cerber | hxxps://github[.]com/Menss-unban-method/unban-gtag/blob/f19aa3f54b82939060793e641b4f424301a8c7c8/Impulse-Spoofer[.]zip

Analysis

max time kernel
206s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2025 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Menss-unban-method/unban-gtag/blob/f19aa3f54b82939060793e641b4f424301a8c7c8/Impulse-Spoofer.zip

Score

10^/10

cerber discovery ransomware

Malware Config

Signatures

Cerber 8 IoCs

Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

ransomware cerber

description	ioc	pid	Process
		4924	taskkill.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		KernelMapper.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		KernelMapper.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		KernelMapper.exe
		5096	taskkill.exe
		4268	taskkill.exe
		3912	taskkill.exe
		3648	taskkill.exe

Cerber family
cerber

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
51	raw.githubusercontent.com
73	discord.com
74	discord.com
75	discord.com
50	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Volume.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Impulse Spoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Impulse Spoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Impulse Spoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Volume.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Volume.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3012	reg.exe
3080	reg.exe
5068	reg.exe
4020	reg.exe
3372	reg.exe
2704	reg.exe
1424	reg.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	reg.exe
Delete value	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	reg.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	reg.exe
Delete value	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	reg.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 10 IoCs

defense_evasion

pid	Process
3912	taskkill.exe
3648	taskkill.exe
2944	taskkill.exe
4492	taskkill.exe
4924	taskkill.exe
4268	taskkill.exe
3112	taskkill.exe
2884	taskkill.exe
5096	taskkill.exe
4484	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3625106387-4207083342-115176794-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3625106387-4207083342-115176794-1000\{0463DEB5-4A9B-445D-87F7-117D6971C9E9}	msedge.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
1876	reg.exe
2176	reg.exe
4452	reg.exe
1660	reg.exe
2644	reg.exe
5028	reg.exe
4492	reg.exe
1244	reg.exe
3908	reg.exe
3660	reg.exe
4552	reg.exe
1676	reg.exe
1056	reg.exe
3540	reg.exe
1352	reg.exe
4484	reg.exe
3004	reg.exe
180	reg.exe
1932	reg.exe
744	reg.exe
4496	reg.exe
3372	reg.exe
1132	reg.exe
2008	reg.exe
4688	reg.exe
4852	reg.exe
2824	reg.exe
4668	reg.exe
5000	reg.exe
4492	reg.exe
2148	reg.exe
2192	reg.exe
1684	reg.exe
2520	reg.exe
3108	reg.exe
2392	reg.exe
2452	reg.exe
4848	reg.exe
4996	reg.exe
2832	reg.exe
2524	reg.exe
2120	reg.exe
4788	reg.exe
2728	reg.exe
5008	reg.exe
4724	reg.exe
4452	reg.exe
3108	reg.exe
860	reg.exe
2052	reg.exe
3040	reg.exe
3908	reg.exe
3976	reg.exe
4704	reg.exe
2740	reg.exe
1676	reg.exe
4492	reg.exe
5000	reg.exe
4996	reg.exe
2640	reg.exe
2940	reg.exe
3968	reg.exe
884	reg.exe
992	reg.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
4576	msedge.exe
4576	msedge.exe
2564	identity_helper.exe
2564	identity_helper.exe
3900	msedge.exe
3900	msedge.exe
4864	msedge.exe
4864	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4924	taskkill.exe
Token: SeDebugPrivilege	5096	taskkill.exe
Token: SeDebugPrivilege	4268	taskkill.exe
Token: SeDebugPrivilege	3912	taskkill.exe
Token: SeDebugPrivilege	3648	taskkill.exe
Token: SeDebugPrivilege	4484	taskkill.exe
Token: SeDebugPrivilege	2944	taskkill.exe
Token: SeDebugPrivilege	4492	taskkill.exe
Token: SeDebugPrivilege	3112	taskkill.exe
Token: SeDebugPrivilege	2884	taskkill.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5100	KernelMapper.exe
2148	KernelMapper.exe
1768	KernelMapper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 3984	872	msedge.exe	83
PID 872 wrote to memory of 3984	872	msedge.exe	83
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 804	872	msedge.exe	85
PID 872 wrote to memory of 4576	872	msedge.exe	86
PID 872 wrote to memory of 4576	872	msedge.exe	86
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87
PID 872 wrote to memory of 512	872	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Menss-unban-method/unban-gtag/blob/f19aa3f54b82939060793e641b4f424301a8c7c8/Impulse-Spoofer.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbda146f8,0x7ffcbda14708,0x7ffcbda14718
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2896719399661611449,4740864743159779478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:5464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Impulse-Spoofer\Cleaner.bat" "
1⤵
PID:1552
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"
  2⤵
  - Cerber
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4924
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"
  2⤵
  - Cerber
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5096
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"
  2⤵
  - Cerber
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4268
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"
  2⤵
  - Cerber
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3912
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"
  2⤵
  - Cerber
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3648
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:536
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:3140
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:4776
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:4316
- C:\Windows\system32\reg.exe
  reg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f
  2⤵
  PID:1680
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:2516
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:1040
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:2404
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:4504
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:5060
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:4408
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 27577-12000 /f
  2⤵
  - Modifies registry key
  PID:2392
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 30265-12339 /f
  2⤵
  - Modifies registry key
  PID:4852
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {eac19171} /f
  2⤵
  - Modifies registry key
  PID:3540
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {30445-15536-4911-18442-12643} /f
  2⤵
  - Modifies registry key
  PID:2148
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {2764-30374-24966-4490-31679} /f
  2⤵
  - Modifies registry key
  PID:2740
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 10706-1849 /f
  2⤵
  - Modifies registry key
  PID:744
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 28431-21142 /f
  2⤵
  - Modifies registry key
  PID:4496
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 17752-2499 /f
  2⤵
  - Modifies registry key
  PID:4492
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 18530-785-24780-2548-17501 /f
  2⤵
  - Modifies registry key
  PID:2640
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 15538-16760-31879-30502-11284 /f
  2⤵
  PID:3080
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 26201-5645-28246-26238 /f
  2⤵
  - Modifies registry key
  PID:1244
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 5483 /f
  2⤵
  - Modifies registry key
  PID:1352
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {13095-18523-13240-20007} /f
  2⤵
  - Modifies registry key
  PID:2008
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f
  2⤵
  PID:3904
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:1672
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:4604
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:2620
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:544
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:4804
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:5068
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:4364
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:3016
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f
  2⤵
  PID:4244
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f
  2⤵
  PID:1576
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f
  2⤵
  PID:2604
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f
  2⤵
  PID:4108
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f
  2⤵
  PID:3908
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f
  2⤵
  PID:3912
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f
  2⤵
  PID:1772
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f
  2⤵
  PID:4292
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f
  2⤵
  PID:2204
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid /t REG_SZ /d ---- /f
  2⤵
  PID:3756
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildGUID /t REG_SZ /d ---- /f
  2⤵
  PID:3924
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f
  2⤵
  PID:1416
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f
  2⤵
  PID:1124
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW
  2⤵
  PID:2228
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f
  2⤵
  PID:3176
- C:\Windows\system32\reg.exe
  REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v InstallDate /t REG_SZ /d 4344 /f
  2⤵
  PID:4696
- C:\Windows\system32\reg.exe
  REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v ProductId /t REG_SZ /d 23323 /f
  2⤵
  PID:1448
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d ---- /f
  2⤵
  PID:1988
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 10781-17737-27098-11737-20722 /f
  2⤵
  - Modifies registry key
  PID:3660
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 19926-19024-19037-15606-21342 /f
  2⤵
  - Modifies registry key
  PID:860
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 12861-10575 /f
  2⤵
  - Modifies registry key
  PID:4484
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 23354 /f
  2⤵
  - Modifies registry key
  PID:1684
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 18814-22099-15845-24115 /f
  2⤵
  PID:4512
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d FS13482 /f
  2⤵
  - Modifies registry key
  PID:3968
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 5581-25790 /f
  2⤵
  - Modifies registry key
  PID:2452
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d FS270 /f
  2⤵
  - Modifies registry key
  PID:1676
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 12329-30817 /f
  2⤵
  - Modifies registry key
  PID:884
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 14861 /f
  2⤵
  - Modifies registry key
  PID:3004
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 5443-5473 /f
  2⤵
  - Modifies registry key
  PID:1876
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 18544 /f
  2⤵
  - Modifies registry key
  PID:2176
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 6905-3693 /f
  2⤵
  - Modifies registry key
  PID:4452
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {10325-7553-22084-89-28012} /f
  2⤵
  PID:1540
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {27373-20523-17245-3188-26331} /f
  2⤵
  - Modifies registry key
  PID:4688
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {7566-s13035-25830-23919-23121} /f
  2⤵
  - Modifies registry key
  PID:2120
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {eac14949} /f
  2⤵
  - Modifies registry key
  PID:2940
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {fefefee14188-17471-16130-9267} /f
  2⤵
  - Modifies registry key
  PID:2520
- C:\Windows\system32\reg.exe
  REG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v InstallDate /t REG_SZ /d 2208 /f
  2⤵
  - Modifies registry key
  PID:1056
- C:\Windows\system32\reg.exe
  REG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v ProductId /t REG_SZ /d 8711 /f
  2⤵
  - Modifies registry key
  PID:4788
- C:\Windows\system32\reg.exe
  REG ADD HKLM\System\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d 14780 /f
  2⤵
  - Modifies registry key
  PID:2192
- C:\Windows\system32\reg.exe
  REG ADD HKLM\System\CurrentControlSet\Control\WMI\Security /v 671a8285-4edb-4cae-99fe-69a15c48c0bc /t REG_SZ /d 24340 /f
  2⤵
  - Modifies registry key
  PID:992
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion" "WindowsUpdate /v SusClientId /t REG_SZ /d {8471-7837-3659-11697-20126} /f
  2⤵
  - Modifies registry key
  PID:2052
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f
  2⤵
  PID:4536
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f
  2⤵
  PID:4924
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f
  2⤵
  PID:4084
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f
  2⤵
  PID:3664
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:1892
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:3544
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f
  2⤵
  PID:1532
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:988
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:2000
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f
  2⤵
  PID:2824
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:4316
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f
  2⤵
  - Checks processor information in registry
  PID:1512
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f
  2⤵
  PID:4940
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f
  2⤵
  PID:4896
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f
  2⤵
  PID:2404
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f
  2⤵
  PID:3184
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f
  2⤵
  PID:5060
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f
  2⤵
  PID:1344
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f
  2⤵
  PID:2828
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f
  2⤵
  PID:4540
- C:\Windows\system32\reg.exe
  reg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f
  2⤵
  PID:2732
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f
  2⤵
  PID:392
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:4184
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:4832
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App" /f
  2⤵
  PID:4496
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol" /f
  2⤵
  PID:4492
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol\ms-gamebarservices" /f
  2⤵
  PID:2640
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe" /f
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3080
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:1244
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93" /f
  2⤵
  PID:1352
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\Package\181" /f
  2⤵
  PID:2008
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\Package\181\93" /f
  2⤵
  PID:1412
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App" /f
  2⤵
  PID:1540
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App\93" /f
  2⤵
  PID:4688
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac" /f
  2⤵
  PID:2120
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad" /f
  2⤵
  PID:2940
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93" /f
  2⤵
  PID:5028
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93\ac" /f
  2⤵
  PID:2772
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93" /f
  2⤵
  PID:2968
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93\ad" /f
  2⤵
  PID:3136
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180" /f
  2⤵
  PID:812
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181" /f
  2⤵
  PID:5096
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182" /f
  2⤵
  PID:532
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\180" /f
  2⤵
  PID:208
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\181" /f
  2⤵
  PID:1356
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\182" /f
  2⤵
  PID:4376
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f
  2⤵
  PID:4440
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe\182" /f
  2⤵
  PID:3648
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:536
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\180" /f
  2⤵
  PID:3140
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\181" /f
  2⤵
  PID:3308
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80" /f
  2⤵
  PID:2260
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81" /f
  2⤵
  PID:5008
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82" /f
  2⤵
  PID:1040
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83" /f
  2⤵
  PID:1064
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84" /f
  2⤵
  PID:5020
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a80" /f
  2⤵
  PID:5012
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a81" /f
  2⤵
  PID:1004
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a82" /f
  2⤵
  PID:3632
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a83" /f
  2⤵
  PID:4508
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a84" /f
  2⤵
  PID:2660
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180" /f
  2⤵
  PID:216
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180\1a80" /f
  2⤵
  PID:4152
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181" /f
  2⤵
  PID:4724
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181\1a81" /f
  2⤵
  PID:320
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182" /f
  2⤵
  PID:2452
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182\1a82" /f
  2⤵
  PID:4144
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180" /f
  2⤵
  PID:4492
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180\1a83" /f
  2⤵
  PID:1364
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181" /f
  2⤵
  PID:3080
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181\1a84" /f
  2⤵
  PID:1244
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:1352
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:2008
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f
  2⤵
  PID:1412
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:4604
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:1540
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f
  2⤵
  PID:2120
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:2940
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
  2⤵
  PID:5028
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
  2⤵
  PID:2772
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f
  2⤵
  PID:2968
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
  2⤵
  PID:3136
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f
  2⤵
  PID:812
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher" /f
  2⤵
  PID:5096
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f
  2⤵
  PID:532
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f
  2⤵
  PID:208
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f
  2⤵
  PID:1356
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher" /f
  2⤵
  PID:4376
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f
  2⤵
  PID:4440
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f
  2⤵
  PID:3648

C:\Users\Admin\Downloads\Impulse-Spoofer\Impulse Spoofer.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\Impulse Spoofer.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/D6apastc
  2⤵
  PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcbda146f8,0x7ffcbda14708,0x7ffcbda14718
    3⤵
    PID:1448

C:\Users\Admin\Downloads\Impulse-Spoofer\KernelMapper.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\KernelMapper.exe"
1⤵
- Cerber
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Users\Admin\Downloads\Impulse-Spoofer\KernelMapper.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\KernelMapper.exe"
1⤵
- Cerber
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\Downloads\Impulse-Spoofer\Volume.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\Volume.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1392

C:\Users\Admin\Downloads\Impulse-Spoofer\Volume.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\Volume.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4960

C:\Users\Admin\Downloads\Impulse-Spoofer\Volume.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\Volume.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4240

C:\Users\Admin\Downloads\Impulse-Spoofer\KernelMapper.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\KernelMapper.exe"
1⤵
- Cerber
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\Downloads\Impulse-Spoofer\Impulse Spoofer.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\Impulse Spoofer.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/D6apastc
  2⤵
  PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbda146f8,0x7ffcbda14708,0x7ffcbda14718
    3⤵
    PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/D6apastc
  2⤵
  PID:3856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbda146f8,0x7ffcbda14708,0x7ffcbda14718
    3⤵
    PID:3992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Impulse-Spoofer\Cleaner.bat" "
1⤵
PID:1368
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4484
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2944
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4492
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3112
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2884
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:3176
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:3648
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:2644
- C:\Windows\system32\reg.exe
  reg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f
  2⤵
  PID:4892
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:3004
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:2732
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:708
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:4376
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:3804
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 27854-8110 /f
  2⤵
  - Modifies registry key
  PID:3040
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 8624-26105 /f
  2⤵
  - Modifies registry key
  PID:4848
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {eac11173} /f
  2⤵
  PID:4888
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {3769-17951-18237-12903-14345} /f
  2⤵
  - Modifies registry key
  PID:3108
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {22960-1350-6227-1904-17468} /f
  2⤵
  - Modifies registry key
  PID:4996
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 9883-20387 /f
  2⤵
  PID:1132
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 21711-12913 /f
  2⤵
  - Modifies registry key
  PID:3908
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 18501-22545 /f
  2⤵
  - Modifies registry key
  PID:4492
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 23690-31861-31197-31385-7225 /f
  2⤵
  - Modifies registry key
  PID:4552
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 24524-8169-29313-26529-4220 /f
  2⤵
  - Modifies registry key
  PID:4668
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 20585-10135-18914-25967 /f
  2⤵
  - Modifies registry key
  PID:2728
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 23980 /f
  2⤵
  - Modifies registry key
  PID:180
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {23994-1777-9240-872} /f
  2⤵
  - Modifies registry key
  PID:5000
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f
  2⤵
  PID:1932
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:2976
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:1660
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:5008
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:5052
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:3976
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:2832
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:4940
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:2524
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f
  2⤵
  PID:2936
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f
  2⤵
  PID:1676
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f
  2⤵
  PID:4724
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f
  2⤵
  PID:5028
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f
  2⤵
  PID:2012
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f
  2⤵
  PID:4704
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f
  2⤵
  PID:3372
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f
  2⤵
  PID:4452
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f
  2⤵
  PID:4888
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f
  2⤵
  PID:3108
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid /t REG_SZ /d ---- /f
  2⤵
  PID:4996
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildGUID /t REG_SZ /d ---- /f
  2⤵
  PID:1132
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f
  2⤵
  PID:3908
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f
  2⤵
  PID:4492
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW
  2⤵
  PID:4552
- C:\Windows\system32\reg.exe
  REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f
  2⤵
  PID:4668
- C:\Windows\system32\reg.exe
  REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v InstallDate /t REG_SZ /d 32155 /f
  2⤵
  PID:2728
- C:\Windows\system32\reg.exe
  REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v ProductId /t REG_SZ /d 20809 /f
  2⤵
  PID:180
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d ---- /f
  2⤵
  - Modifies registry key
  PID:5000
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 12122-27146-23237-2014-7589 /f
  2⤵
  - Modifies registry key
  PID:1932
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 29771-6875-4179-31330-2820 /f
  2⤵
  PID:2976
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 8737-8556 /f
  2⤵
  - Modifies registry key
  PID:1660
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 13969 /f
  2⤵
  - Modifies registry key
  PID:5008
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 23363-10558-4550-3248 /f
  2⤵
  - Modifies registry key
  PID:2644
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d FS15006 /f
  2⤵
  - Modifies registry key
  PID:3976
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 24641-32454 /f
  2⤵
  - Modifies registry key
  PID:2824
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d FS23519 /f
  2⤵
  - Modifies registry key
  PID:2832
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 9671-17121 /f
  2⤵
  - Modifies registry key
  PID:2524
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 24527 /f
  2⤵
  PID:2936
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 15939-3425 /f
  2⤵
  - Modifies registry key
  PID:1676
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 521 /f
  2⤵
  - Modifies registry key
  PID:4724
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 22968-24232 /f
  2⤵
  - Modifies registry key
  PID:5028
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {25874-9876-26237-20842-10458} /f
  2⤵
  PID:2012
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {20821-9524-29845-19619-15450} /f
  2⤵
  - Modifies registry key
  PID:4704
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {26179-s6987-18969-24945-18385} /f
  2⤵
  - Modifies registry key
  PID:3372
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {eac2150} /f
  2⤵
  - Modifies registry key
  PID:4452
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {fefefee16571-27116-30330-31839} /f
  2⤵
  PID:4888
- C:\Windows\system32\reg.exe
  REG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v InstallDate /t REG_SZ /d 23602 /f
  2⤵
  - Modifies registry key
  PID:3108
- C:\Windows\system32\reg.exe
  REG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v ProductId /t REG_SZ /d 19362 /f
  2⤵
  - Modifies registry key
  PID:4996
- C:\Windows\system32\reg.exe
  REG ADD HKLM\System\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d 26183 /f
  2⤵
  - Modifies registry key
  PID:1132
- C:\Windows\system32\reg.exe
  REG ADD HKLM\System\CurrentControlSet\Control\WMI\Security /v 671a8285-4edb-4cae-99fe-69a15c48c0bc /t REG_SZ /d 23151 /f
  2⤵
  - Modifies registry key
  PID:3908
- C:\Windows\system32\reg.exe
  REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion" "WindowsUpdate /v SusClientId /t REG_SZ /d {29922-14134-6109-10483-7872} /f
  2⤵
  - Modifies registry key
  PID:4492
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f
  2⤵
  PID:4552
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f
  2⤵
  PID:4668
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f
  2⤵
  PID:2728
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f
  2⤵
  PID:3284
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f
  2⤵
  PID:5000
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games" /f
  2⤵
  PID:1932
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f
  2⤵
  PID:2976
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f
  2⤵
  PID:1660
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f
  2⤵
  PID:5008
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f
  2⤵
  PID:4336
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f
  2⤵
  PID:2644
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f
  2⤵
  - Checks processor information in registry
  PID:2824
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f
  2⤵
  PID:2832
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f
  2⤵
  PID:2524
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f
  2⤵
  PID:2936
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f
  2⤵
  PID:1676
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f
  2⤵
  PID:388
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f
  2⤵
  PID:5028
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f
  2⤵
  PID:2012
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f
  2⤵
  PID:3256
- C:\Windows\system32\reg.exe
  reg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f
  2⤵
  PID:4704
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f
  2⤵
  PID:4452
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:4888
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:3108
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App" /f
  2⤵
  PID:4996
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol" /f
  2⤵
  PID:1132
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol\ms-gamebarservices" /f
  2⤵
  PID:4012
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe" /f
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5068
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:4108
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93" /f
  2⤵
  PID:4924
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\Package\181" /f
  2⤵
  PID:884
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\Package\181\93" /f
  2⤵
  PID:4900
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App" /f
  2⤵
  PID:4752
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App\93" /f
  2⤵
  PID:180
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac" /f
  2⤵
  PID:4504
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad" /f
  2⤵
  PID:2996
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93" /f
  2⤵
  PID:2724
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93\ac" /f
  2⤵
  PID:1660
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93" /f
  2⤵
  PID:5052
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93\ad" /f
  2⤵
  PID:3976
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180" /f
  2⤵
  PID:4940
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181" /f
  2⤵
  PID:2352
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182" /f
  2⤵
  PID:2832
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\180" /f
  2⤵
  PID:2784
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\181" /f
  2⤵
  PID:2936
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\182" /f
  2⤵
  PID:4376
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f
  2⤵
  PID:3804
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe\182" /f
  2⤵
  PID:768
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:3376
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\180" /f
  2⤵
  PID:4980
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:1148
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\181" /f
  2⤵
  PID:3824
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80" /f
  2⤵
  PID:368
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81" /f
  2⤵
  PID:3956
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82" /f
  2⤵
  PID:3636
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83" /f
  2⤵
  PID:4052
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84" /f
  2⤵
  PID:4756
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a80" /f
  2⤵
  PID:4492
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a81" /f
  2⤵
  PID:3268
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a82" /f
  2⤵
  PID:4792
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a83" /f
  2⤵
  PID:3484
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a84" /f
  2⤵
  PID:1044
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180" /f
  2⤵
  PID:4508
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180\1a80" /f
  2⤵
  PID:884
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181" /f
  2⤵
  PID:4924
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181\1a81" /f
  2⤵
  PID:1228
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182" /f
  2⤵
  PID:2260
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182\1a82" /f
  2⤵
  PID:1124
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180" /f
  2⤵
  PID:3648
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180\1a83" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181" /f
  2⤵
  PID:2516
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181\1a84" /f
  2⤵
  PID:5052
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:3020
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f
  2⤵
  PID:3004
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f
  2⤵
  PID:4416
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:708
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f
  2⤵
  PID:3852
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f
  2⤵
  PID:1120
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
  2⤵
  PID:2704
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
  2⤵
  PID:4292
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f
  2⤵
  PID:4104
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
  2⤵
  PID:4980
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f
  2⤵
  PID:1260
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher" /f
  2⤵
  PID:2944
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f
  2⤵
  PID:4020
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f
  2⤵
  PID:3880
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f
  2⤵
  PID:3112
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher" /f
  2⤵
  PID:4996
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f
  2⤵
  PID:1900
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f
  2⤵
  PID:4492
- C:\Windows\system32\reg.exe
  reg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f
  2⤵
  PID:4108
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e4eddc4_0" /f
  2⤵
  PID:1424
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e4eddc4_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}" /f
  2⤵
  PID:4144
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\0" /f
  2⤵
  PID:1044
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000205B6" /f
  2⤵
  PID:4760
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000403D6" /f
  2⤵
  PID:884
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000405DE" /f
  2⤵
  PID:4924
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060286" /f
  2⤵
  PID:180
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000009042E" /f
  2⤵
  PID:1228
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A03B4" /f
  2⤵
  PID:1124
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A0430" /f
  2⤵
  PID:3648
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B0532" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B05D6" /f
  2⤵
  PID:2516
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C0430" /f
  2⤵
  PID:5052
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C0586" /f
  2⤵
  PID:3020
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000E03D2" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000E0406" /f
  2⤵
  PID:3004
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000100430" /f
  2⤵
  PID:4416
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001103EE" /f
  2⤵
  PID:708
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000011041E" /f
  2⤵
  PID:3852
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000012047E" /f
  2⤵
  PID:1120
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001303EE" /f
  2⤵
  PID:2704
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001304F2" /f
  2⤵
  PID:4292
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000014041E" /f
  2⤵
  PID:4104
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001703E6" /f
  2⤵
  PID:4980
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000170440" /f
  2⤵
  PID:1260
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001704FC" /f
  2⤵
  PID:2944
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" /f
  2⤵
  PID:4020
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri" /f
  2⤵
  PID:3880
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499" /f
  2⤵
  PID:3112
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2" /f
  2⤵
  PID:4996
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572" /f
  2⤵
  PID:1900
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\DefaultIcon" /f
  2⤵
  PID:4492
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell" /f
  2⤵
  PID:4108
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open" /f
  2⤵
  PID:1424
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open\command" /f
  2⤵
  PID:3484
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\System\GameConfigStore\Children\03ce6902-ff58-41de-ab92-36fcaf27a580" /f
  2⤵
  PID:4144
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\System\GameConfigStore\Parents\fd13f746e7d2d69760b017363f621255c9b49ac8" /f
  2⤵
  PID:4760
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri" /f
  2⤵
  PID:884
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499" /f
  2⤵
  PID:4924
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2" /f
  2⤵
  PID:180
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572" /f
  2⤵
  PID:1228
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\DefaultIcon" /f
  2⤵
  PID:1124
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\shell" /f
  2⤵
  PID:3648
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\shell\open" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\shell\open\command" /f
  2⤵
  PID:2516
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher" /f
  2⤵
  PID:5052
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f
  2⤵
  PID:3020
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f
  2⤵
  PID:3004
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher" /f
  2⤵
  PID:4416
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f
  2⤵
  PID:708
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f
  2⤵
  PID:3852
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f
  2⤵
  PID:1120
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXm8fs0gj5h36ynw4kq0x3gqnz6ecr1kvy\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe: (NULL!)" /f
  2⤵
  PID:2704
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-gamebarservices\AppXm8fs0gj5h36ynw4kq0x3gqnz6ecr1kvy\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe: (NULL!)" /f
  2⤵
  PID:4292
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe"" /f
  2⤵
  PID:4104
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe"" /f
  2⤵
  PID:4980
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe"" /f
  2⤵
  PID:1260
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol\ms-gamebarservices\ACID: "App.AppXe655y38cadddpg1xd2b5k915wndhg5gm.mca"" /f
  2⤵
  PID:2944
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe\LastDetectionTime: F9 8F FD B6 8D 13 D5 01" /f
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4020
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\AppPackageType: 0x00000000" /f
  2⤵
  PID:3880
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\PackageSid: "S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201"" /f
  2⤵
  PID:3112
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\EnterpriseID: 0x00000000" /f
  2⤵
  PID:4756
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\CapSids: 0A 00 00 00 01 02 00 00 00 00 00 0F 03 00 00 00 01 00 00 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E8 41 FE 65 15 CB 86 8E 43 2C E1 30 42 2A B3 51 4E 9C 0E 17 B4 1B 89 09 98 DA 44 8D 13 6A 0C B3 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E4 29 72 AE 52 A9 2E 19 C4 FB 6C 51 9E 00 25 50 5B 64 A6 6F A4 D2 D0 57 D2 DB D7 37 F2 B0 85 AC 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0B 44 35 CF 44 6C 30 B5 4C 90 DA 15 DB 4C 09 94 5A 08 A5 69 F0 DC C5 65 02 4A 7B B9 A8 2C DA C2 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 3C DA 35 57 2A 15 FA C8 02 C1 BC 52 65 2B D8 EC C8 8E 72 9B 62 79 A8 20 65 1E 06 07 AF 02 70 0C 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 CE 22 45 27 27 B8 EA 12 11 8A 20 EF 09 19 FD 6B B8 B4 A0 D6 03 10 5B DD D6 CF 74 85 60 22 D2 CD 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0A D5 CA 1A 96 05 1C F5 5E 2C 0C CE 2A E" /f
  2⤵
  PID:4996
- C:\Windows\system32\reg.exe
  reg delete "8 F3 66 B9 86 13 95 5D 1A 40 0A 7F 52 A9 BA B2 23 04 83 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 38 B0 4E D5 42 5B 15 DF 75 ED 77 00 0E 5B 16 73 C1 5E D2 AF 68 BF 75 AD 38 35 1D 6A 1E 9A 12 F7 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 AF 37 E5 A2 58 AD 48 66 53 E6 1F 53 B9 42 0E EA 34 9C E5 B6 48 3A DB 78 9F 5C A7 33 FE 7E 97 1A 01 08 00 00 00 00 00 0F 03 00 00 00 CC 77 B2 6C CA 01 58 51 6A 28 60 81 E1 F6 0B 69 78 9C FE 8E 66 F8 8F CE 29 11 79 DE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f
  2⤵
  PID:4492
- C:\Windows\system32\reg.exe
  reg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f
  2⤵
  PID:4108
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\ApplicationFlags: 0x00000000" /f
  2⤵
  PID:1424
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins\kz2LMQg4+pNfXggv65DcWFQ9SiekWR4B4WMWT+pcqbU: 0x00000002" /f
  2⤵
  PID:3484
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins\4JSyFFDDKUMXDyK2USgAjbiksFnqOb3f8RPZBPSpEfU: 0x00000002" /f
  2⤵
  PID:4144
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins\62bDlCzxB/xxIWLkQdDRYcAqhmZhNOMUtjhRkAgTvkQ: 0x00000002" /f
  2⤵
  PID:4760
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Package: 0x00000181" /f
  2⤵
  PID:884
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Index: 0x00000000" /f
  2⤵
  PID:4924
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Flags: 0x00000000" /f
  2⤵
  PID:180
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\PackageRelativeApplicationId: "App"" /f
  2⤵
  PID:1228
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\ApplicationUserModelId: "Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App"" /f
  2⤵
  PID:1124
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Executable: "GameBar.exe"" /f
  2⤵
  PID:3648
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Entrypoint: "GameBar.App"" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\StartPage: (NULL!)" /f
  2⤵
  PID:2516
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\_IndexKeys: 50 61 63 6B 61 67 65 5C 31 38 31 5C 39 33 00 50 61 63 6B 61 67 65 41 6E 64 50 61 63 6B 61 67 65 52 65 6C 61 74 69 76 65 41 70 70 6C 69 63 61 74 69 6F 6E 49 64 5C 31 38 31 5E 41 70 70 00 00" /f
  2⤵
  PID:5052
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\Application: 0x00000093" /f
  2⤵
  PID:3020
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\User: 0x00000003" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\ApplicationUserModelId: "Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App"" /f
  2⤵
  PID:2936
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\_IndexKeys: 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 5C 33 5E 39 33 00 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 55 73 65 72 4D 6F 64 65 6C 49 64 5C 33 5E 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 21 41 70 70 00 00" /f
  2⤵
  PID:3004
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\Application: 0x00000093" /f
  2⤵
  PID:708
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\User: 0x00000004" /f
  2⤵
  PID:3852
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\ApplicationUserModelId: "Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App"" /f
  2⤵
  PID:1120
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\_IndexKeys: 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 5C 34 5E 39 33 00 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 55 73 65 72 4D 6F 64 65 6C 49 64 5C 34 5E 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 21 41 70 70 00 00" /f
  2⤵
  PID:3376
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageFullName: "Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe"" /f
  2⤵
  PID:1148
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageFamily: 0x0000004E" /f
  2⤵
  PID:4104
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageType: 0x00000008" /f
  2⤵
  PID:4980
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\Flags: 0x00000000" /f
  2⤵
  PID:1260
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageOrigin: 0x00000003" /f
  2⤵
  PID:4160
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\Volume: 0x00000001" /f
  2⤵
  PID:1132
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\InstalledLocation: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe"" /f
  2⤵
  PID:624
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\_IndexKeys: 50 61 63 6B 61 67 65 46 61 6D 69 6C 79 5C 34 65 5C 31 38 30 00 50 61 63 6B 61 67 65 46 75 6C 6C 4E 61 6D 65 5C 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 31 2E 34 31 2E 32 34 30 30 31 2E 30 5F 6E 65 75 74 72 61 6C 5F 7E 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 00 00" /f
  2⤵
  PID:1100
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageFullName: "Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe"" /f
  2⤵
  PID:2060
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageFamily: 0x0000004E" /f
  2⤵
  PID:5020
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageType: 0x00000001" /f
  2⤵
  PID:4544
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\Flags: 0x00000000" /f
  2⤵
  PID:4380
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageOrigin: 0x00000003" /f
  2⤵
  PID:1044
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\Volume: 0x00000001" /f
  2⤵
  PID:3484
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\InstalledLocation: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe"" /f
  2⤵
  PID:4612
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\_IndexKeys: 50 61 63 6B 61 67 65 46 61 6D 69 6C 79 5C 34 65 5C 31 38 31 00 50 61 63 6B 61 67 65 46 75 6C 6C 4E 61 6D 65 5C 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 31 2E 34 31 2E 32 34 30 30 31 2E 30 5F 78 36 34 5F 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 00 00" /f
  2⤵
  PID:3176
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageFullName: "Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe"" /f
  2⤵
  PID:5000
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageFamily: 0x0000004E" /f
  2⤵
  PID:3756
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageType: 0x00000004" /f
  2⤵
  PID:744
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\Flags: 0x00000000" /f
  2⤵
  PID:1040
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageOrigin: 0x00000003" /f
  2⤵
  PID:3900
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\Volume: 0x00000001" /f
  2⤵
  PID:4336
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\InstalledLocation: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe"" /f
  2⤵
  PID:2644
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\_IndexKeys: 50 61 63 6B 61 67 65 46 61 6D 69 6C 79 5C 34 65 5C 31 38 32 00 50 61 63 6B 61 67 65 46 75 6C 6C 4E 61 6D 65 5C 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 31 2E 34 31 2E 32 34 30 30 31 2E 30 5F 6E 65 75 74 72 61 6C 5F 73 70 6C 69 74 2E 73 63 61 6C 65 2D 31 30 30 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 00 00" /f
  2⤵
  PID:1684
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80\Package: 0x00000180" /f
  2⤵
  PID:2824
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80\User: 0x00000003" /f
  2⤵
  PID:4512
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80\_IndexKeys: 55 73 65 72 5C 33 5C 31 61 38 30 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 33 5E 31 38 30 00 00" /f
  2⤵
  PID:2524
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81\Package: 0x00000181" /f
  2⤵
  PID:4416
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81\User: 0x00000003" /f
  2⤵
  PID:388
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81\_IndexKeys: 55 73 65 72 5C 33 5C 31 61 38 31 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 33 5E 31 38 31 00 00" /f
  2⤵
  PID:5028
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82\Package: 0x00000182" /f
  2⤵
  PID:2012
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82\User: 0x00000003" /f
  2⤵
  PID:4484
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82\_IndexKeys: 55 73 65 72 5C 33 5C 31 61 38 32 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 33 5E 31 38 32 00 00" /f
  2⤵
  PID:4292
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83\Package: 0x00000180" /f
  2⤵
  PID:4356
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83\User: 0x00000004" /f
  2⤵
  PID:4888
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83\_IndexKeys: 55 73 65 72 5C 34 5C 31 61 38 33 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 34 5E 31 38 30 00 00" /f
  2⤵
  PID:3108
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84\Package: 0x00000181" /f
  2⤵
  PID:3908
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84\User: 0x00000004" /f
  2⤵
  PID:1792
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84\_IndexKeys: 55 73 65 72 5C 34 5C 31 61 38 34 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 34 5E 31 38 31 00 00" /f
  2⤵
  PID:4012
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml"" /f
  2⤵
  PID:5068
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxManifest.xml"" /f
  2⤵
  PID:1900
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\AppxManifest.xml"" /f
  2⤵
  PID:1960
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml"" /f
  2⤵
  PID:1796
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\LastReturnValue: 0x00000000" /f
  2⤵
  PID:1348
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\NumberOfAttempts: 0x00000001" /f
  2⤵
  PID:4552
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxManifest.xml"" /f
  2⤵
  PID:4668
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\AppxManifest.xml"" /f
  2⤵
  PID:2728
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\41C64E6DA3D39855: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 0B 00 00 00 04 00 00 00" /f
  2⤵
  PID:1424
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\41C64E6DA3CF4055: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 0B 00 00 00 04 00 00 00" /f
  2⤵
  PID:4896
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Counts\cup_ecdsa_http_failure: 01 00 00 00 00 00 00 00" /f
  2⤵
  PID:4504
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\AppPackageType: 0x00000000" /f
  2⤵
  PID:2996
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\PackageSid: "S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201"" /f
  2⤵
  PID:2724
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\EnterpriseID: 0x00000000" /f
  2⤵
  PID:5008
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\CapSids: 0A 00 00 00 01 02 00 00 00 00 00 0F 03 00 00 00 01 00 00 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E8 41 FE 65 15 CB 86 8E 43 2C E1 30 42 2A B3 51 4E 9C 0E 17 B4 1B 89 09 98 DA 44 8D 13 6A 0C B3 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E4 29 72 AE 52 A9 2E 19 C4 FB 6C 51 9E 00 25 50 5B 64 A6 6F A4 D2 D0 57 D2 DB D7 37 F2 B0 85 AC 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0B 44 35 CF 44 6C 30 B5 4C 90 DA 15 DB 4C 09 94 5A 08 A5 69 F0 DC C5 65 02 4A 7B B9 A8 2C DA C2 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 3C DA 35 57 2A 15 FA C8 02 C1 BC 52 65 2B D8 EC C8 8E 72 9B 62 79 A8 20 65 1E 06 07 AF 02 70 0C 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 CE 22 45 27 27 B8 EA 12 11 8A 20 EF 09 19 FD 6B B8 B4 A0 D6 03 10 5B DD D6 CF 74 85 60 22 D2 CD 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0A D5 CA 1A 96 05 1C F5 5E 2" /f
  2⤵
  PID:3900
- C:\Windows\system32\reg.exe
  reg delete "C 0C CE 2A E8 F3 66 B9 86 13 95 5D 1A 40 0A 7F 52 A9 BA B2 23 04 83 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 38 B0 4E D5 42 5B 15 DF 75 ED 77 00 0E 5B 16 73 C1 5E D2 AF 68 BF 75 AD 38 35 1D 6A 1E 9A 12 F7 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 AF 37 E5 A2 58 AD 48 66 53 E6 1F 53 B9 42 0E EA 34 9C E5 B6 48 3A DB 78 9F 5C A7 33 FE 7E 97 1A 01 08 00 00 00 00 00 0F 03 00 00 00 CC 77 B2 6C CA 01 58 51 6A 28 60 81 E1 F6 0B 69 78 9C FE 8E 66 F8 8F CE 29 11 79 DE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f
  2⤵
  PID:4336
- C:\Windows\system32\reg.exe
  reg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\ApplicationFlags: 0x00000000" /f
  2⤵
  PID:2516
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat\GamesInstalled: "217;"" /f
  2⤵
  PID:5052
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862software: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f
  2⤵
  PID:3020
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_sid: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 2E 64 61 74 00 00" /f
  2⤵
  PID:3024
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_classes: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 43 6C 61 73 73 65 73 2E 64 61 74 00 00" /f
  2⤵
  PID:2936
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Siloe6b4a779-bfe1-62d8-47ac-fa19e9becbbecom: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 5F 43 4F 4D 31 35 2E 64 61 74 00 00" /f
  2⤵
  PID:3004
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862com: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f
  2⤵
  PID:708
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3372
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f
  2⤵
  PID:1120
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2704
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f
  2⤵
  PID:3376
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f
  2⤵
  PID:4104
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f
  2⤵
  PID:4980
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f
  2⤵
  PID:3908
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f
  2⤵
  PID:4160
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f
  2⤵
  PID:1132
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f
  2⤵
  PID:624
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f
  2⤵
  PID:1100
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f
  2⤵
  PID:2060
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862software: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f
  2⤵
  PID:5020
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_sid: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 2E 64 61 74 00 00" /f
  2⤵
  PID:4544
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_classes: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 43 6C 61 73 73 65 73 2E 64 61 74 00 00" /f
  2⤵
  PID:4380
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Siloe6b4a779-bfe1-62d8-47ac-fa19e9becbbecom: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 5F 43 4F 4D 31 35 2E 64 61 74 00 00" /f
  2⤵
  PID:4668
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862com: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f
  2⤵
  PID:2728
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1424
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f
  2⤵
  PID:1932
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3012
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f
  2⤵
  PID:812
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f
  2⤵
  PID:4504
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f
  2⤵
  PID:2996
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f
  2⤵
  PID:2724
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f
  2⤵
  PID:5008
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f
  2⤵
  PID:3900
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f
  2⤵
  PID:4336
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f
  2⤵
  PID:2692
- C:\Windows\system32\reg.exe
  reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f
  2⤵
  PID:2516
- C:\Windows\system32\reg.exe
  reg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e4eddc4_0\: "{2}.\\?\hdaudio#func_01
  2⤵
  PID:5052

C:\Users\Admin\Downloads\Impulse-Spoofer\Impulse Spoofer.exe
"C:\Users\Admin\Downloads\Impulse-Spoofer\Impulse Spoofer.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/D6apastc
  2⤵
  PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcbda146f8,0x7ffcbda14708,0x7ffcbda14718
    3⤵
    PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/D6apastc
  2⤵
  PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbda146f8,0x7ffcbda14708,0x7ffcbda14718
    3⤵
    PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/D6apastc
  2⤵
  PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbda146f8,0x7ffcbda14708,0x7ffcbda14718
    3⤵
    PID:5388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Impulse Spoofer.exe.log

Filesize
425B

MD5
4eaca4566b22b01cd3bc115b9b0b2196

SHA1
e743e0792c19f71740416e7b3c061d9f1336bf94

SHA256
34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

SHA512
bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc29044ff79dd25458f32c381dc676af

SHA1
f4657c0bee9b865607ec3686b8d4f5d4c2c61cd7

SHA256
efe711204437661603d6e59765aba1654678f2093075c1eb2340dc5e80a1140f

SHA512
3d484f755d88c0485195b247230edb79c07cc0941dedbf2f34738ae4f80ba90595f5094c449b213c0c871ade6aff0a14d4acfe843186e2421ccbad221d34bf54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709e5bc1c62a5aa20abcf92d1a3ae51c

SHA1
71c8b6688cd83f8ba088d3d44d851c19ee9ccff6

SHA256
aa718e97104d2a4c68a9dad4aae806a22060702177f836403094f7ca7f0f8d4e

SHA512
b9fc809fbb95b29336e5102382295d71235b0e3a54828b40380958a7feaf27c6407461765680e1f61d88e2692e912f8ec677a66ff965854bea6afae69d99cf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
199KB

MD5
29dee732bb7cbd7b304bc4d05a63ed4b

SHA1
65225328f17c34ac6f5e1becd3f532558230c2c4

SHA256
f73466cfa2e3739fa8c5c10c727b8ee6168f55cf4b661ee41c289c8994c8a7cb

SHA512
478ad0744cfed7118b15490661afce696f79d61e1077afafebae97c8e362a488ebe6120f9360c2bc1ee1b273f50edaf28de591b9b38a7d743683dc37856d799e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
230KB

MD5
26f5b8aa93740dbd29983ed01e2bdde9

SHA1
bf6482ccf31ec312fb7ba5b3d283226cc3c6d39d

SHA256
41308a33bab30147dae0192ab412dc3bbc517bb2dbaeb6138b901f7723943859

SHA512
817d6fe49dfc01d8c66c902cced0a7a3dd96fcbe83063f11edeb694d2058cd8848869f96245e03a22442f0e8ac3041748e56c799f9bcb62a6085e6bb8210e2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
3.5MB

MD5
c330892cc86658275be7a69ba059d69e

SHA1
d8e8c97f0fa302afb82ef1b7b1b527f859e5a90c

SHA256
e18921a92a9cd5fa58899d6b93ecc86704300f007449330c7f7323854d24d628

SHA512
cf10ce367abb7bbfd3df678aa40fc7dedc88fcf16f9b662d74df3c8136882e69d9c1ec3a818512b2569cbb7db0f98f3752c6a35f4b54bfab19afb9a5826c5cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
373KB

MD5
05da24748ade7d4b1f443a96b46de2fb

SHA1
75c42a1a10f76c6b28150cdfc9af35688f5a2157

SHA256
44c0defc383299b6c7a1273c4f89eb7a9518d3bc6e7e769266cabc03482a8ca5

SHA512
234e29b2a1a2f2e1d2072e66547c0d9ee5c5c654cb71948cee37d095767856578efe3257967cf80b4bff30d65d9d2e9d3cc34153b594679318c455d1f01860fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
31KB

MD5
3515529e31a00838a49697baa964fdf2

SHA1
44f613aafc22b744be49a3805cdac15be1e905db

SHA256
b43ef25df8d0539b082fc44e857831dbfd052f64fdbac1d195d9ab235b155f89

SHA512
394b775c57831efbc72b5efcd282370138e397fdf5311849377960013186aa1898df2a8cbb6731c1139e673bde4364c732bc062dbdd76e09e2cb2f3ae888c84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
68KB

MD5
98356a1d7a16d07b3d485314399342b3

SHA1
d20104328eea41044125c91e2ac56bc1a78ffa4e

SHA256
e7c764d17824ac3f7bf86bd1f4a48fd36fc18aef7292180dccf3975faa8b87bf

SHA512
32d8010b96ff580ca298b4b00f91d8b6659738b89370fe64e764d8b9cdf4870c2183966520332699895dc88effecaf189d8dd69d3afa5676d067aab35250d1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
23KB

MD5
ffddf5188364a0ab628c6902dcbd8cb9

SHA1
824c83ef3f2c9bc36ed2998df7b4278436044ff3

SHA256
5a04365863488833013da33acda0ec9e873224236128c7ccfef17322469ce881

SHA512
92c32ac8236dc2bd33c9902d3af3ded4bee8915e757bb3c301d5c5ba35bab6010f4ac7f247d4e529615d6412640b3e6ada5bab25d94cca5bdce74be4f2a75725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
39KB

MD5
caad4d94d4522475cc210eac1c604a21

SHA1
615b05fc8e95b8ef24483a20b8ca6068165ed5dd

SHA256
5c0691883f6709ca9bf453ee46bc6efd3298cd2e88d22b6e99aa415cac98beea

SHA512
6e85c9dea7be387755bcb7d03afe1ed47cfa1c7c136c0edd56bdb863e7b5c5164fb7135efe06160ef81e0f58dd3feed819af486fb51d1adb7a89ea6de3e6de04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
28KB

MD5
9efa77e8f8e1be4b06cd6248542b63ff

SHA1
f74c4d100d9f4db96e46a5081f38ca46f301a4c9

SHA256
3f08e55294e2d5f7e2e1bc9929e82f411f55c02e354ce6c27872be2aae43cf98

SHA512
f0b532df2b5f063aa3d33b40415bb3d86f7454306fb1f7771f4df144df8b8c4d4b82d74a647ba73f90f98a2bb91e520177cd0c99f3dfa72ebf41d751bd45e71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
22KB

MD5
1d5d1b97adff2ea14cd6ec8fc5d83d76

SHA1
fcf64c801aa0d9f9f8e87124c3be80bb1ccc677b

SHA256
d7f27d5cdcc6b378456aa747983168608f938a69ed9aac3b860669528c79a556

SHA512
a2365954b8c17ac6afd07539fda0fa2d0c3207ce51c75bdf5f5bb3fee86cedee5d7e83a984b039adff3969be8f0bd31f281976a5a0bc08defdda9777c7640140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
31KB

MD5
a32a8ba45e57278edb6e1bcfd6f2a18e

SHA1
08d4cbf42b87b0935949fed4eb4b233cdacfe56f

SHA256
f706cab5da65d905da67665ee3080ee9d1cfe5b3636e7ebfa97f1c482fe8095a

SHA512
8e7c25efed2984cd3389b309e952ecf4848c39f1c19248778bebb01c82bd55d51cfe360b718bcb52fd63cd95761375b9ecb2c0c1e87a7c2ea60d6d2528c36142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
49KB

MD5
7ad973dd06d0ed01bc1db4b7727bf5a7

SHA1
79dd1dd4d15373fbedff9d36f3410c090b3bbf23

SHA256
3a1e11b4c3273b03089993cd919d5a0707c2388c97c9255c54dcafd8fd1e20ec

SHA512
407af07906f8f757a3ec89b11fa400c01cf187dc8cecff1d88ca1bf6ce1384720456bb327821b8fe6aaaa4c6281b9bfd8f3cc6f05b59efebd40b00f1e1b14e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
211KB

MD5
7a1ea406fb06f2ecd9954a8ff59219ab

SHA1
165892d38138256d7753253c918028bc77816df1

SHA256
394353e83dd8ee3023af0e5edacc0a69e200f510c6d981d181db365d12373c6b

SHA512
b3a393b7a6d63edb5fb267cd5c97c397d81705d99f435c3ef213d5262f06483d61bcd7eafd4dd24d77b5aed3acc9a377cfa6ba2ad38d0b9dca7f747c93e525b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
53KB

MD5
1f2b29432d90ff3c46109b987104a3ee

SHA1
9fff691de531e0c82053b62ff464424b324c87b6

SHA256
07e76746a5d2419cf71efd80fd74bc219291468ebe7df8355a64f8ee911f361e

SHA512
b032ea847be5595d8375445b175fc2e9ce441715a4ccc480726165fc9b72fe20e28db07375757a40a953823690ef6f523675d7553d0d683f497ba538dece1c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
289KB

MD5
e377e60c24c1337b4f7bc95e952b4fea

SHA1
7456750566f41eef27a1283a2b33b896f4e707d0

SHA256
c02a9b4c7317bbb0b7fa8d27f26284e860d58485d7eb525f1cd46d644aa2e2df

SHA512
fe64569414f5c68be4603d11619acc775224ee504e5e0155db353ceaaed7d579d6fd8a3890fd0663f16538558e6bd7ac73f833553357ecb1eac7590cfa0a4202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
42KB

MD5
281bba49537cf936d1a0df10fb719f63

SHA1
4085ad185c5902afd273e3e92296a4de3dc19edd

SHA256
b78fb569265b01789e7edd88cfe02ecb2c3fee5e1999678255f9b78a3b2cc4e8

SHA512
af988371db77831f76edf95a50b9ddf1e957f0230404c8307914f11211e01cc95c61e0768d55aa4347f24e856d226f7e07ac21c09880e49dbd6346d1760b8bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
133KB

MD5
f9bf0f65660d23c6f359d22720fc55ae

SHA1
9fa19ab7ea56165e2138c443816c278d5752dd08

SHA256
426ae06cd942849ab48b84c287c760f3701b603ebcc5c9aaa4a89923ef5f058e

SHA512
436019a96e47848533684a34e3c360f516c29b2aa2473d0a05d50c0fd3ad19eac39df2de12b6ec1c6760493efb5abf58e6a54d32080226fa1765983435634d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
136KB

MD5
db985aaa3c64f10506d96d876e350d47

SHA1
aad4a93575e59643fed7617e2feb893dd763d801

SHA256
234feb9a8a2c759d00a4959506a3b9cb94c772186a2d117aed973347c7ef1891

SHA512
300d0d35ebb9e27d66489ffb3e5502a4dcd3af032fb0f672d4f004e3846fb795772b6938c99dafed6fad0c25da8412d6f6a7b0221eb2540e84527703db5b7073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
44KB

MD5
d295c40af6fca08f8e0eb5425351f431

SHA1
1d246a1e54b3a1f2428883d8c911af73eddffca6

SHA256
5d225b25d66b30563a00f395476ed701130d3f749620a63531cea09fc537164e

SHA512
9c9f23cb775244eb10f83f964b36224ad2cd5152cfa5ab82928f68ed1cb49be4156f887cc40a857b72efd0833014e4366bf136689a717dd58828a1b195ed486e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
175KB

MD5
7cf1be7696bf689b97230262eade8ad8

SHA1
8eb128f9e3cf364c2fd380eefaa6397f245a1c82

SHA256
a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba

SHA512
7d7c7dc08001079d93ef447122dee49abd2b7a84d1619a055ff3e7ec0009261ab6add018560bfd82ed22b29c1915bfd059f02cd83fed2e15e9af05a5d0654e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
38KB

MD5
71d3e9dc2bcb8e91225ba9fab588c8f2

SHA1
d7e38ee4c245f64b78eb18e6ecd7b9f53b3254a8

SHA256
ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813

SHA512
deda05ebd575d413aa2277876991ecc2ea238907390753485ba1b487ede2f432363c46daad5f3f240eaaf8d3258150829a3ae3d2d9c420ea59567cfd440361a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
37KB

MD5
3d6549bf2f38372c054eafb93fa358a9

SHA1
e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b

SHA256
8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104

SHA512
4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
22e7632a359f718b2bf08c631d6adf69

SHA1
50e8c75dbf43972e7d18a5e359d0ee10e0277b50

SHA256
197d3179950a3c2760f3d2a2e8b2a4c58933e37dd28731ed77c041467696f278

SHA512
500bbc95bbf2bb18a443b29ab7096152754d145459d7c49e5e024565a93a97ad4e3c569e6ee0904ebea2366fcc6e3e93d954b1b03899c286c8c2a11468ed294d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
156KB

MD5
3b0d96ed8113994f3d139088726cfecd

SHA1
1311abcea5f1922c31ea021c4b681b94aee18b23

SHA256
313818d6b177a70fbe715a5142d6221ac1a1851eff5a9f6df505670ddcd73074

SHA512
3d78c250029069e1850b1e302a6d8a5154f6e7bc5cd58f449b8824ccf418e80dba2d5569a9cff72f51ccc9de140dc91148f93ec4717f4a880e2ba94898fbdb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
38KB

MD5
7f63813838e283aea62f1a68ef1732c2

SHA1
c855806cb7c3cc1d29546e3e6446732197e25e93

SHA256
440ad8b1449985479bc37265e9912bbf2bf56fe9ffd14709358a8e9c2d5f8e5b

SHA512
aaea9683eb6c4a24107fc0576eb68e9002adb0c58d3b2c88b3f78d833eb24cecdd9ff5c20dabe7438506a44913870a1254416e2c86ec9acbbcc545bf40ea6d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02d6ef32e8d5a8b1_0

Filesize
796B

MD5
5543e5918c7268daf1b637a1e4d4664e

SHA1
6ec3d50a7eb3e66a0507afe83a7673a2606b44f3

SHA256
ca17d9a2ff1bf1985494fcbc0e2eb5e2dc9742da2f216ede01a0dcdfd65957b4

SHA512
317a0faed63c24a25a18d4a67e95bf98f9487a488d56e1db46d5feca14f05ddbfee74393bd44ad2f62a59d6c1eaf8e7b6f3636bbc47000c4b221466d347482bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10c98ea5ec9806e2_0

Filesize
3KB

MD5
3461913ee0a0f5882bf7ad7d5ff97621

SHA1
a7fd485a5479f5509b03c017adc1c574b89d1995

SHA256
87229a4b628879175cede9c348ffd69ac69d86a7a54e92a3fa0612859522afa5

SHA512
f688556801d996184b01351e0b1899fe311ec192e947902acfe64b4c05520352f9e05882ffb242cc589f3eb73e044aa9cd665ad0ac28f31831a1d9268a7fa603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\140741acdbfdba20_0

Filesize
2KB

MD5
09fec8a2ba4f2c02362c79c10de44494

SHA1
203f9b2736c493beef3e3eaf1b21fbae91cbbe08

SHA256
06a6d09ac7fa5722f893f62ee1851c84db7d5503259a48f3654ccf8292550971

SHA512
7b05528649942c67f5d0c48284e8c2ceb1e51a2f307d5b1963f0a7bbebc31659c93e385e095c2ef2c29154f4fd58d6757f6ba13da0a0d2f2a9777429eb734c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d0e41e3c7f95e4c_0

Filesize
91KB

MD5
6dcaa85b4dbc617015629573421c5032

SHA1
adfa265275743afe98c6bbcbc476ed43491833a9

SHA256
5d477988b3e0ba89fb9d644791dde4d32bbcb072db6a596520493b33200dbb83

SHA512
8764bb8159687665da5a7491af4007dc21f96b1d543a71c35c9962221de5ce090cfff9294ccaadc820a44dc71d5cbabf39e1f13071783130bfb8bbbdfdfe50ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2493d987ecf0e33f_0

Filesize
6KB

MD5
956d085582a114dcce495d6ffc98a5d1

SHA1
9a1aea1aceb1ac2462b93ceb8980a7b47100c272

SHA256
0db443311b91e378d5574ba4611f73ce03ac492a6a524d5187f961c8d11df72d

SHA512
1ff651829b87a730256decc386c5fbaf169014b8a0a9c30a61879679d4f252c136a0707d83c1d265aa13534a4631306b5ceb96a95109d4136648f38252c0dc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28e4b21c3d8bc15c_0

Filesize
1KB

MD5
6680cb91d3ada609e0238f0294f17f1b

SHA1
8dd68e4b03eaca31203c0e587c5877c25630cd08

SHA256
dd2b35cc95542de95bb698cd41cfcc8b3420a968db0fff43e2ab53560da07eeb

SHA512
1ec2d7fe24ab15789a20db8744500417fd9f350a0c1f34b51b45e061be5d8e3bb29393d90890c7538c893fde1a6e13eb5c80fa88898286fcbdb04b950c69ada7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b33d19c309b10ee_0

Filesize
6KB

MD5
6e1ae0286a300edb0001b0297c41ac10

SHA1
4c0bc69bde6ff795afcbb214405f3db5823c4623

SHA256
24c98b57ba4b577dfc0c4e563c742be601ec6617817be6c01e1339459015bfc5

SHA512
38677b50e9cc2378eb40d5348af44f1d6d4a73159ef2c81ad75f7cdc60b2afe207353985aad4d2c7048b6ff07fbd9972cd2b92487148de9401b16a5d3e3c3d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2df15ad2ecf4e054_0

Filesize
252B

MD5
6a8a43953c4815e5410f4885b816be66

SHA1
924f20ede1ffa25588e001ea205236d1ca6af919

SHA256
144c4c5d3e7d5791db5766c00acf8c176429692b8aa5544b8e151cd7c46ec5c6

SHA512
92583493c9e19b04c45bdc63d341e56084ef2ac3eac1aa771b9820dd28e75dbe14b9e1eb3b9663ada43c86f5e520936e2f2e3aa56f64a9d23635e186190dceaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2e9e95519880f8dd_0

Filesize
1KB

MD5
04cfce02409ab76f1578bff2fec10f0c

SHA1
359cebc8ed43542e9306aee3167d4724bf7c39ab

SHA256
25c8296c5c2763adb8734ac91cc593d3f65d4de38034df247ec82d0d9f9e3f87

SHA512
2565bba0b66d85edd53f6081d22fcde37625f8ba059d71b4f45dafe8ef74c66f05cbec69b99518d2d9605287ed657d87d2ca1fa8aa968c0e3007bd2f2b526885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35d073a92bd4daa5_0

Filesize
2KB

MD5
511bbd447556540ce9f1c91a5ae31fa0

SHA1
01144b21fce091bda2c8d5d1435d981e8db381b3

SHA256
c2e2fd7c0f20fbc75d64f5291ffe2e784b7124cad0f8fe915079ff820acd7d9f

SHA512
d9f3acffb3517b00ddd4d0dea735504dd5402d3f1605cd31cde7c5db9c548b988e03bb3ef14718a7ef02fd225c7744ad27e98a5cce91358287c84d7e2787094a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36616d191e8d1eb4_0

Filesize
10KB

MD5
b1922af7cfc0e15a2d80961ab4d3fb7f

SHA1
c8d7fb0a1de6b11d31bb391cdf34dfb0c0565e00

SHA256
915aaaaec5a3df58f167031eb8658fe190d9b657ed0d18eb6ef71a5cc556cfe0

SHA512
e1fcf7e43c06f5b7bc94e49d23ed3590633aed76bd5f3587ea087e87bac6aa731cbb21f08d1c5b32027354f03baa6f0c2ca82f0d22ca4b7f8db034aeb9f167c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\36e1163cf293b890_0

Filesize
2KB

MD5
bd233e3d13d22ff621838fddebcc97ed

SHA1
2b44a0a0bec00215eeebfb13c54265a1ca2f7793

SHA256
7f5a456f64cdc05ec523fec846c0986969cfb79c6e308d8e8dc9555e964baad2

SHA512
47c249d92f1b89cfe3b576c1643701798ab3feaacc426cf2148bfc6d6804f18c297e3d5d6fa8262778bd0ab83d1ffed9d5208f146f9e5e74be1746d9e90a99ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b093e056e12ef0f_0

Filesize
1KB

MD5
c6913f5dec101cc9709bd19b139bc7ae

SHA1
1c4bd714ead127442815a79262c5dfd9bd0600bd

SHA256
8c1f109157726049994c75161948c7a8f04c40746e19202eca7e15c34b497d92

SHA512
fe9ca81004b15c32afcbbe44a357d2211dcbdccf62ad4b62fc090efa9a71490959e92fb826e0c1d10cc52d593d46429055c91f65f4af03f418d9c3ca744b16ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ed57e996f940e88_0

Filesize
2KB

MD5
ade4b3f50b0c9e9417592f835479f798

SHA1
32e8f7d52debedfe26a0914012640b7144409362

SHA256
67d4b679c92a60454c7f924567e6218899ff8958e3d3bdb91afc6f9f01a3626d

SHA512
ce8ff6b52dec468ca225a69d28a7f24d0ec0cf734dc220a0adb32a205f5cacc95d33c0616b1d9477e568f2b50a85f0f6cc0f27e5280af033f930ad73ed90b173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f130fbaab0ed19a_0

Filesize
1KB

MD5
2977627f0ef4a9f7f3d1add96ba9e28e

SHA1
bbc90b0d4cfc786a3422df674edd4935709261ef

SHA256
1f6b05510ce6d1f8e0921c16147c8304b6bc1b43b8498a12aac684c0fea31a56

SHA512
5043269ece250114ac98dd359a6ea4e92489b1f5051f144c805cdef82ba6b72311f8bdb4c6b7056878b06ca7d8d9eb780852a43ee6278b1fed31e0042dc130d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fb98d030ca09faf_0

Filesize
3KB

MD5
de7a059ebfe93fbe68ffa7e2e358b419

SHA1
cd6b4126126d57b0f06394b58d7418d260fd1f79

SHA256
7f9ecdff80214df7a67e497db3c02434f7de29c7702b1321f186283ea40939bd

SHA512
cdef5450e9c454366a63307c637a592fc64259880f9bd0a99246e0f1d17e2073e3bdd8bb5929f38cc84ccac7820766936a563c56534f61e7bd9be7434ffe8d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\404824f2b202be0c_0

Filesize
2KB

MD5
85dc289e5ec17cdde997cd9ffbc51df2

SHA1
d20f464ea84fa83cd00e6f5b9c55df24f3f28087

SHA256
2685e1acce835c64f1dd91404e07040b26202399bfc82dbc94f11dba3792a6b7

SHA512
6f9421d13ba0ff22d14d84c9f3d33cd4bec2a231ef85e0d99f14840b4bbeb4e6d15ff0d8547f740648ea126ceb25fa36e97ea2a7ffc62ae63e35b7a30c7c0ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44f10978fa7a5cb9_0

Filesize
2KB

MD5
5d0e3bf3d50adc32dee5e2d6ad6273f7

SHA1
a814e6ca9750159ea4875cf8e29eabe5b2a95e18

SHA256
434fa7d0c3315933937a783dc44023e4ac151a5f6d78a0a8b99801ff51f12dd4

SHA512
5f55c68ab43d16b3b17db41d8e7c26aa28a9d43928ee049354730486c558473c7293ef30880ec640ef6f02a9828e8f0a878d21dd5dc6c8e350dfdbeefb3b167d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47bab7f78058fea8_0

Filesize
1KB

MD5
7fe818e76462e5d6253ce5bbad015484

SHA1
7e4f3fff579c700a0ba9a7694042c32132db9a8c

SHA256
85436e0fac9bb4f33629bf4a065b60bee88d18698f0ac4c3dfd3189c1d8d9dd4

SHA512
176c2db87459f22e0999cc81a7903a3ec20aed65b0cc9351b6acab09d7c1308670d0d239ebdbcfd93d0f0406c3df36f2dd5a1a738cf9977c8e2cd3cb21505bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ee372df9f33cf07_0

Filesize
1012B

MD5
95b6f48737f8f95a3ef60694f2e3a993

SHA1
23841cec633c889c15c9645c2645ae8eb9b64b87

SHA256
e07b569c72a171ca2e49059bf8b31603919aa117117bb1c030d245f060e48aa0

SHA512
9076b10fca1024f00dca4d0ebb7106a5d8d62e0ee8293ae16d99b4403da9fed317d503c45b3bef98e96e3fb21f3fead29f8ad6fb4bf2e6abd3a6abef02bf01db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52197e476480749d_0

Filesize
259B

MD5
5e01125cf44707d74f25183c96645f71

SHA1
b18e2078bacf843420ce5466bd6e8f40a939f61f

SHA256
146653e6607885bfe30b9d02e326aaf2f53bf86d271eb689f22c8409f6de2464

SHA512
113c8d0381ee4c0dba9fc56b0dc483b1b9296122b13ed66f52f5ad7100981c3689061446b3803e130101e4f653f5e9141b569f36e6f72cb99629a2b901f513fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5cc34bee5da4cbbb_0

Filesize
9KB

MD5
589061a512a7b41ee481e36eabb56633

SHA1
fd81777c6c832ea8567b3f004749b6abfb4a7985

SHA256
6306ae328d09ce42e72463094644b228a7e6041f837337c9ae83d53e8f196e72

SHA512
09f9b95b141faff743172ef2cca3fc1944578111014ce1fa164c7c054b261ddfae50c733958173956ad6ba525613370ae4ef027e64ca061cd9a3b87b23a190db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f6c82db18fe5c91_0

Filesize
12.7MB

MD5
1ef1d9953a7eab23d9493d14d0f776f3

SHA1
b7b34ae57d3053550c3bace950a2e17ffc2fe2dd

SHA256
e774962e053d6a4b0b362002194e33a3ff81a2c102afe45dc2bd359a5b5ef372

SHA512
43b5110ebcc0fe412fb956e1977648972901be0102cac4ec0de2776b9550f0d6b3defcbdc89f1a178701cc5352add08094bfd0a020ec24e1dd5991ec5f5cfb94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63dfa7d60048aa63_0

Filesize
132KB

MD5
a24f252383ac070027f864fe345302db

SHA1
71529cc862d5b350ee09329de5ae26d191a605a2

SHA256
c43f7f46a03b9e1ab9074b76d9371c6cbcc705e90d829e2877f3bf51769e7096

SHA512
7e18f00f51b6bf0e8678bddb0aacba58edc34d9cd70fa720b6a14a8c91740424f286375333d91b50e94f0130787920a08de932a680e1f109da54de1a92eb690d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6559446428d94127_0

Filesize
1KB

MD5
624b527274a52bffe7ddb5b5093d0918

SHA1
947f041accdb29723fe7b412e325d741eca406fd

SHA256
f1de894134cf879f91ff7e24a8b2779bbe8895ad362cbc51530eb8a404b10901

SHA512
94555166827189f34a2342eb732b2ee7ba0e37c72cf904b166fa9ec5ec88f63b87c000b505b6217e56b5586bb9edf2bb84ebf28f2243fa9cbf53fa06ddeafb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65baf26ef368efee_0

Filesize
1KB

MD5
41e12d19768b6543a7884be94c593e06

SHA1
5706c2f7d342fe413a18bc25469e7bed5531f935

SHA256
2949e4acf2bb4225f063252c40b85f275506161347d31bc2dc16d335bfd44208

SHA512
1fcd0d5dcb9e84f59aef4bed8ad3c753deb6ff6a2e06e0495ebefde4357ed729d923fd9ffdd9af6cd8e963f6e52757b6e6b0fb10f1e07e8a2edf35dea0c9966d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c3b6d96b4abf357_0

Filesize
13KB

MD5
7aad35c3a1d49b0e7c0d0aaf9cbab99c

SHA1
d458de1e8f2423d76282353c4038a27ab332e141

SHA256
ad188f84b53d10d7171fe1481200bc3d7e6b05aecf179859ba178fafc3f9aadb

SHA512
77c4cbfee1a638cc368c2bc4d3ce4966b8338d145d4d1fbaf916c3670cdf79247732d55678a8626581900b782c375deab3f0cd7190497d095dccc21cfff880d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c590444ca55278c_0

Filesize
1KB

MD5
53a945956a022e25831651425b3f5246

SHA1
9280a283c017dcb3b4b68258c530a70a5acd5aa4

SHA256
e4eef30b6281c38d7da400e6b1475afe0b31659d388730166d31c7b06df88e00

SHA512
0df9b26c951964a1a53e641552cc70526c385f0950bd12673d3631bc304b66cccf78071123aff7e209769f0dfc18a0c1e51fbaa7a46204704bbb04aa094b25b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e4d847f97845b01_0

Filesize
1KB

MD5
267668b775e3a27c754a142b599c2aff

SHA1
997f61f3b1902aea43bdfeff3f7bc74866e21df1

SHA256
99aab16d39dbf84422a19281878d4a7f873dcc9744f72cf3f678dff339aa5ebe

SHA512
3e615c6eee3ea5122767bfad33ab53777280a52b57ea3dcb72b643210a712345be6eb6621dd04675d695383b2e62e827e885730e5fca7dc99ea791607b5b94a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e6f83fbe3a275c0_0

Filesize
1KB

MD5
913308e66231eddfede3d5fa4a298e93

SHA1
48911fbab993b4e22ee771407e473232e8569383

SHA256
ccbe1599acfc5563a2b832392584d4c4ef96bc2101ac846c8664dd7f5e71e54b

SHA512
f783bc961bbca2c4ef2dacaf6e96a92ed6f365b515d5a678771473e1424f9e30371a67d503e65e71af93ec6a15480b325f9560823cdb3c9def5cec49be70f790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f824be133605cf3_0

Filesize
252B

MD5
277fd4f7b5a2755caccddfb6c1e8fb07

SHA1
29528ecd20e0be1468da627ffd02e2a9119c33f8

SHA256
62227f86fbf16b974e5a9ec0d7ed303cdffe88b5d21de05fd1e1b6114ce75bc1

SHA512
82f92b42ce47f6dff010226f62a85a8f15f0551d67fb6570e4818cd5a0c0304ec1cf561f6120528a27434d50e2997ed06af1985da6c63227f5a69a4c553565bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75fe421005bb142f_0

Filesize
2KB

MD5
0f0bb3c91f3c5611fac9b5f62117fcc2

SHA1
f5f59159077f4169880cf6c7c58adff8a2f8c181

SHA256
14846b58d302fd0ff515e0420758554e1a35e5c595f43109398b42d8968a0d5f

SHA512
c5ee37cb7607320ab1a18bbafec9776586242e8bcf52b039114dfaa7929ab8c3e33d08b4f672ac893b3d87a73a655d59f99f33eb5acc2d90f23900f3d3eeb930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\811b50912cc6daba_0

Filesize
2KB

MD5
30349225e9db06123f23e3a3013df53c

SHA1
c080ee04de95227171a3a5634d954d660330811e

SHA256
a29446b21b3bc7e6e00457a379b38184cb7390a54d67fdb39404c3268db923f8

SHA512
a04687f341794e67cc420da502f8aa0645738ea1b3d5713fad89ab8203c44275cd8435301d8b1d93e3bb18315e6fd11f51cd2dfe6336e722c75cecf97868b127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\85433060aed8ed65_0

Filesize
2KB

MD5
04f53ccb26b039cb953773a46cbc2401

SHA1
14a1e0c9bb5525c522b425a32759bd896410867c

SHA256
a6ed9d9821cb87deb8c3c532fbc29c636b005585d73323487c6aa1a04704d5ab

SHA512
8d41a756421be3b65f8c3aaa29c8cd740b0ec3245b3f6ba8449b36c2a0d4e6c2c0763447e23c4785734af24380f1954a8992d727206418339283acf576eb1649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8732cd2b7c5e4f8f_0

Filesize
60KB

MD5
720e7b5ce34bf95b27f57875f9ba8552

SHA1
757e22dcfb652026e17039edfb643bdac40c9815

SHA256
bd69879846e35495486d0635f49227c1a25e2e1a0a556272ef08bd1cf180a5bd

SHA512
dd530a9546ed121d90d873ac22e2ffe2bb83114d69aed6c154107d2ef214427eb4f7b168145863b8d0da91d44668ba167ecff6816aba38a6b74cdc06f1a6c64e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ad71b2cd2822f80_0

Filesize
1KB

MD5
1258dde8eb8f281abbca6b738348380e

SHA1
5e1ab6fa33c1e4c3afdcb1bf84aca2a093320277

SHA256
f602da539f2f866e0fd73a032576000a9382619bceea1222735697cd4c5f2100

SHA512
9fee4993202d0320e46f2e565e1bf89fac68984dca6ed5836667d7296f88793e729e51b80c8663253ca855f6bfa88ee0d73048e0f90fd59727a422e9b9929c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ace6ee64b2b2865_0

Filesize
1KB

MD5
9eff334041a36e7eb0c5b55a4c3860c8

SHA1
f50bad3e1e26fdea95fa9d681209011794d47b80

SHA256
e7c6ad3e910cb4cd3ca0c15930bcc05c69442e5db78adfc5d685edf533678286

SHA512
af99615162bc4cd3385afd505ec2672ca77e9ff1d76e57b55deca28819992db608aa49681e7d58f41e555dd0a84e110278d33c633a228abe5e1d736246f4ba3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b1e19042ae9d9b5_0

Filesize
12KB

MD5
8ce7995537fcf9d5d70d2c2538b59bb7

SHA1
027cb2fd7d1993fa36995c9beb00513bfc76fe8b

SHA256
a88d529fce2499feadf55802d1c418e5cca3422616fa75910b762b4a1b9cefa6

SHA512
362fbe23e8ebc4b697e78e5fdc96efa441e87fb857d945593616f177e9424fcc9cab6acb2b3097eac8da9c321474a6d219220669b7117aa06d8e1e71104450a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b72207035589b83_0

Filesize
1KB

MD5
0622bfb33b044308993c755e7cf27cbc

SHA1
6f391d968356f745a5175bda73c0ea00389a4062

SHA256
3237f4999de417b6161a35467054f781282d2945698296aa2fa67fe9bdccd2f6

SHA512
537204c0edf50e25f1b346394e2beb5125a8bb874bc4b5e769f3e013aab63a4d63b07ca818b4ff0cb14c19d51bd918d14c9b4256754d4fa013daa11a42eb173e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b7cc8f7879bcfc4_0

Filesize
2KB

MD5
631b084da9b0fa4d720a67ceb502bdb9

SHA1
aac25745ba68948205edd2f86185e7ca3d461d6c

SHA256
5f7676445523360bc7161dc9a716a8bdc2c044399154a8384b1fbabdc445b1bb

SHA512
75d5884b6c06c502326b633d94d0b25ce0764f588094ee9f0fa0d049f0be03c86be895f30518ee0b6bef9f9f04f6d6453c661ee8db0a8a1113f05646fbcb17c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ee9596f8bba819f_0

Filesize
1KB

MD5
044a1e79ca8c36090f16f36008e8579e

SHA1
b49fe677d1c71ab33271460d11b591bdabbbdacf

SHA256
8cd75eb681969208c2766119692570e6f0ed2b3930c5a596fcd4a36d6d2d46e8

SHA512
daaa658066338f32bd499391fc810a7fdd1b074a0adac66c9caf48256d169caa8771694156b284951476e707f2a945c70355df26405eb224b5c4bcfa27d61d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a3f097f3d946d5ef_0

Filesize
25KB

MD5
17bbcdb669d890b27d8762170b275463

SHA1
f56f08ffe79e6987257c07feac066f4966b18470

SHA256
ec60806f64936b51a39c0906ceeef1a2eb41429d02d6c709dd95e3ee69ffc0cb

SHA512
f34988cb347fbcca17bb51bc515acde3111f98358eb667a5751dcadd4853ab1c18e8bc242b310e819e33b4c7776ffc29293a178b398c04fc0a7b9d3a5449097d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab26dc6183eb4712_0

Filesize
6KB

MD5
91834e345edd24574ebc38fcbd45b489

SHA1
8597e484269ab05ef4e3250f6dfe774bc097d346

SHA256
859c2b0096dd6e9828122d0d9f05a5756e16918ce14a35b0b908ff12eef9e9c6

SHA512
769eeca0a381c5f5a983f9d0df846184d44672b66357facddc5f643cd60cc0dfae6e9d85e1cd0220f9929608dd56c20fb7f2710a435b9e5c006e3907f58134be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3b18e70f37a839e_0

Filesize
900B

MD5
d3ccee43f38a49fc3f3aa1141f59dd6b

SHA1
878bc4ec6e52c11d4eb4d7d9e1c0cc9cc8a0e495

SHA256
1090074bc42c407fe775a9103e71d058fa82cb06394dec4911fb65054c468bab

SHA512
89c12412b9b215354d73e73bf25e47599a7097d49ecec1070a0453a8904c55cb61f509448182ccf285f8fd730a509e7a5b4e083fc3720d063e8dfe5b070e0b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b86fb1d2f3b1cc1d_0

Filesize
13KB

MD5
22487567b96008b3da6d1097a997029d

SHA1
612d12d22f13b0e1e2eb33e60730486577f19411

SHA256
9e009b08b55b9b19ef1a533fd6ff377ffb15855f95366baeafc14034a42c4e22

SHA512
7298daf2f4787eb78d5576e666fd7eb9561f96056780a99d32828711558856b231d77ed693f6ff1e96dec73dba0bac730e742fb71e9aa6de37b131d9dd26200b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf39af0ad4f35b77_0

Filesize
3KB

MD5
9f318ca8563f7a7559e41a5eb9d2d6de

SHA1
88f91da9d52490e72f6149c262e558cc1aa64a0c

SHA256
63f88155333d5de101e69bb3fcf00ef020cc11a79ac0416a35809770e2d6a69a

SHA512
7fce5486bed7c3ccb6ba12680105f4f0bd3ddbd66d05b7b6abbd73160c2e40ab15a7577d45b0197511ac8caa3ae975afe07a31f6ed680fabdb629c59a228df36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4cb4db0eb59b511_0

Filesize
1.0MB

MD5
2eaec34c7ee18f08d18b999b75a43213

SHA1
df58fc4302d1c7ebfdae5aa81c871c7e2470aecf

SHA256
c79097eab2f68a1b64e7189ee2a24343b84232ad4a21dbf938b7f8e58abb1328

SHA512
88ac2717e901c83a65f5a960d9dffc5ac7f11e570f3bb570ab93505cd6b5d226c6b53da16bdfc6223fb15d25f98c0ad463acebc18b363d6428a8b1ec88c18489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c60939697ca1902d_0

Filesize
2KB

MD5
51c337d566e37e0616fe8319237a1f14

SHA1
d1e18cbcf0ac9d482a6e02a5f0254371b443d267

SHA256
3001cd1b50150acd7f174d6778b74c62130634e1c8ac56330e5db79e96b3f1ca

SHA512
7e5a9e21a22188d0553029f84bf8c5461d13522408fcaefe81380488995da9ff73d09ff015ec07ab2677a9601a3aa906198a56e25a714afd1082bd52e61632c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c8a3e90e95e74793_0

Filesize
1KB

MD5
142a9416c6c3a16379bc07e4343ec009

SHA1
f53071f0d30e8836dc151879ef3fbb5d9560df27

SHA256
8efb4ea3d1f81808ba0a7c2bc135bc4c782dc1a27ed588105b904ba201e837d8

SHA512
f456c3fff9403d85d581a8aa71057d1ec74ec84f378ba4bdf6ea408b2fe546eeb23194eb74c899e5666ab327c2b7522986b9a40d8e6b39f00b2e77d414cd7224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca8a673c2c057895_0

Filesize
2KB

MD5
fd2afb90afd7f300d151eb271ef92e6e

SHA1
530e16bd8c8fa842ac6adc9432a86d64ae4fd789

SHA256
7bd57e456f98db59a6c09f96e9a45b5ee925a175c3e43ccbe0257a98e305081a

SHA512
8a19495226ed822915c2e2e309c5df8ada005ada1196dfe81dd949f03a795fc4a77e203b8700b9583f00ca3e542c46c6597b4f12fa852ad7d1fcf367eca5dc5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc02c75a2c396cc6_0

Filesize
2KB

MD5
fb1290bfb6ce63c15f5a3a7522f9992c

SHA1
9ccccf0cc9178a1b96ae079c217de913707900da

SHA256
0d104975b824daa6ee37cba18c34e845cad76e2f76a706878fb94d4ac6c2dff2

SHA512
bc764830389eb1270f073ecdb1007debab2a51a898963fa3b56fa5685e1b677611872bc18a6d2de29e9c9cde683e21a9fc0f68ebc2fde7a6efc46b8f73ced9d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5d6b1f9e52541d7_0

Filesize
1KB

MD5
8f376fa48b2fca18306ec2a39a7b4a08

SHA1
b3e8f02c5b29a736590e5f34c3d46aeaa223655c

SHA256
a4ed9158df788dd329fc8ed7132af6a43a12400bfe9355fdaa7ef37eb396b311

SHA512
dcd26f124e5c924c82b6138c075c285e80839f305b19e3e95f909daf166c88d1136b5c703e1738650f3d5e536b202118595e5bf9acda1432abd3d510101a902a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d70decd486de1156_0

Filesize
1KB

MD5
b204bc9286a5bf22b10d63127ce95d92

SHA1
7d131b6dc7b862ef963a240dd60a8244a6e57aff

SHA256
6bd33597a8a53664f28b9f4462ba8c921153e5ae948715a263aaa0d19277d258

SHA512
acec6fd7c4ee5fa56c659f63d35876486777454844924013a82fb644bbb30a2409b30cd77a94210311a19afe884c478f79cd5f725371279e2276dace1a8101f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d85274bb81138c02_0

Filesize
1KB

MD5
05ae43c17b7a8769dd02db20feb46aee

SHA1
81191efcfc6143ec35e95cfe2fb28d206843b43e

SHA256
74282d8a8f42b28720684941c73f9953c694eeeaa5e0944873d6d15b3b93efaf

SHA512
d2d55a589dce0625899d3ddc4e26dff908698713d08cf3defb88c0e8e8dd9bfe09bb9854957c9342a68a1bff6b2a7406e18fbe231419348dd4497b26558288eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d90862e5e8580ac9_0

Filesize
1KB

MD5
bc5f5b3e5cbb7586717f9393cd249274

SHA1
b8c7f4ed2c99db65a680f1e58813479df07922aa

SHA256
2e4702a2cd9dcbac7e1140d83fac340abfb5dfac74f3d01d63498c450bfdadcb

SHA512
0f1d9ba7f77e7778a72bd322b25d78a8de04b3fad4614d96ed2c306527ca2958b592c7fb838dd5cb714458dc01a2fd6b4d0e3182a2fa672ca4e3d514ce4862c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da4016f0c4fed090_0

Filesize
40KB

MD5
01056f28fa82941525367b0dae97a2c1

SHA1
314440618ef400f3852c98949f117982d87a09d9

SHA256
a09d61d012e30aacadd5290889700e7ca77a18c963eb5ab7ad58dd9fe9a1735c

SHA512
21980069e04cd58f63b233ae74d81b374f6d4e7e9162876edd9a02cd3a5b9d03a5cb824535b366d673f33499d23c4a2a113e8c53a5054f555442ae39c56aef39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dabbc2621b33a24f_0

Filesize
4KB

MD5
26a23951c9d99777c8989e79da854664

SHA1
e49a40f1e8005c17dcd89eb43f08f2927e223dc7

SHA256
6b11a161e34d79a733eb395b76fba00e84e9b500f45c574c3f28dedfe804c59d

SHA512
1ec51a245d5dfc05d30b6702736f127fd7ba62fdddff21522313173fa4f56b538e1279721a1c9ca6505a7517cea067a2b22bb98b13277745938193c975269187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e258d5a0193d71d4_0

Filesize
3KB

MD5
cf650e5df9ba34c82825ae71af4fab71

SHA1
800f8af900d0d5c2e9845677298fbe5f7ccc40ca

SHA256
51d2a36999bad6d13822d72e1f052c1dd3a6ad924686b40f24da8256be92b1e0

SHA512
031451c48d82de863f651b304551105471a92d61fa06563b032488e7a322afc5e45378667eefadd2fd3524327a1e5eb817d28633e06f823e1c85f83be35b7eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6f623ca94aeb3e0_0

Filesize
1KB

MD5
129ec8a821014697a6791d042316dafe

SHA1
4ba16557326d5240d4db04ffe6581f2b873fcd0b

SHA256
414f5c3ab853dc2db630e56665ba9ec2323f9570265e41832a108890bcf37ab6

SHA512
e0b206f84bbef897999c6d1a4f043a79d79c289d8a1f8a39558faad6e2f9427d7ea1535ff8d287a70c1b4ea26591092d3c5051749491267a330e85703c964791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eafd32115290a92c_0

Filesize
2.2MB

MD5
c91fdf77eed714c8191deed242b4f36c

SHA1
6eb0227a8867dfe9b0cecb97b87bfe04aaed4358

SHA256
021fb324b7951ced606a22d31ff58d8742d1003c29845249b717d3873d4ebb78

SHA512
f034bfccf161aba4590ea455cae6d5d38d3925672a172da8b348102df5f7a98323e27f25204981326bcdd5c802fbeba266f3e7e54695f0af7bf4de56d8ef5371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb85dd71facc3882_0

Filesize
263B

MD5
244d888a77a575b16444d71433d44f5f

SHA1
ed8fe52830c155c30809fa6b8675505e3bab6981

SHA256
f04e496d49cecc66ede9633774d182474938408b62c1e9396cbed15bb072f104

SHA512
5c8c27862f2515b61d4436062c72b3d33f5e8212558f0b6113b458b816cb1b2c4e578ce5071a18c7a1ba86eb2821af7fb75dae77c50d6aa43471ce2a78225ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2a8a293d07e5c40_0

Filesize
2KB

MD5
aa861f976d5736eeb277957e10cf1022

SHA1
023723a81a516045c873f65eeef0df9188755b40

SHA256
52ba24ea64d102785377a1e73b158b07afc4ec2b175520964288c970d0c06896

SHA512
6b28c53e9f7f827756ddf6c22309cfe8a6b3ce3270f99d3dbc4555892087a69a1251ed356770499ce152669d921ff477ced2fd524ebbeb7fae49d4da078dca92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f770e0a93494b508_0

Filesize
252B

MD5
8859392dc4c4d1f8c5ee6bde4d465779

SHA1
a79eb10940b1af8366d6f61d8e62a0869d2a9545

SHA256
d869ecaecf04b50489a2f89722ab4fe5438ed3830c0d8b9be76d2d296510354d

SHA512
3f9497ae562725130bc7738100cd8f109aa7feff80d254d88c2bc03c5d743d84ed324b49bd2305c749dbe67f2c8b485cc90ff6ee99c2795fd1f22a1ac1574318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6cb87230e6e9ff02d018434bfe928286

SHA1
c93ce3680610db2d1bec754648f5dfaf22b93392

SHA256
b200cd128990fdc88354bcc88f9452b6e714fbc5fae751e0f69ccf24dc54c94e

SHA512
5712a600aaf0bd438fd9652ea8e9af1fcf9027713d95648c0c0f3f914ade35bbe8fc9a017909b849344daf26c5d83729a47f9c1b9633b302b4a5d308714550fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ceea8a713d7bbba33ba98bb410ce178c

SHA1
a8be97feddde877e4e8dfd5591f897d7dcc3d506

SHA256
2973e3f97100ab2d6abfdd8a85d1c02b37ab96021436afd2d8e1091d111619d3

SHA512
9435648bcfe4efb8eb85a3a7cc2d181e810dc8ac154a3a2321bb606c02cc54693a97851469ec1e693d2666b7d59cc42b11af0a5f51e0ee19a5e029220d1fdc5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
68e5a8d3c454cdca806662ce423230c9

SHA1
cb16fb623413504c797cfb47f56fc48ea2e3d599

SHA256
910ca9373e6faf154676ad5f2397075ff7128d45c16caf580f1c5456390e3801

SHA512
6afe6aa8de9824d45cf546e4bcd45cb1e755f747ef47a616d8effdc36e012c8c273ad307dcc6b0cbf03c92c26efe2e0cdcd917206ba9bc935c7f35c3f0fec66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8e162f30c6e17b517a5e0db258129637

SHA1
be72ccb77d61d127a13c9f698a42cd6fe6d1bd68

SHA256
d07f6dd75ec4f7af8f4ab5c57be6c4662dd98153872377fd8add4e7c64a1bfe6

SHA512
ae4df0d3a5c7b1467af44a6f44d58e3bfa1afabd83a76c41736eb0666ed65fd497de6a4d395e5fbe852f185268140f71d044855835efbc8f397cd8d2fd150075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1006B

MD5
17d1235ae92aa7b2ca6927ef8066ae94

SHA1
4febd746da6c79754d5f3b1c2e23438695e6c860

SHA256
de4a5e2db60092357f8190bfef959c2e422fb334dd00fecc9a6eff26e7f03cd6

SHA512
7f5df5eb4fd0da4030f9399871799b4cf62d84bba7759355275fe3fb6c2419a76ce327a541dde49864df61a774e4b05368e685137890615e709907a32f2d4257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
26aa153f9bdcc4f3ea5c36c066b8f2d9

SHA1
de8ad805fbb2ee1c6387b9aaa883fea656576e25

SHA256
6b891e42a617f6456aafb8808a371ce171907bd9037128c151b9f0b731496152

SHA512
313d24f55d9451d18c96ed71d02c58c1a181c942a4502f87f9eb10eddbc4e2616cc323e070f880c5bc03fffa584e3d8b5645e1c676f801bc64c43237829a9e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd6e88ff5d4bf222357d007a1bb37cd7

SHA1
46160016fbf6bccb7f36a4aafe8bc3b2904ac924

SHA256
f0d96a7ceb1964d32f123fae7d95b1289270c3b77361164e18597a8d49471cab

SHA512
0c8eac37d50dcceb4cca67476a71510d96f2984445d8569d48c860879dd08184fc6624e008ec0c8e0f812bb5467b46d68f5406fdd26f6363bb198b05b185268b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf80124c4c587d401a6d2ea773e26526

SHA1
781cc008782bbefce2d3837ef03fc2297a7c7296

SHA256
0b91d6a82c7585bd19fa6e29b084dd21c86961384b2d8abff7175969c4fa2a34

SHA512
019530abed30238ac6ab6401ee558630f5a92615c90628fa8a4134c67fb2b49d8e84baacb58acd711055470c7ca6532643b7d42ad45e50c713053b8b3db6d7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7eda2e54f61537b23bffba4bb9e152b2

SHA1
ddfe2a50860aea0ab8b828ed0d9116f88a7b8117

SHA256
a2228d01b1320af76c607c107125b5b3347e3b1cec6a8cf432e53b9b321327d7

SHA512
d876015cd2f3e3c3ca8a5acab7c299c3192fb9f3158003026913cdfcadb184c40d98c1fa1ef22f036fecef1aa89e3208d2b70a1314f39b73949bb9d3ed2f3767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
081f701de204c94984252bac765e31a9

SHA1
59fdaaba1689225baa0a34364fe181d04e969b89

SHA256
10f90b493888353742a45e9c381899be2e4cc3516d0bd99ddc70d96cfdd0c0c9

SHA512
c504157d26b2bdf1933abaf6818a4aea9fbdcae26583f425009b85b2411c46cc1883d74f9c42f9e1d35c697f4fb1970e45aec052ab08f8bb30f07d32bd4a2702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25f6ee70ba4120b8cde113cb86de4e83

SHA1
965699870ba074e0db90167aaa631da401d04a3e

SHA256
1c27cefd2fc1e841a39195154764644a257da543ae88a2fe5e3f7aa2ee4b5e66

SHA512
32a2878d06312a1dc9cabfaaa24ac8c5e84a1d62fdb23916468c3530643fcb675e4c0628c2f0d22db06a0dac74176279a8e9b3273f067f25e55b3cde9ce4dc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
85d81dd6a7e30b0070193b870482ba05

SHA1
01000f82b5ab12977a09964d078382c5977da701

SHA256
2164561bbde845a034ea7db790e40f4e466652ca39d7872fc9dab7e1bdc2edbc

SHA512
256100378ad9120f62f31ae2f560d34d412314f3d02d83849dd7711dd331c65f0911f8bad747d71e9e57b53b0448a9c52f96a02f47328ecac505e8bf4aef42e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a632591f615b08875607d2a3198ead40

SHA1
dd5084596d731bd5c4c98cfd4483701165181df9

SHA256
5c75fbeedabbc376cac498dfc5457d2c10329370bdedb09e8b5a6fb41e31110d

SHA512
5a37f7dbf6e79880edbf6568f30105f03cbbddece628b42f9388317832b237ff5f6f79292501bc269525513ea1c6249e2006d709ba626e1c3da7fa3640748186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c686aef1b6e7b6f0d6f1f885886b082c

SHA1
0355a5bbffd849a8de06a20942e4a6bcac0272fb

SHA256
f59d57407905ed9a66b05d23e5ba4e71cb5632930986b49437f506081701526d

SHA512
3ac7cccc117a03453c94c09e42d5bff6b0f956e2fb214bdf2d69ceae9991821fe28c4a94dc6fd730d9024e6a140288bc4169bd58195e4b5869356919a4b1e205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
43a31209afe823cae248b174316c7865

SHA1
19b14e006dfec906dcd952a627ddf63a0bf33336

SHA256
482a914d90864dc8baa18ac44815b069835d3d337c2e36fc1070bc0bdcb122dd

SHA512
0350b9c79609909c54428eb086568da5b32a379189d237ad0116f5ddf0f4c18ffb945ba85f1af1772255a1bb8df98617d6c12608b1bec1e62e47047adfeb3fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9a482d410efc44bee4b997c9571813a

SHA1
d9e5d24dc5145b62101fb4f4c49452929a4e0241

SHA256
afb6e33d33590b48c66df90a86fb0b117d3785335774b0d44c08c684fb2d2ff4

SHA512
0694e335750bad97d895e17a28257fefaee75a85589de400455c03b3a1bf1cd428f5aa6345fac87bc892f8170c6bb51298ad4cf179610fbfbda8ffdf5bef0416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
791b9a4ea89c273463118731db390ac2

SHA1
8e9407e1e397dff59955e3a442a306113ce7b93a

SHA256
fcdb1f0a6fbdf662be723609766466c259382d181f843fce8cea76fb2fb62d88

SHA512
08cfec9784dd4bd320154c25c9f9a1975abfb443f44b6d403bbc3917c742097691a996e9e65b0b98dd62350bcb82031a8928677faa908d19f602c166cea035fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a563ab15bd3bf302fda7d61fc622112c

SHA1
6c56b6921637a5f72d0512ec58a18d286f23c533

SHA256
458ed5e70b6d846d9c057305e5caa18c1f0ae18cad1e3f6855ee919082501074

SHA512
65c755d05f97939bf4bc57f7e3aafe55cff27b21adc89b3f3324acd8cf6704a94411c083d3161987e9e35cc44f2c82652de42d77b3440c9c23ced0e75aeddf39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d64a0815b24710bdfa01a15a0e6b87d7

SHA1
a43684756cb41ed8b7ed04b395f6875e989d4dae

SHA256
b9549e51632fc4b2c57af2412cee1816c858318b386c306056fcc82e980af1ad

SHA512
7591ae51d4d05510584bfa16c344018bfb3db645720eb0cc089d1f375fe8058b911167f2fb38d19d89f0ef3c84b68867cd65b775837bc5aa731a6bbe01b357cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
078b79840c04725584a35adcd4b223b8

SHA1
7b86cc2a40f67990bd909b34b2c82406a4fd2108

SHA256
95fefdf87f18feb818bb047114c6bdb5ddc9f02e82120ebab2d7024f812e3fb1

SHA512
da7022a68063c67c6d1ed0c0080456c834cbd92af7c5a37462f8a98cdfb52dfba312456731f9cff02e8e0475bc6d71e4bfcccd630c99b71add0bd0aa49cd3363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b33f100b5636b1bfc03a197b4fb32d1f

SHA1
141342da0c1fb872791c162efe2443e3ef7d5824

SHA256
16464abda6749701bdf4533d92377d7ee25e47b2b90b287063b4b1ac06bf9103

SHA512
c6d2fbd6a97fd5f6a7bf20ddd3b002ee708a861a5c3f9d8b3c4da6875fe1ed14eb8b6ebd85849adbfd4332a9cfd6041dfa6447dbc1f047a72bd0553d1898f6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fba6.TMP

Filesize
707B

MD5
b2be86c7e584334f55f49e5bbe623edd

SHA1
bdecb5d82c2feb7e11d93bcfe9e74c9964d531dc

SHA256
fd240a36fc71ad2c81c1cfdd384714bbe98a0833f6e29814beacc4fb293fdbe3

SHA512
cd3a44990bab87a3aca7b880688423cacf375de453042528692755955cadc8e89b1cab5647906c73e19301b7b1951a515c48035877afb6ca6ff65513b7755920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
26279a41894576b923ae4fa3fec4852e

SHA1
5f354a9c7b7c6d54273dcdb812296634c3477632

SHA256
8ec710cd23130877811d8b91b92729bb3dc5d1a6ad65e3524bde7a303d975c78

SHA512
53b2f0308abf39de32bba790a5155b5e35cb8313b0b7d02e839b4d7c5032daf68a4610187a2c56c26afcc59d45bf23df8e484d93696aad75b69ef8cecd4c085d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8bcc7c9d7fe28daf14dd51ba5fcf6cc7

SHA1
7f8dc6aad4062967b6c9fdd5a858a13f552542ee

SHA256
a40b6ffc44d29a814e95224befdfdd3fbc0612178a581bb1702c3e0e69b3468f

SHA512
2e9d3c9941fde83e84dee3149cb78dbafab6ff7c56e51732039dc3f1000174582486d3c16e98abf593fb0526085afdcf7b616d3bb8b15bcd9e6a0aa5b6cffc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d35c76df754d828865810fbd12e5fd87

SHA1
9c5186f427755791bd2c37e54974e7abf5745da6

SHA256
023380c97a90f2bd0a404db60a70b27b5a71923340f44180bfbe0171471e4199

SHA512
55bfc4da5dc9238495f1e22dde055fa5a63d976fefb9d9592aebc9572b38fdfd5a8792a7f6078b0da8109598405a313b977fccbe238d2e0fee057fe9df68268a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7acba24aa6669d06c40fae4c18396481

SHA1
826460256c6d6535fc6b2dcfb6d99ca22c91096f

SHA256
d55589309246183b12e47f27523f2e7fb29df54f835110c241b6dd2358d3acef

SHA512
97dfc08070469f0e27b326a0731bcf53564839dc1176ad588660ed19cdcb88585e73776ddda3fabe3bdb2b6fd3f545eac1d12807918c4d8d41866fedcaf73c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd712e0f61d9029edd3611cc5ff67b94

SHA1
975908045ca501717e830ef5951b2604cbf42f9a

SHA256
744489bdb3f6669c5626bc082f1139779e43818ced8ea95b57483477d00c1b61

SHA512
2bbc5298f994f612a2dc98400e540ced9ada364462a34a6e99d148a4ece0a7667ed8a164bfdbc89af2be9ca56025858076d3b99e3b4a451de1f6b430ac18007e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7949eee645a0ed5b4e5d614a6427340b

SHA1
2a3fc05d949ad1aabd436852f4f5ed4eefc93711

SHA256
9988bec11f744dea59d72ff40b2b1ea469b92e49d40abab6dec9fa046f6132cc

SHA512
e15b6a8817562132c41ff7d352d438e7ae5409fcf3079f7550fc405ce86ebc6f402bf5c54fef135a4ee3fabea82688fbf2f19295b02659debf5eab7632d4b560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4e0360f2c0142b4ffaebb216726646fd

SHA1
00be15cfc39be9ad5973b8beb0117479f31a885f

SHA256
641ce29797033d5dfb95aa0c8a7a5771f9d5c98ae61666b04c427dac91557b57

SHA512
2eeb199d351a6f933845394c05b363a2b9fe4b4135a2b3661c50a4c7574a3aef5b9128f4071ebc21ca5afc8a4baa307667e3addefcade4384b3e3267bdcfdacb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b0d9e8aa3dfeb2dd6d7720c2873702eb

SHA1
02304dec70765c50101de71b524ee83bd153dbea

SHA256
e7cfbb2c4dcfbf37a4c8de3bafd7b4f9157ad6f6656298e5fc69fc4b7ddae53b

SHA512
ee1b615273cd6cd8699570da617092243bb58540ee71304c0ed194704bde654aa3583eff8e36b50848330fcc627b3368d13d6ad22c32706c1fff0680ea65e420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
15f738f8c4d295c9f11b2f6b66dfc891

SHA1
f78c8ebdc16bdd3e5c147e8e367bae1f605b43d9

SHA256
178a86d73d3a3d38d47e7eb68095ef0288d2d1d11535c10ecbde38f6c528dcb7

SHA512
38c04aabc3a02817562d98b8c7eb398e5a827c4d117dba79e79ddd64bdd76d73ee75e4d29236ad5a1314ce834b556c3988a539a6017d790e58aab8e301cfdfd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
15300d79d22e0763e4693c81ae01b516

SHA1
8b134bf2ace2d2fc03de26429d88e42736bfa062

SHA256
8786bdd27e25c26476334e38aeafe3d07aea9ecc1c8c8b5630c06a71d2671c76

SHA512
a070a9e84e48ef023729d30362b3cc4e31bc4ae17bec32719c44038aacb05d1fdb34cd4fde70fd47d73b0a5aa96cfabef027601595e0a569a89b40763e163dac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d1b472331bb05c838ebad4bd02c5e772

SHA1
e31689a1c23c6756c50d47df6243e85896c1a496

SHA256
5b7e3b742e9339d09e31c9f7196d3b4aaacffa40c1626f90fc3c1013031dbb9b

SHA512
518713d13b6f6971bd451055ef1f53ee3595b4df5388b8ce7b8fb476ec5cadb76128a42b413c4ecc34113d2df2224039fd560d57dbec78593a1c1dca1985714e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7cd68d99d8729bab0be32623f38d9531

SHA1
9423db9a7b8ccd20a26e783a786d1925b1eb5589

SHA256
1f0877daf01fe28194d97473849b86ccdbb30271b98d01a0bebbda21a9d98d5c

SHA512
5f7720549ed5c5648e3f81433cf6c026beeb4da0924f3782991b710a22062b1cbf15f6920642dee56f647ca16035b5282220d717349abc7072b578a228bc01c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
dff76b01ccd0c32edd74da9bb0477cf4

SHA1
522976bcd10010b043801d36ed181bcaabd5fb40

SHA256
a750496aa2184996a49afbf44cb088b7a64e7e5fb2bad07dbaa773fa0798a6ec

SHA512
8807d79eca00462d044da567bdae04b7ac163769575a9c59ff96f4710f169e01ddb2c2d2897a683849bdc75a6f6ad664dbc43954b29153d31170a4c311298711

Download Submit
C:\Users\Admin\Downloads\Impulse-Spoofer.zip

Filesize
312KB

MD5
671fbd4ba6d567b8b3d978c9daf8cd7f

SHA1
ce588c4911a9e97353e32b0142a9469ff6bd2fed

SHA256
c025027d1d3ae67891c143692afd994f8f8f6470651991169247f3e49b8cfadb

SHA512
a57876f5a05b231e316e0f001727f0e9c9ac4c099f2564a9d27701306acbb42f2b225718e0ddf2bc6a591863aa51ce9ba541666cc41797852424197af7b72d16

Download Submit
memory/3140-339-0x0000000000680000-0x0000000000688000-memory.dmp

Filesize
32KB

Download