e6c8b74d24f54954565fea63f4878bf9aaf1a5743

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f95a920dd6f6393ebca2333174654619
SHA1 219596e5876def655ffe413b2f553ed21467307d
SHA256 504170686dd5823286f7256b6615dfc75380bc0b69c28d197a87326e3b88b39f
SHA512 f4541ebbcc5722e116aacf2794226546528c04b747191b8d3087b280260fe5c915676c584fc3208fb9371bb0f0a5984e56de955221fb02ad4ae8525a4ca2b691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eef4f4a353a521e4bc75950dc934e739
SHA1 37da8ebe1a6b759ba3f9b55981b2eaae4b7058d4
SHA256 e150c127bf801cdffa9d3b49ea2bc6d81c58742322a081fb6dc18abb2f42b2e6
SHA512 4592b6aab8376c99d0f0725178b9a0e3d154af27beea2eab6fa52fc50c7d94b8aa81693e5a76b7cba0814f87fd140182bd0f58040fcef172868d90213f989dfa

memory/7596-17213-0x0000000000590000-0x0000000000602000-memory.dmp

memory/7596-17214-0x0000000004EA0000-0x0000000004F3C000-memory.dmp

memory/7596-17215-0x0000000005560000-0x0000000005B04000-memory.dmp

memory/7596-17216-0x0000000005050000-0x00000000050E2000-memory.dmp

memory/7596-17217-0x0000000004F60000-0x0000000004F6A000-memory.dmp

memory/7596-17218-0x00000000050F0000-0x0000000005146000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b696a23384c573dfe30b0dfc0852e519
SHA1 7c6c349384b3a78016187810e2c17fc20365b1aa
SHA256 29335eca25125b10270a96e6bb49bf002eecc3bb5d186f343153d1a1acd3e556
SHA512 6953e499c1417cce78ded2ab7535bcc8436fa004f47e11a218b37eb1b02c27af2e53a6bd92bf85263baf747570583ef8708c6b5a7415e51f1e23ee0f82d58967

memory/9672-17295-0x00000000057C0000-0x00000000057CA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9daebb0ec699e9fd045a5bc558ec95fe
SHA1 4f0627378bc343b784d92a4e2d8586f7e3be21e1
SHA256 526d18f7efd4353ddccae6e03200145f708752328a681ffb6c29655c38498bda
SHA512 7b1e2c659a30e4efd5d8555f3960cead1a4025bd5b56ebce7c4b84d6c6f3762d2ceff91803a00181a3a4d55e373dbb230ed3422d312f024d61f03458851b4a85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e3e2e53077149be2450878980d265b1
SHA1 541353116d33d409d266426632a0403a4a950b0f
SHA256 9509f2e7bd3adce03f2137a5cfe07abe72a986bab528b294550581fce27bf523
SHA512 c07b499f80bb88a671462ee897149628d12b93db2c220e396022d979c49b1f41945b5a6eae5b5add1a3b15fa786167185073e4c9710dd9c7d68282b1212a4522

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd38a1b42b43129ebfdbfd310e52d74b
SHA1 42c866392adeba8c53c05f88c29d3cbe57ba98b3
SHA256 c8dfdc3fba2581a423b90133f35a29058fcc98e20841a8f8fad54df83804fca0
SHA512 67eca90440fa6e8262365c9c270fe1224f1a4697cba747c3d27d403c9a8d71143d40ba2ca379709af0f55fdbfceee1bf0530171b94a5b1b4e980a447534bcb1f

memory/10668-17344-0x00000000004A0000-0x00000000004B0000-memory.dmp

memory/10712-17345-0x0000000000920000-0x0000000000D84000-memory.dmp

memory/10748-17346-0x000000001B250000-0x000000001B2F6000-memory.dmp

memory/10748-17347-0x000000001B7D0000-0x000000001BC9E000-memory.dmp

memory/10748-17348-0x000000001BD40000-0x000000001BDDC000-memory.dmp

memory/10748-17349-0x0000000000AC0000-0x0000000000AC8000-memory.dmp

memory/10748-17350-0x000000001BF70000-0x000000001BFBC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/10712-17362-0x00000000212A0000-0x00000000212A8000-memory.dmp

memory/10712-17364-0x0000000021310000-0x000000002131E000-memory.dmp

memory/10712-17363-0x0000000021340000-0x0000000021378000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

C:\Users\Admin\Desktop\Joke\chilledwindows.mp4

MD5 698ddcaec1edcf1245807627884edf9c
SHA1 c7fcbeaa2aadffaf807c096c51fb14c47003ac20
SHA256 cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b
SHA512 a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155