3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

Analysis

max time kernel
866s
max time network
867s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
15/04/2025, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Geometry dash auto speedhack.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

8^/10

bootkit steam defense_evasion discovery execution persistence phishing trojan

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
184	2320	msedge.exe
1007	3916	msedge.exe

Executes dropped EXE 64 IoCs

pid	Process
1064	MEMZ.exe
4764	MEMZ.exe
4480	MEMZ.exe
2716	MEMZ.exe
1904	MEMZ.exe
1212	MEMZ.exe
5452	MEMZ.exe
3036	SteamSetup.exe
4612	steamservice.exe
5532	Steam.exe
1656	steam.exe
10676	Steam.exe
10588	steamsysinfo.exe
10764	steamwebhelper.exe
10800	steamwebhelper.exe
11004	steamwebhelper.exe
11852	steamwebhelper.exe
12084	gldriverquery64.exe
12152	steamwebhelper.exe
12260	steamwebhelper.exe
13380	gldriverquery.exe
13424	vulkandriverquery64.exe
13500	vulkandriverquery.exe
12408	steamerrorreporter.exe
13088	steamwebhelper.exe
16728	steamwebhelper.exe
17196	steamwebhelper.exe
18484	steamwebhelper.exe
19204	steamwebhelper.exe
6112	Steam.exe
10736	steamwebhelper.exe
10760	steamwebhelper.exe
15884	steamwebhelper.exe
18444	steamwebhelper.exe
19284	steamwebhelper.exe
19508	steamwebhelper.exe
22080	steamwebhelper.exe
22084	steamwebhelper.exe
23960	steamwebhelper.exe
23936	steamwebhelper.exe
24744	steamwebhelper.exe
7320	steamwebhelper.exe
26100	steamwebhelper.exe
27436	steamwebhelper.exe
27680	steamwebhelper.exe
27548	steamwebhelper.exe
14488	steamwebhelper.exe
14444	steamwebhelper.exe
3484	steamwebhelper.exe
17704	steamwebhelper.exe
23056	steamwebhelper.exe
6444	steamwebhelper.exe
9124	steamwebhelper.exe
9624	Steam.exe
8444	steamsysinfo.exe
8824	steamwebhelper.exe
8392	steamwebhelper.exe
9308	steamwebhelper.exe
7772	steamwebhelper.exe
7868	gldriverquery64.exe
7688	steamwebhelper.exe
12704	steamwebhelper.exe
13084	gldriverquery.exe
13756	vulkandriverquery64.exe

Loads dropped DLL 64 IoCs

pid	Process
3036	SteamSetup.exe
3036	SteamSetup.exe
3036	SteamSetup.exe
3036	SteamSetup.exe
3036	SteamSetup.exe
3036	SteamSetup.exe
3036	SteamSetup.exe
3036	SteamSetup.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10676	Steam.exe
10588	steamsysinfo.exe
10588	steamsysinfo.exe
10588	steamsysinfo.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10800	steamwebhelper.exe
10800	steamwebhelper.exe
10800	steamwebhelper.exe
10676	Steam.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
11004	steamwebhelper.exe
10676	Steam.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
11852	steamwebhelper.exe
11852	steamwebhelper.exe
11852	steamwebhelper.exe
11852	steamwebhelper.exe
10676	Steam.exe
12152	steamwebhelper.exe
12152	steamwebhelper.exe
12152	steamwebhelper.exe
12152	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
12260	steamwebhelper.exe
12260	steamwebhelper.exe
12260	steamwebhelper.exe
10764	steamwebhelper.exe
12260	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
140	2320	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0313.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_045_move_0150.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_swipe_lg.png_	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\228980\_CommonRedist\DirectX\Jun2010\Jun2010_d3dx11_43_x64.cab	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\logs\connection_log.txt	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0511.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l2_soft_sm.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r2_sm.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_korean.txt_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_triangle_lg.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p3_sm.png_	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\228980\_CommonRedist\DirectX\Jun2010\Aug2009_d3dcsx_42_x64.cab	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0335.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lt_soft_lg.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_up_md.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_click_sm.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\logs\connection_log.txt	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\noisegate-audio-worklet.js_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_emoticon.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\dlc_installed.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_up_md.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_turkish.txt_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_soft_md.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_swipe.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\htmlfindbar.layout_	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\1721470\WindowsNoEditor\Poppy_Playtime\Content\Movies\Intro\Poppy Playtime Intro PTBR.mp4	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0323.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamclean_tchinese.txt_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lb_md.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_soft.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_l.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_down_lg.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_r2_soft_sm.png_	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\228980\_CommonRedist\DirectX\Jun2010\Jun2010_d3dcsx_43_x64.cab	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\avatar_32blank.tga_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\support_flag_top_hover.tga_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l2.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r2_half.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1161040\bd2b709a08caf7286f73c51d3b3937667f7aa053.jpg	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_swipe_md.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_gyro.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_l2_soft_lg.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2_lg.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_down_lg.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_ring_sm.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_up_sm.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\2348590\header.jpg	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\228980\_CommonRedist\DirectX\Jun2010\Nov2007_d3dx9_36_x64.cab	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf.1752177358.tmp	Steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_android.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\steamdeck_left.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_button_b_lg.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\confirmation_positive.wav_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_status_vr.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_swipe_sm.png_	Steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\946010\header.jpg	Steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt	SteamSetup.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber12.tga_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_right.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_up.svg_	Steam.exe
File created	C:\Program Files (x86)\Steam\appcache\librarycache\1840\a2ac9b9bfd3f560f48d184c90f4e6baaaa4bd92a.jpg	Steam.exe
File opened for modification	C:\Program Files (x86)\Steam\steamapps\downloading\228980\_CommonRedist\DirectX\Jun2010\JUN2008_XAudio_x64.cab	Steam.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_1047010774\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_208796449\Part-ES	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\bnpl\bnpl.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-ec\cs\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-mobile-hub\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\Wallet-Checkout\load-ec-i18n.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-shared-components\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-shared-components\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-tokenized-card\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-tokenized-card\it\strings.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-fr.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-hy.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_1899203587\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\buynow_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\Notification\notification_fast.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-nb.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\cs\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-tokenized-card\pt-BR\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_1626617456\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-shared-components\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10764_1720004853\manifest.fingerprint	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-sv.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_324156883\edge_confirmation_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\da\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-tokenized-card\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-tokenized-card\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\wallet_checkout_autofill_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-en-us.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-shared-components\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-gu.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\app-setup.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-mobile-hub\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-mobile-hub\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\wallet\wallet-notification-config.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\bnpl_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-ec\hu\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-notification-shared\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\wallet\wallet-stable.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_208796449\Filtering Rules-CA	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-la.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\wallet-icon.svg	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10764_1720004853\manifest.json	steamwebhelper.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-en-gb.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\wallet\README.md	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\Notification\notification.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_208796449\Part-RU	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-ec\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-hub\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-mobile-hub\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\Wallet-Checkout\wallet-drawer.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-sk.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_208796449\Part-NL	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-tokenized-card\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10764_1720004853\_platform_specific\win_x64\widevinecdm.dll.sig	steamwebhelper.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamsysinfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamsysinfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Steam.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Steam.exe

Enumerates system info in registry 2 TTPs 17 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891847849762942"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\ = "URL:steamlink protocol"	Steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	Steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	Steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\ = "URL:steam protocol"	Steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\DefaultIcon	Steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	Steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2627618461-2240074273-3604016983-1000\{FF23DA65-FE35-4562-AB1A-BA51E215B058}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	Steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	Steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	Steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2627618461-2240074273-3604016983-1000\{ACDED9AB-8091-4FF4-A94F-A402A685182B}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\URL Protocol	Steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\DefaultIcon	Steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -- \"%1\""	Steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\Shell\Open\Command	Steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam	Steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\Shell\Open\Command	Steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\DefaultIcon\ = "Steam.exe"	Steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink	Steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	Steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2627618461-2240074273-3604016983-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe

Modifies system certificate store 2 TTPs 6 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Steam.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Runs regedit.exe 1 IoCs

pid	Process
4316	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4764	MEMZ.exe
4764	MEMZ.exe
4764	MEMZ.exe
4764	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe
4764	MEMZ.exe
4764	MEMZ.exe
1212	MEMZ.exe
1212	MEMZ.exe
1904	MEMZ.exe
1904	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
4764	MEMZ.exe
4764	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
1904	MEMZ.exe
1904	MEMZ.exe
1212	MEMZ.exe
1212	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe
4764	MEMZ.exe
4764	MEMZ.exe
1212	MEMZ.exe
1212	MEMZ.exe
1904	MEMZ.exe
1904	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
1904	MEMZ.exe
1904	MEMZ.exe
1212	MEMZ.exe
1212	MEMZ.exe
4764	MEMZ.exe
4480	MEMZ.exe
4764	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe
4764	MEMZ.exe
4764	MEMZ.exe
1212	MEMZ.exe
1212	MEMZ.exe
1904	MEMZ.exe
1904	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
1904	MEMZ.exe
1904	MEMZ.exe
2716	MEMZ.exe
1212	MEMZ.exe
4764	MEMZ.exe
1212	MEMZ.exe
4764	MEMZ.exe
4480	MEMZ.exe
4480	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
10676	Steam.exe
12712	mmc.exe
10764	steamwebhelper.exe
5452	MEMZ.exe
9624	Steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
28316	msedge.exe
28316	msedge.exe
28316	msedge.exe
28316	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe
240	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeShutdownPrivilege	3308	chrome.exe
Token: SeCreatePagefilePrivilege	3308	chrome.exe
Token: SeSecurityPrivilege	4612	steamservice.exe
Token: SeSecurityPrivilege	4612	steamservice.exe
Token: 33	6080	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6080	AUDIODG.EXE
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe
Token: SeShutdownPrivilege	10764	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	10764	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4092	msedge.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
3308	chrome.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe
10764	steamwebhelper.exe

Suspicious use of SetWindowsHookEx 61 IoCs

pid	Process
5452	MEMZ.exe
10676	Steam.exe
5452	MEMZ.exe
5452	MEMZ.exe
12684	mmc.exe
12712	mmc.exe
12712	mmc.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
9624	Steam.exe
5452	MEMZ.exe
11360	Calculator.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe
11360	Calculator.exe
5452	MEMZ.exe
5452	MEMZ.exe
5452	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 4512	1424	cmd.exe	79
PID 1424 wrote to memory of 4512	1424	cmd.exe	79
PID 1424 wrote to memory of 1064	1424	cmd.exe	80
PID 1424 wrote to memory of 1064	1424	cmd.exe	80
PID 1424 wrote to memory of 1064	1424	cmd.exe	80
PID 1064 wrote to memory of 4764	1064	MEMZ.exe	81
PID 1064 wrote to memory of 4764	1064	MEMZ.exe	81
PID 1064 wrote to memory of 4764	1064	MEMZ.exe	81
PID 1064 wrote to memory of 4480	1064	MEMZ.exe	82
PID 1064 wrote to memory of 4480	1064	MEMZ.exe	82
PID 1064 wrote to memory of 4480	1064	MEMZ.exe	82
PID 1064 wrote to memory of 2716	1064	MEMZ.exe	83
PID 1064 wrote to memory of 2716	1064	MEMZ.exe	83
PID 1064 wrote to memory of 2716	1064	MEMZ.exe	83
PID 1064 wrote to memory of 1904	1064	MEMZ.exe	84
PID 1064 wrote to memory of 1904	1064	MEMZ.exe	84
PID 1064 wrote to memory of 1904	1064	MEMZ.exe	84
PID 1064 wrote to memory of 1212	1064	MEMZ.exe	85
PID 1064 wrote to memory of 1212	1064	MEMZ.exe	85
PID 1064 wrote to memory of 1212	1064	MEMZ.exe	85
PID 1064 wrote to memory of 5452	1064	MEMZ.exe	86
PID 1064 wrote to memory of 5452	1064	MEMZ.exe	86
PID 1064 wrote to memory of 5452	1064	MEMZ.exe	86
PID 5452 wrote to memory of 2092	5452	MEMZ.exe	89
PID 5452 wrote to memory of 2092	5452	MEMZ.exe	89
PID 5452 wrote to memory of 2092	5452	MEMZ.exe	89
PID 5452 wrote to memory of 4316	5452	MEMZ.exe	90
PID 5452 wrote to memory of 4316	5452	MEMZ.exe	90
PID 5452 wrote to memory of 4316	5452	MEMZ.exe	90
PID 5452 wrote to memory of 5272	5452	MEMZ.exe	91
PID 5452 wrote to memory of 5272	5452	MEMZ.exe	91
PID 5272 wrote to memory of 4092	5272	msedge.exe	92
PID 5272 wrote to memory of 4092	5272	msedge.exe	92
PID 4092 wrote to memory of 1328	4092	msedge.exe	93
PID 4092 wrote to memory of 1328	4092	msedge.exe	93
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 2320	4092	msedge.exe	94
PID 4092 wrote to memory of 2320	4092	msedge.exe	94
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95
PID 4092 wrote to memory of 3320	4092	msedge.exe	95

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Geometry dash auto speedhack.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:4512
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1064
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4764
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4480
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2716
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1904
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1212
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5452
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:2092
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:4092
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ff854ddf208,0x7ff854ddf214,0x7ff854ddf220
        6⤵
        
        PID:1328
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:11
        6⤵
        Downloads MZ/PE file
        Detected potential entity reuse from brand STEAM.
        
        PID:2320
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2328,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:2
        6⤵
        
        PID:3320
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2432,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3140 /prefetch:13
        6⤵
        
        PID:3004
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
        6⤵
        
        PID:800
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
        6⤵
        
        PID:784
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4816,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:1
        6⤵
        
        PID:572
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4984,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:14
        6⤵
        
        PID:3908
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:14
        6⤵
        
        PID:4648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5368,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:14
        6⤵
        
        PID:5868
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:14
        6⤵
        
        PID:4452
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:14
        6⤵
        
        PID:6064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1144
        7⤵
        
        PID:1624
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:14
        6⤵
        
        PID:6116
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5916,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:1
        6⤵
        
        PID:784
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:14
        6⤵
        
        PID:948
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6720,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:1
        6⤵
        
        PID:5932
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6240,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:1
        6⤵
        
        PID:1916
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6244,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:1
        6⤵
        
        PID:4580
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7092,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:1
        6⤵
        
        PID:5884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7080,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:1
        6⤵
        
        PID:5804
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6936,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:1
        6⤵
        
        PID:332
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7196 /prefetch:14
        6⤵
        
        PID:4992
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4956,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:14
        6⤵
        
        PID:2444
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7348,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7044 /prefetch:14
        6⤵
        
        PID:1300
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=3700,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:1
        6⤵
        
        PID:4016
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4636,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:14
        6⤵
        
        PID:3880
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3576,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:1
        6⤵
        
        PID:5744
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7712,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7724 /prefetch:14
        6⤵
        Subvert Trust Controls: Mark-of-the-Web Bypass
        NTFS ADS
        
        PID:1588
      - C:\Users\Admin\Downloads\SteamSetup.exe
        
        "C:\Users\Admin\Downloads\SteamSetup.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Program Files (x86)\Steam\bin\steamservice.exe
        
        "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4612
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8464,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:14
        6⤵
        
        PID:3216
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8592,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=8584 /prefetch:1
        6⤵
        
        PID:4276
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7340,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7020 /prefetch:1
        6⤵
        
        PID:2936
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=2784,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:1
        6⤵
        
        PID:27876
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7316,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=8984 /prefetch:1
        6⤵
        
        PID:28028
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8796,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=8804 /prefetch:14
        6⤵
        
        PID:9640
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7376,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:10
        6⤵
        
        PID:4856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3744,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=8204 /prefetch:14
        6⤵
        
        PID:6260
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7272,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7776 /prefetch:1
        6⤵
        
        PID:7200
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=5080,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:1
        6⤵
        
        PID:7408
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=5436,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=2840 /prefetch:1
        6⤵
        
        PID:9392
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=8776,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:1
        6⤵
        
        PID:9416
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=5196,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:1
        6⤵
        
        PID:9584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=4668,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7212 /prefetch:1
        6⤵
        
        PID:11360
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5900,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:14
        6⤵
        
        PID:13916
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8864,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:14
        6⤵
        
        PID:14692
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=2076,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:1
        6⤵
        
        PID:14888
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=9160,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=9168 /prefetch:1
        6⤵
        
        PID:16176
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=6456,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=8324 /prefetch:1
        6⤵
        
        PID:16248
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=2720,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:1
        6⤵
        
        PID:21096
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8828,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:1
        6⤵
        
        PID:21120
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=9080,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:1
        6⤵
        
        PID:22736
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=4872,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:1
        6⤵
        
        PID:22784
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=7212,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:1
        6⤵
        
        PID:25068
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6608,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:14
        6⤵
        
        PID:26084
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=9364,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=9328 /prefetch:1
        6⤵
        
        PID:27652
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=3484,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=9440 /prefetch:1
        6⤵
        
        PID:27780
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=8284,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:1
        6⤵
        
        PID:10140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=9648,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=9668 /prefetch:1
        6⤵
        
        PID:10228
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=9764,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=9416 /prefetch:1
        6⤵
        
        PID:17624
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=7216,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=9736 /prefetch:1
        6⤵
        
        PID:17740
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9548,i,2473492284636324475,12032807573230541451,262144 --variations-seed-version --mojo-platform-channel-handle=9500 /prefetch:14
        6⤵
        
        PID:6784
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        6⤵
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:28316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x218,0x254,0x7ff854ddf208,0x7ff854ddf214,0x7ff854ddf220
        7⤵
        
        PID:7472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1648,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:11
        7⤵
        
        PID:8316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3448,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:2
        7⤵
        
        PID:8292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2164,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:13
        7⤵
        
        PID:8356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:14
        7⤵
        
        PID:8604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4296,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:14
        7⤵
        
        PID:8600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4296,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:14
        7⤵
        
        PID:8768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4788,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:1
        7⤵
        
        PID:9256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4796,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:1
        7⤵
        
        PID:9236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:14
        7⤵
        
        PID:7588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5388,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:14
        7⤵
        
        PID:7596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5796,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:1
        7⤵
        
        PID:9896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=4892,i,5739757783260233645,12609743520967871171,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:1
        7⤵
        
        PID:11172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        7⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x254,0x7ff854ddf208,0x7ff854ddf214,0x7ff854ddf220
        8⤵
        
        PID:276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:11
        8⤵
        
        PID:12440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2084,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:2
        8⤵
        
        PID:12460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1924,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=2624 /prefetch:13
        8⤵
        
        PID:12540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4216,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:14
        8⤵
        
        PID:12924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4512,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:14
        8⤵
        
        PID:13092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4512,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:14
        8⤵
        
        PID:13648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4880,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:1
        8⤵
        
        PID:14800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4888,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
        8⤵
        
        PID:8340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:14
        8⤵
        
        PID:5632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:14
        8⤵
        
        PID:7064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5940,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:1
        8⤵
        
        PID:15092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6152,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:1
        8⤵
        
        PID:17900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6348,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:1
        8⤵
        
        PID:17976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:14
        8⤵
        
        PID:18548
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:14
        8⤵
        
        PID:18556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:14
        8⤵
        
        PID:18596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5524,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:1
        8⤵
        
        PID:19908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5356,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
        8⤵
        
        PID:20096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5080,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=2688 /prefetch:1
        8⤵
        
        PID:20252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6832,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:1
        8⤵
        
        PID:21188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6932,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:1
        8⤵
        
        PID:16592
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7076,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:1
        8⤵
        
        PID:21392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5760,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:14
        8⤵
        
        PID:5588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7132,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=7296 /prefetch:1
        8⤵
        
        PID:21728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6284,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:1
        8⤵
        
        PID:25768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=2480,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:1
        8⤵
        
        PID:25932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6888,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:14
        8⤵
        
        PID:26628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=764,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:1
        8⤵
        
        PID:27260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7264,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=7648 /prefetch:1
        8⤵
        
        PID:27392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4464,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:10
        8⤵
        
        PID:28216
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=3832,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=3192 /prefetch:1
        8⤵
        
        PID:28500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6052,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:1
        8⤵
        
        PID:8000
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7704,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:14
        8⤵
        
        PID:716
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7756,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=7300 /prefetch:14
        8⤵
        
        PID:424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7328,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=3076 /prefetch:1
        8⤵
        
        PID:7016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6056,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:1
        8⤵
        
        PID:2884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=4020,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:1
        8⤵
        
        PID:1552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=7864,i,10310752974614851642,6045977094026553510,262144 --variations-seed-version --mojo-platform-channel-handle=7948 /prefetch:1
        8⤵
        
        PID:1784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        8⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        
        PID:3368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x29c,0x7ff854ddf208,0x7ff854ddf214,0x7ff854ddf220
        9⤵
        
        PID:4404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2052,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:2
        9⤵
        
        PID:2096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1732,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:11
        9⤵
        Downloads MZ/PE file
        
        PID:3916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2384,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:13
        9⤵
        
        PID:22804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4348,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:14
        9⤵
        
        PID:9484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4192,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:14
        9⤵
        
        PID:3504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4192,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:14
        9⤵
        
        PID:5956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4828,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:1
        9⤵
        
        PID:23128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4836,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1
        9⤵
        
        PID:23416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:14
        9⤵
        
        PID:1720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5472,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:14
        9⤵
        
        PID:9196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5876,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:1
        9⤵
        
        PID:7564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6132,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:1
        9⤵
        
        PID:12476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6472,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:14
        9⤵
        
        PID:14280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6820,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:1
        9⤵
        
        PID:15568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6792,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:1
        9⤵
        
        PID:14952
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=7020,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:1
        9⤵
        
        PID:16304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7296,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7324 /prefetch:14
        9⤵
        
        PID:22588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7300,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7364 /prefetch:14
        9⤵
        
        PID:16988
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7312,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7404 /prefetch:14
        9⤵
        
        PID:17276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7224,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:1
        9⤵
        
        PID:18836
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7544,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:1
        9⤵
        
        PID:19024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5492,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=3056 /prefetch:1
        9⤵
        
        PID:20540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7632,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7044 /prefetch:1
        9⤵
        
        PID:20572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6252,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:1
        9⤵
        
        PID:3108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5720,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:1
        9⤵
        
        PID:21484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7764,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7780 /prefetch:14
        9⤵
        
        PID:6004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=8068,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7708 /prefetch:1
        9⤵
        
        PID:22688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8172,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8200 /prefetch:1
        9⤵
        
        PID:22852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7684,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7952 /prefetch:1
        9⤵
        
        PID:23712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=8344,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8376 /prefetch:1
        9⤵
        
        PID:23900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8044,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8400 /prefetch:14
        9⤵
        
        PID:23924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=8580,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8592 /prefetch:1
        9⤵
        
        PID:24132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2772,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:14
        9⤵
        
        PID:25636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7272,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8312 /prefetch:1
        9⤵
        
        PID:25644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8836,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8952 /prefetch:14
        9⤵
        
        PID:25456
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8780 /prefetch:14
        9⤵
        Subvert Trust Controls: Mark-of-the-Web Bypass
        NTFS ADS
        
        PID:25804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=7412,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9028 /prefetch:1
        9⤵
        
        PID:26128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=9144,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9164 /prefetch:1
        9⤵
        
        PID:18388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9636,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:14
        9⤵
        
        PID:22248
        
        C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
        
        "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
        9⤵
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:7148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=9936,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9088 /prefetch:1
        9⤵
        
        PID:26772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=9992,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8820 /prefetch:1
        9⤵
        
        PID:26704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8004,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9940 /prefetch:10
        9⤵
        
        PID:3064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=9568,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=8764 /prefetch:1
        9⤵
        
        PID:28120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=9096,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9140 /prefetch:1
        9⤵
        
        PID:28160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2888,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=1060 /prefetch:14
        9⤵
        
        PID:8076
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=9000,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9224 /prefetch:1
        9⤵
        
        PID:19944
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=5512,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:1
        9⤵
        
        PID:10268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8604,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10220 /prefetch:1
        9⤵
        
        PID:19624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=9188,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10188 /prefetch:1
        9⤵
        
        PID:12280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=9752,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9724 /prefetch:1
        9⤵
        
        PID:16360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=9660,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10236 /prefetch:1
        9⤵
        
        PID:25072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=5160,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=4092 /prefetch:1
        9⤵
        
        PID:4624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=10280,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10128 /prefetch:1
        9⤵
        
        PID:4980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8568,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10416 /prefetch:14
        9⤵
        
        PID:8116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4872,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9208 /prefetch:14
        9⤵
        
        PID:17616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=9268,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10420 /prefetch:1
        9⤵
        
        PID:2028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=10588,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10616 /prefetch:1
        9⤵
        
        PID:13332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=10372,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10368 /prefetch:1
        9⤵
        
        PID:18104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=10868,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10352 /prefetch:1
        9⤵
        
        PID:16580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=11004,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10980 /prefetch:1
        9⤵
        
        PID:2576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=11032,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10640 /prefetch:1
        9⤵
        
        PID:20044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9832,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=9228 /prefetch:14
        9⤵
        
        PID:8560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=3720,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10252 /prefetch:1
        9⤵
        
        PID:16880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=9824,i,8423960843629137986,3887154672152289883,262144 --variations-seed-version --mojo-platform-channel-handle=10968 /prefetch:1
        9⤵
        
        PID:16904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:4968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=stanky+danky+maymays
        5⤵
        
        PID:1812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:5616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=dank+memz
        5⤵
        
        PID:6016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:27828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
        5⤵
        
        PID:27852
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:7248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=mcafee+vs+norton
        5⤵
        
        PID:7224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:9352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://play.clubpenguin.com/
        5⤵
        
        PID:9368
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:12684
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        
        PID:12712
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:15116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:16140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
        5⤵
        
        PID:16160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:21040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
        5⤵
        
        PID:21060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:22724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=half+life+3+release+date
        5⤵
        
        PID:22776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:7652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+download+memz
        5⤵
        
        PID:27496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:10100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=virus.exe
        5⤵
        
        PID:10136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:17576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+download+memz
        5⤵
        
        PID:17580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:9168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://play.clubpenguin.com/
        5⤵
        
        PID:9208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:14736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
        5⤵
        
        PID:14752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:17436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+download+memz
        5⤵
        
        PID:17448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:19860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
        5⤵
        
        PID:19880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
        5⤵
        
        PID:692
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:23228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:25732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=half+life+3+release+date
        5⤵
        
        PID:25748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:27164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
        5⤵
        
        PID:27140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:7804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=half+life+3+release+date
        5⤵
        
        PID:28548
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:11908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:17904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
        5⤵
        
        PID:3256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:17556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
        5⤵
        
        PID:1376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:8864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
        5⤵
        
        PID:13248
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:15120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:18812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+get+money
        5⤵
        
        PID:18524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:20508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
        5⤵
        
        PID:9088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:21312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
        5⤵
        
        PID:21460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:21824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
        5⤵
        
        PID:21812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:23688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
        5⤵
        
        PID:4228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:24960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=half+life+3+release+date
        5⤵
        
        PID:24936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:26724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
        5⤵
        
        PID:26732
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:7668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:27444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
        5⤵
        
        PID:27620
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      PID:1148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=virus.exe
        5⤵
        
        PID:10252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:19288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
        5⤵
        
        PID:19344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:2396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
        5⤵
        
        PID:21600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:14500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
        5⤵
        
        PID:13628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:2496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=stanky+danky+maymays
        5⤵
        
        PID:6116
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:18016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
        5⤵
        
        PID:17928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:1420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
        5⤵
        
        PID:7068
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:13956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
        5⤵
        
        PID:16136

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff835eddcf8,0x7ff835eddd04,0x7ff835eddd10
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1856,i,17348709926194731808,5286139757977416873,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1364,i,17348709926194731808,5286139757977416873,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2216 /prefetch:11
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2248,i,17348709926194731808,5286139757977416873,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2344 /prefetch:13
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,17348709926194731808,5286139757977416873,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3384,i,17348709926194731808,5286139757977416873,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4108,i,17348709926194731808,5286139757977416873,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4152 /prefetch:9
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4448,i,17348709926194731808,5286139757977416873,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:248

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Steam\steam.exe" -silent
1⤵
PID:2940
- C:\Program Files (x86)\Steam\Steam.exe
  "C:\Program Files (x86)\Steam\steam.exe" -silent
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  PID:5532
- - C:\Program Files (x86)\Steam\Steam.exe
    "C:\Program Files (x86)\Steam\Steam.exe" -silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:10676
  - - C:\Program Files (x86)\Steam\steamsysinfo.exe
      "C:\Program Files (x86)\Steam\steamsysinfo.exe" -steamid 0 -buildid 1743554648 -logdir "C:\Program Files (x86)\Steam\logs" -query 1 -out-file C:\Users\Admin\AppData\Local\Temp\7A61.tmp
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:10588
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=10676" "-buildid=1743554648" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      Checks processor information in registry
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:10764
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1743554648 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff834c5af00,0x7ff834c5af0c,0x7ff834c5af18
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:10800
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1560,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1564 --mojo-platform-channel-handle=1552 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:11004
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --field-trial-handle=2168,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2172 --mojo-platform-channel-handle=2164 /prefetch:11
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:11852
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --field-trial-handle=2668,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2676 --mojo-platform-channel-handle=2720 /prefetch:13
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:12152
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3108 --mojo-platform-channel-handle=3100 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:12260
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --field-trial-handle=3952,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3956 --mojo-platform-channel-handle=3944 /prefetch:14
        5⤵
        Executes dropped EXE
        
        PID:13088
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --field-trial-handle=3980,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3988 --mojo-platform-channel-handle=4120 /prefetch:12
        5⤵
        Executes dropped EXE
        
        PID:16728
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3812,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2084 --mojo-platform-channel-handle=4112 /prefetch:10
        5⤵
        Executes dropped EXE
        
        PID:17196
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4228,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4232 --mojo-platform-channel-handle=4224 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:18484
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4728,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4580 --mojo-platform-channel-handle=4652 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:19204
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4532,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4480 --mojo-platform-channel-handle=4520 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:10736
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4512,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4860 --mojo-platform-channel-handle=4504 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:10760
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4724,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4452 --mojo-platform-channel-handle=4196 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:15884
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4220,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4416 --mojo-platform-channel-handle=4816 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:18444
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4716,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4244 --mojo-platform-channel-handle=4852 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:19508
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4416,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4692 --mojo-platform-channel-handle=4232 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:19284
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4576,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4548 --mojo-platform-channel-handle=4828 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:22084
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4860,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4484 --mojo-platform-channel-handle=4688 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:22080
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4748,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4452 --mojo-platform-channel-handle=1864 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:23936
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4700,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4940 --mojo-platform-channel-handle=4212 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:23960
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4648,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4636 --mojo-platform-channel-handle=4372 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:24744
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4916,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4544 --mojo-platform-channel-handle=4904 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:7320
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4940,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5036 --mojo-platform-channel-handle=5096 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:26100
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4684,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4872 --mojo-platform-channel-handle=4936 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:27548
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4672,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5000 --mojo-platform-channel-handle=4352 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:27436
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4892,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4636 --mojo-platform-channel-handle=4804 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:27680
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4348,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4792 --mojo-platform-channel-handle=4544 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:14488
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3160,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4880 --mojo-platform-channel-handle=4504 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:14444
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4772,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4440 --mojo-platform-channel-handle=4288 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:17704
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4964,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4836 --mojo-platform-channel-handle=4808 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:3484
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5060,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5104 --mojo-platform-channel-handle=4908 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:23056
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5064,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4104 --mojo-platform-channel-handle=5092 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:6444
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4488,i,12377068112068377680,14539335326278046962,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4304 --mojo-platform-channel-handle=4160 /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:9124
  - - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
      .\bin\gldriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:12084
  - - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
      .\bin\gldriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:13380
  - - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
      .\bin\vulkandriverquery64.exe
      4⤵
      Executes dropped EXE
      PID:13424
  - - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
      .\bin\vulkandriverquery.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:13500
  - - C:\Program Files (x86)\Steam\steamerrorreporter.exe
      C:\Program Files (x86)\Steam\steam
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:12408
  - - C:\Program Files (x86)\Steam\Steam.exe
      "C:\Program Files (x86)\Steam\Steam.exe"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:9624
    - - C:\Program Files (x86)\Steam\steamsysinfo.exe
        
        "C:\Program Files (x86)\Steam\steamsysinfo.exe" -steamid 0 -buildid 1743554648 -logdir "C:\Program Files (x86)\Steam\logs" -query 1 -out-file C:\Users\Admin\AppData\Local\Temp\B8D0.tmp
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8444
    - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" -nocrashdialog "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=9624" "-buildid=1743554648" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        
        PID:8824
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1743554648 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ff834c5af00,0x7ff834c5af0c,0x7ff834c5af18
        6⤵
        Executes dropped EXE
        
        PID:8392
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1568,i,11400439712095360704,2852706201308495071,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1572 --mojo-platform-channel-handle=1560 /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:9308
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --field-trial-handle=2280,i,11400439712095360704,2852706201308495071,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2284 --mojo-platform-channel-handle=2276 /prefetch:11
        6⤵
        Executes dropped EXE
        
        PID:7772
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --field-trial-handle=2896,i,11400439712095360704,2852706201308495071,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2900 --mojo-platform-channel-handle=2892 /prefetch:13
        6⤵
        Executes dropped EXE
        
        PID:7688
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,11400439712095360704,2852706201308495071,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3228 --mojo-platform-channel-handle=3224 /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:12704
      - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
        
        "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1743554648 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3888,i,11400439712095360704,2852706201308495071,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3884 --mojo-platform-channel-handle=3896 /prefetch:10
        6⤵
        
        PID:18948
    - - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
        
        .\bin\gldriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:7868
    - - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
        
        .\bin\gldriverquery.exe
        5⤵
        Executes dropped EXE
        
        PID:13084
    - - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
        
        .\bin\vulkandriverquery64.exe
        5⤵
        Executes dropped EXE
        
        PID:13756
    - - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
        
        .\bin\vulkandriverquery.exe
        5⤵
        
        PID:13004

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6080

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:23124

C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:8288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:11232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:11276

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:12584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:15392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:15460

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:10808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:11152

C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:11360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:15500

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\appcache\librarycache\1161040\bd2b709a08caf7286f73c51d3b3937667f7aa053.jpg

Filesize
638B

MD5
7ecdaf8a54ec52b20640a88527512903

SHA1
3133a4d748ad3be61fe9db759339cd5de73339b5

SHA256
7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c

SHA512
60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
11KB

MD5
002aae85e6a307a841290858efc35265

SHA1
920dd8845d0a9535e20115aef8451607c87e256e

SHA256
d47c6d4474a30a4cb87b833c54e6825a67797bc26b39c5581fe45c4f1cb23d6e

SHA512
ddef1ddf69b46b5cf2454b564cab021e6a8cefc66a0b61dd3595211eab3faa5d72814fdcf8ce181931918c2526500add626fb17c171142acd3b34831a527bc03

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
13KB

MD5
b603e00ce644ef16f92f9a5aaa2bace6

SHA1
5b3d952f44f638bf7fe5f73efe89fd8eac778520

SHA256
4136e8d9db3bb14c25e8abbeb65f51b6f1995135eb0d8f2716cd877ae985f379

SHA512
a53a29ea4fe77b3160b94d3f037212c2cbc583e6f3278566f6a64b9485f542ec88595ed5a79fdafa34d6368ad4a6fc08f5bdec48b3b986e47217640898b40143

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
abe69df4b51b20326fa350e807907b07

SHA1
67ef98c59674ecd0e0d02824c30e71b3b48284b4

SHA256
28c89e22cf73cd1af822ad61751508c1e55b489c16f417147a1e34e27457a593

SHA512
0e59c37eaddfba47f6fbee2946451563a28480958df66519ca2ee63c9b5677f5c1ce9d3bbca525ec1ce7391955f3c9ed16c9bf77a58b9c2b3bf8adcd26c8d0c4

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
1KB

MD5
a2ec2e91c3ef8c42e22c4887d032b333

SHA1
e2c738a2e9400535b74e2263c7e7d1ecefe575f2

SHA256
8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3

SHA512
b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
768faad4de859bebef042c4d1fd64172

SHA1
688f896bdf7aa9ab3a71cf010f9f5a6e89073950

SHA256
242f372f9fc1820a2495f5c5c848be91ced42708b390dc91f5bc3aea1b4075bd

SHA512
d3566b3fa3052e6657571ecdcd62208100da360729e4e0d5b796ea032d99f8fe1f528dc404e3f2b841a3d537e43ad2b5e08f28c5bbe976b99d76a1c17c58654f

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
16KB

MD5
40147272641bb36e788a393443ad6f53

SHA1
67e9fe0799dc68662fc0a78fdf5d7aa2782ba196

SHA256
2a69d0ff97f98c3c456e699c33d6b0acc33cc23d0a38bf1cebd66e70e6712f28

SHA512
c0559bec7841cad7fad82a1aa33d95fffa7d3ed86aa0c35a72c8e150e024b7ae2ea4356bc18b79c03569bce52ba7c874b39f7db31122619c18ebac5bc99759c1

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf

Filesize
15KB

MD5
5bbd3b2dc478eebc50ae78d528b22cf0

SHA1
4a806b5a8672803656f93db0468a91cea6e3182a

SHA256
ac209e859cd73b3f49d595af6b092d5f53af17c78d5e596cc38e5cf74b80d342

SHA512
37465ac99a5b24a85c5bb8b7a197bbfab365dafd3cf0da0fcf7d08506b01ef5af08ec150bfa6652eb9dae5fbe87eb7c4da6fc86a249bcb1ac2377f107b4ded56

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf~RFe5a8936.TMP

Filesize
1KB

MD5
6e6a2b18264504cc084caa3ad0bfc6ae

SHA1
b177d719bd3c1bc547d5c97937a584b8b7d57196

SHA256
f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53

SHA512
74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat

Filesize
56B

MD5
902b1eee51f01af2f8784297f67e9801

SHA1
501be42afc77662a1f945afbac6c8945e437380c

SHA256
68eb0796a31d9a378004f8e66403c0e925394de3fa73884ac5a0ce8c7d39e2a5

SHA512
ad3ccc7854e05e5d97a2804d5a2ffc65e445b2afbf99479f39db649534bf9288a1da0b0c9c6c6e0fa706a591a2c3ff62a225c965e574b02cc3d7d2f9d9db8d29

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

Filesize
1KB

MD5
b8175b98c1edc6cb04a34b63068fbea3

SHA1
7452089e3123394bd710a5e277838c840123b8c2

SHA256
e9796a713e5d29bd2f65713a09a78d0b5cb6e5e068b930c33d773a1e33e29b41

SHA512
ecf2fa6ca6aec9120873d4c0488a8f4cee00fab2d247eaf713f677bfeeb166af938457db160cb110ecf54497660cfcb87b9c89e197e98d0165153bb84f098041

Download Submit
C:\Program Files (x86)\Steam\logs\cef_log.txt

Filesize
5KB

MD5
0241f94a73704a2cd1db3138e95cdc8a

SHA1
9c3be2338077888090ffa0bbad87ec06a47254e7

SHA256
a013e7b25cb633b99da24826904dae023c7f841558b261879a213994dcc24f0c

SHA512
c504a05b560b4d845cb1c04388611a6786d5c8f7e06e9f76eed0f529553034b22a133b2dfbeb4f1f634b67f81fe5f985cf5004de8b55e22d14e1459c5dbb1644

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

Filesize
1KB

MD5
aab93db7f0824cdd2d09e37756d2492f

SHA1
66916265c1d9ebf4663157740a7ffc8270741145

SHA256
a8561d384eced840ff55321b070e79c13f695c08c4e8b3a79c753d8f9e49ed52

SHA512
7173f1c5c70b2637f758d13a382b48ea2a77c03a110278546658bb7bc151ceeaf9f64fa584997a253d2eb75b12b82f6d04c4c4a1012e8421feb82b0f6a3343a7

Download Submit
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

Filesize
29B

MD5
2c7fdbeb506a49ded9d4de84d8e3d403

SHA1
696cbe1374f995705043169eedeed2949706a44e

SHA256
134c6461515f07c77ee1f634348d1183034ce512e6ea28bce952031cc61f2dde

SHA512
06177bb772a94b59920d339241a4d9a72053e71874353c27890578ecea3c4f26140d5c49887a6e5f96ee109ae97c6bfefc47bcc3e9ab6bf2ac8857fd5b76fe1c

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
794B

MD5
370060eed776ee1ff032a62cdcda12b6

SHA1
0457fab70b394a6b34d524326bc9478f70c8eb40

SHA256
82d7e047f028b090e1842b6ec143542e54e62f6794a5559a1f3e1b728fce8cd9

SHA512
dacc537d35b482befc7748c665ae88c3e75e28fe90c610106b18d87ae3b31718ffa56b7f11aef580ef0090c63d5817d05609e3c3fa09d854a8753e34de37c44e

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
810B

MD5
5502ad7a8bdfe884cfd76ec54af380c8

SHA1
6e3bf8ee126584ec675395c5cb0be245f81e9534

SHA256
7ea59dc689f668bcbc887ed10096649763e0532c9eca40d5b6bfd76ec3111647

SHA512
81645aaf21a6a831ab3ccc1b7c103ae9bf44f3c944eded9d354e31ba02ddca3ae50d59df7c016aa514968793ffad1d82726e5bf0dfeae8f6e061dfdd7ad66282

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
1KB

MD5
d20f50cee81058db92f68343cca783cd

SHA1
01462001017d4472a6eaf4ed3b307e57226d9ef9

SHA256
c884bf52e454bcf1263b0ba1e31e1682f06bba44b2bfb2ad32e403386f54b0c9

SHA512
8a83494f7b104cefe90fc5f21900fb88f23eec4360c21eb6ae3786a043404f155f92b5f582cfcb6fea567dae76515c4b7b8542d36f1bc7330ee099bfee39ef58

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
1KB

MD5
05ae3c324ee186b7ab9d8a60a4d08ea7

SHA1
76fc80210664113f7ec59e6904e6805f733df1e5

SHA256
0b5c9a4176ab8a0ebfa13321dd6727ea09b41570a087154086e201da1a20df9f

SHA512
bd0508078d46f80fc8591610484328e31d79a294fcf829a66dc973c89bfe75ac769ac70945b4592b5451161cdefad3c46f29c18f527a7f43d1f5e4d22b373796

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
812B

MD5
056f4df1eb26184925ab7c07f396c86a

SHA1
9404c09c341d3c64cfa69f98ecb3bb8d04c1e177

SHA256
4858d75b4178b4dfd04265d96cd7bf161e419f8b835b2a0abd37e833642451df

SHA512
6dbbc060372cb5c15659bffde425e3ec52cd778c7638e1c9b1e82e04a9c1a7c6a552abb6f75bb5910f4dd39fb2a65164c592c653efaaacee04e644a83b094468

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
1KB

MD5
59ee84ec82ddac502fe50db45de1b310

SHA1
93d3979b9a75189121152ef42d4528c7196569a5

SHA256
025a0336d54c48565acc95bcb8a136808eb85d9d292c14289041bc23720704c1

SHA512
1c92ec79a001fcb1042336d0b5ed982985abee54d0ed0f0fbe2a96549432e635f0bd324aafe17980b5dfd3640545e9d09adfb688f7eced3985080a89aff6c2e4

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
1KB

MD5
4632857b445a62035a36db1b3cd6b808

SHA1
2b1b794edb543fe3dbcabc92984432686d13e10b

SHA256
9afa458b0b59246b5f63b22244f3cf3a1c7df5ad7cf03d1eb3deca3ec86de1d3

SHA512
2a41c0ceb3aa5721dfeeb346535d921019cae8b46bb9b9526b6c44b35190fc61c7d67fd5f4cef8993594ec62c261af470da3155025595fefffbac5e0e7f0acdf

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf

Filesize
1KB

MD5
5a80598226677ad4289be417c41a2c4f

SHA1
0db6ea1954d95f79a9b254251e51fe70ac8f23da

SHA256
19383d7d9c26ed0b6d9de88682cf0807f70afa6ba130b25f01b54e26866f4bd9

SHA512
0d8b24d4aaf871706fd9a6def0e03dc4df58627cd32519e7fbec7afd55779e507e2ddfd578e74cca4be6990452fa707f9dcbd37ecf7659caffcae2adae736e49

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_1721470.acf~RFe5f0662.TMP

Filesize
765B

MD5
401b4304a4766cc8ba6de2c9cbff071e

SHA1
81fbf7396fb75fb8fee0318af4d6b4a323b538e0

SHA256
243893928d948f930cd2d492be7bc84696695b27f7b8e17fabdf10976245da68

SHA512
0ae38517bcf788bc1cde706b1aab411a8f6c3eddf1c206fd226d8bb4952418a42016480bc0d38f9db9e253183c504defef6e6ded23edbbcbf55487bfe3c38199

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf

Filesize
511B

MD5
428eb23993310f72d69233213362d403

SHA1
9b6e1199cfc156e7ed558434212ab7353fa7ae81

SHA256
e5cc4a07f72604792658ee87c6514cd99999989f124dca2be58c08d9b9559c39

SHA512
a3f4ca56ad8e5bb1118692459ef3d548139bb5772a73dc60e233258c461b76ccf8e0c65e6223900f4cdd876f98255b4fb601226646c2410bc9f9dc03cbcc9431

Download Submit
C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf

Filesize
930B

MD5
c8409ef78ca5b64bed5f05ea9a1e9fc4

SHA1
533600bcbab0907d79142df50675d8a8dd2dba06

SHA256
4810d259269a7ed580dec4968d923c3ca6a17a143f84f4214f3214bb2212dd76

SHA512
85659da5490a5c6acadd84b6b8a1b40b20d69a71691078b99300175f5b559b0b37c1396734462aed35a2c4ef177c31cdbaa1d5a113b0677f3a959ef6904bbff6

Download Submit
C:\Program Files (x86)\Steam\steamapps\downloading\1721470\WindowsNoEditor\Poppy_Playtime\Content\Movies\Title_Screen.mp4

Filesize
37.1MB

MD5
feb9ee47d37f400d933f503a02a400d0

SHA1
4805b89da9ed9633cb89ea579223e7d2a20f15e1

SHA256
6a200cf949ede784e9be983f6390c1e7b4dff09290787e821e1bcaeaadfaacf0

SHA512
49d41864476c607bd861dd912180c79e81c44c82384a534e4c336267b57d27cb32de64de4a0020ff1e956df3798af145759771ff2bded181c643266ea9559ab2

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\7\remote\sharedconfig.vdf

Filesize
165B

MD5
fc7624014efbf1de1a6e2eecbd594d74

SHA1
41b89c3e3be179459658fcd611ac15590053f123

SHA256
99abccfafc830c7d7a08dcb65ec8c747301a719a46e16c3713d90b2d90c67b23

SHA512
59d2e58d64d9bc571f05abb5d9aa3212dfb2b340e1bdf0647db182a3dac3bd2bdc19c41adbaa227d81c2891e132117ea922bf90ff2354c8d16578def2cd1408e

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\7\remote\sharedconfig.vdf

Filesize
231B

MD5
cc1dd24c04d0a8821731dba6e3c822ce

SHA1
60b34370b009cd0785b41bd2d361a7c4c12fb015

SHA256
2feb93bebeeea47d6aabf5e59e0830dc5be8b98c3bcf0b86eb29a27d358f4616

SHA512
625d9faa3d2c9fe89eaee796c8b7d465a123ef55bdeaf0bddb69949ac6cafe63052ea48310aa7f21054cda1fd5901ba3fcdcb9bc1afb72f5052ccf41604b1d59

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\librarycache\1721470.json

Filesize
3KB

MD5
6e218edbc938b76eee40fea402c7b3dc

SHA1
e2ebd5f25bc2e38cf1bb37b44cf24330a9c3e20c

SHA256
7dc71e7ed6177abd56bb110c5a27fdba44825fb9d823ede064b62d848f9cfb75

SHA512
3eda9d164defc3d0e309d703a1672cc3259c3d0e060333b48ad5d3e7949800d80c386ec8e1d6465ff33db2132c04b5f1bf6da44b240c99e7635d472379f254e3

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\librarycache\2504480.json

Filesize
126B

MD5
5216ef382c2d09e344ae46f2c073acab

SHA1
91040770b2b51d00e6b7c32a37315eef249a55bd

SHA256
2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617

SHA512
0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\librarycache\871720.json

Filesize
1KB

MD5
d70db88e80cfdd2884786edeb43a31dd

SHA1
765ecdbcda7a4f88690c98d9a36f79a160913aa4

SHA256
5181c31204063b786554cfcc8cf637c8491d245e9b173c041caa1be16af90d90

SHA512
1ce3dc83e4bc8d6e554bba1429b4b8eecb3deee822081753c7d3c0d6655bb237e23b8cba0d87aa0ce926e82a1b317a03f5a782bfd0e487d65a61044e540f79ee

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
3KB

MD5
1f69192328778254ebb78c0886f36996

SHA1
e95ca39ce7c1296b22d9ca5a9543f8b0b4dbbdd8

SHA256
328231e995678c0606d7882ebc399e2f05882bcf383bb46179cc97098ca2ed59

SHA512
10deec5e2ca022193065db5a5b0e0cb777ad5c99c096a0220c69366d35436809fae434d6d718a62979929fedb54bdc58b67d60f41dbd62d87141465a2b981717

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
6KB

MD5
495d3c844cb27219391eeb5ce515e77b

SHA1
c65534abb4e46331f744f6893a9cf652dfd52d07

SHA256
0d5b873b3687ad267013db206ee12e198197c1177306928b9d0fe941f629b502

SHA512
fe0b8fadd02c63ec2ffe5b7d9bb5bc535dc78d357373f5f190e0e14fb83e857190f2d3026bef695113ca725b042ee5d40a49c7f16c0f2917e0ed9f91eb9d2bd5

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
26KB

MD5
2284c86dae3e531e0482dbbec292e927

SHA1
888006c93b3bd6a9d8fb902f619922f2ee5ab5a7

SHA256
d23b7392fa3b7a2f9a0782fada52cbab1f2de76d4de98efd7005329f625d9edf

SHA512
5a308016eb2251ffd7fb339641a1afe7e47907b246ef6c34e21d9fc2fc9a2d3a2ea97038c5f7976cf8f7b0c1d27fc9f422c9b7b62ff2785f757e111a97abe1e9

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
31KB

MD5
5186ef018da4106b8039a07f7458fc2b

SHA1
cd37f713b09f1d09f5032ae70b00b3da9f7aa2e6

SHA256
dd7a6af6f02bbca9d729b3ffb8eea2d292f8ac83a8441c9660bd93b949f7df5f

SHA512
92ae92668d79b682b4827c1a671fa20f54113a59055362bc5e856a9e907c225971c1d7bbc513445bcc93b85ee045717f686562faf5f85e3b1a74da673e0db2b5

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
32KB

MD5
5f91f1e153867852f8367385c62f27ce

SHA1
6888237747cbb5818bfe391ae6c0a83c21a9b224

SHA256
deea57025d6ca95dc579374ffca7bf0b72b8f03877575d3474578b4db398ea44

SHA512
d440d8c0a2a69448b0576af209d20089ed925405137e24260b50eece1b2460acd9735cfe1c29983143d0a117b9dec8609f30f468bf484a3ae162bf58631daeaf

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
32KB

MD5
87edca94f6dd16ab23d1edc362801683

SHA1
d363dd545d60dbb421b8e5150a0239126b554a2a

SHA256
fecf31094e570147da62f5a4d19ece66bf04b015129c520bc876778df4c0b2f4

SHA512
0dd6751104b2559ef0f192ec432947f496c8f5d16c8b9e6d5a05b3596c767f136e74af85f6e757b8927006a800503ec4126deed636d1a628b8f8b0838b93a24b

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
3KB

MD5
a913cb66264f83803c5253f2cb9023c0

SHA1
bb36f56d18185819ea5b631d50a861793119929f

SHA256
802288d01507f63c015a1e4f53195f2aea2f7deae815770e0b51652289fe3d1a

SHA512
f2f803f6394eb8e82800103f4ddf0f24b172bbee84f08e370aee5038329f49e1684691f02c040768eadaae296f4cc41d1f0c658ec40f38ce21e25fcfd323116f

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf

Filesize
31KB

MD5
f7b758f447cb1ee19370447ce9c96802

SHA1
8d781d5752bdb98fae1e4931810c723b0b482817

SHA256
5f77aad69aa35edec2f255b57ae815b65449cf22d9be75aab822610cf607a83a

SHA512
04833c42b9bc30f2acc30f72580a4ab7ffb1b2b0298a3e4cfed9ab5cbbe9186f323a60fa304af997cf8772b925fd19ae4c06aece70dec0120d666233f93a760c

Download Submit
C:\Program Files (x86)\Steam\userdata\1533311573\config\localconfig.vdf~RFe5c4c72.TMP

Filesize
239B

MD5
aaf2f8b5167583c724268fe6980d7f63

SHA1
e6fdc8c9adc7264b7550766f10a000085005846a

SHA256
ef101154aa5447fb5922777ee2c2a96dbb24aa68318d4bcb6397581802d27acc

SHA512
04e119c5e8d04bbd2919e82581479b56ce9ddebe34f8daa46d1e9abb836020575eae1379a0da4e1ed3513e4ae86c83cd55f5d4dcfd9c931781bc33e2f31775f1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\8f0ee434a6d3c2f7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
54f6f958a167e14a01f3aaa8192bb1c8

SHA1
6118bfca0f30a9e6bc8b8715aa74f8075b3c834b

SHA256
035869018af7c15b4e5ea4ac8397e4a26aca7f13d05470001f02ca77f1fa3ffb

SHA512
a649f5eafe7686cce957619a1c266cc9c147ed09c113e9b0b22f27a10342d6f2658348666d1d3a8c0fae06f7f42d1e3c576c657fe2791d451c7624b80d910312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7a43db936a4bbdbe9f9d14d7105725cb

SHA1
3062d6846bb71bcce3a2e9eda5dcd1c98190c50d

SHA256
daefb77be6facdb178e0784e3ca02dae6c41aeaa96b58a5582eb3da7fd8bf053

SHA512
3f74299d4a5c150fee28fc212dab9bd8474bbd7012b059667272e5e00223a2118d7332f0143b7e6ef020fc9068c06181fd08fd17672bbf317eb33a7b82515eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e448eda901e4cd221a598a48405e08e

SHA1
a55721502dc8b232ecad6a3f711620ccb1d4ad56

SHA256
57dab671112f8da431d9ae27411a18820b4844952b0d3858d18e9789f55b27dc

SHA512
1b007e0c4036406ec1e1b964397e245f1a2638deb3b8fde2837be7a6221b891fd8445a721fd1398edffb13f544482e46fc026a61fbbf1f892964df5869ffe507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b3250f0b4c9ee42f57431542db073852

SHA1
66d766a602132eb34e5209d0be27d06d38171ff2

SHA256
5f7be057d38e29c7027747219a3f1a829ac47c2ce0c32e7b7999548cd58c21d4

SHA512
98960a8e6910a31eca8b9ac1e48f571414a1b120244b0d2491ca9041b530fc099d304a8d3b607544628627fecee30dc6d8cd8d6334bf7ecc5dbab0363cb5b051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59115b.TMP

Filesize
48B

MD5
fb2d85303e13ff968e5b0f90247cc11f

SHA1
7b8bcc1f8a765480fbd0b3e1868d33b00504bb65

SHA256
7a8b840dac4a36fa07d3b9fb0b86250430c69ace6a237ea34b55499951def679

SHA512
83a2fecad9f2572ab1b7f5d215410ecc3c7c5cefd06299b1d42f9c411737c26c95e48eedba1ebdba2f032a2eba395644a6314642db98a562cac3c0cd5c31ffe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f3c25988-9efc-4cf8-87fc-69a797542249.tmp

Filesize
15KB

MD5
787766a999f5e1969f1cee8e83286b21

SHA1
59ea1145123bac4776010dcaa8a08412c8531c80

SHA256
45f7bb082d73f6c73d1212286ad5750a20fccdbff004a71da6348189078d5c4d

SHA512
ad6a5669d5902c46858b19528d90dc048fa2b0deb06f12f37ea5bc9fb12abaef5a44084e761a9e6fc8330d12e4b758b529aad0662026ffc2aff0e1e844996791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
8f594cebb4a61231f959fda9019c8def

SHA1
62a59807400b3152ce361001116f1322c7d1de47

SHA256
774400570d93d55c9fce00824363d03b88813847cf276fd5b5c0fce253c26d8c

SHA512
f65117657b7d5bffee4862d10e46ec766f13dbfd7096ad507679c9b3f2d2851cd3324221eebc8a8068155ccaea160a586a1330c0b3ef05ae66de03ab9f10699e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
a0a7de20646846bf984c35ad7b3e6f07

SHA1
3af13b67314ac06d6f9fa5daae68ec181cf83352

SHA256
66cff760016a46127e2d196000c557f20548d8cc6b9348c9687e87c529114767

SHA512
705e9119b8a28642688b07d1eadfa4b6340d16445d18ad8b4ff7e76ffaf27b8cffeba6faa21dc8902ac123b60126e53855634d4331158865561923e032f5e2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
9e2c629b1ce9435a81a9cc4b7222461d

SHA1
94c80fa5aa222d085471fea828676c85f1440e54

SHA256
6b66f1bd332d3a0eb3422211e9c5c20d456a57367cf61dff491038eeff519f3e

SHA512
3d8697a828de8ed156a0d659493e5b12a38eac0db7473a06b3f6888e292a77b5b2799191d8ba4b437cddf1fbd8d287b263692e2496680a3426236942ce909172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3a9f0c0eff2e68117f73c94c459bad7b

SHA1
5f15e67cd2490f4ff370c4bdb19ca2cf701f1a72

SHA256
3db762e9741f4d52fc329d237ada185bf13778bb577a5e623b519b8d69df1b7b

SHA512
da652a9f5c854efec797f42ab23b0130f7b236238406d7263382b3f4ae4b30d26cc7a0cd6ee856cc15611f7a2e04d76ac0a13c2ea41354fae9831347c728a09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
36677c8216a2bf21739e51b828093ce6

SHA1
40ddd39c9d2c8ab0802cc440cdacd1f18c9093b4

SHA256
9e99938312ab7450f080b0e904e1fc50dd00f40316f47a971207c1c5da3de99c

SHA512
ed660fe53f51b26594ee15228f3399dfd48fec1209932ef0289c20c250071c07062b3528afbb7bcda1cad112941d0298b7ae90e7f16b882305f1825853036b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0c45ee0655e29b0a935a305e66bba8cf

SHA1
ad52868d94ba826e1f0b9db56d8fb7ff1c8fff2e

SHA256
d23f3010a3dd3688741250e254dd07d508883c099e1911c3e7d0854be85ca599

SHA512
479b8d020e5f818a452c050f27488928faed74c6d329ab58befc860f5bf76878efcdd03bd0eb7b83f22afb4e74aa40c7a0d6bb29677cb4cc03ff4dbd2687bb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\762f7c0f-bbdb-4a3c-8231-f2a68b36cbce.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
f2605afb53221b250dcd0dfb322ac0a2

SHA1
5633739633193df8a25e849a00a5d7fee543b261

SHA256
bf39a13b4f3c98eeb4a85eb21454e75988decfeb99a6478d6a166cc4becaa7c6

SHA512
0ed9d2b1dc1a76823bc0682c119c6da7c3c9deda24a1564da0f86da0622a45fbc4fa5e73fd45b3229df644ba32f8f344754f58c4b4815c89e0a862877a64c125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
41KB

MD5
7b047883a795c3597d61673baf809333

SHA1
dee8515eabcb645beebfc1df5f0023e85e64aa56

SHA256
9927f22f06445511e6b3c4ecb55dd47fc411f982f5add76fac9a6f12e0a84c22

SHA512
b262e1ead1c864456773643d10d5f79af8a5a836b4790a35e698da24ffc838522b45be24d76785242cf250aef2d222efcfa356d5eb33e8c670dbdc47f310a607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
114KB

MD5
e930cf00b9f1df58faff97bd4c06db59

SHA1
efd2155e9faadafe1558e1c5e5240e4f01db36f0

SHA256
a41c0edb4cecad4f7644eb7348e57331065814d38c5716962098990b320f4f0b

SHA512
d402f6493c039f2c59381ec6ded80acb410cb95834699b5900cfe305fc1cc9d59e4546d481d46c11f1e4eb7e5f10abf923790998eb2024cf22a3e3b4f5551308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
19KB

MD5
d7ff50bfe3a911e6c398aade10cb733d

SHA1
6549bea7e8a6b3478100490bd836090c3387c3cb

SHA256
bb99ab2e6c435c1d5b5955da73027be6171b654afebaf8950dd68cb8b23f5bb4

SHA512
f33a9b155cac484342bd3ca53c2ba075d2c9e09f2340a11da803ebfa33c5336d9afa3d5507bccaf87c724f3043caf8cf88ee0c6d87ed5e0e1eb0acd19a77776d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
77KB

MD5
3e2965715a0e4581141016e3e90f1956

SHA1
2a29a85b9280a07983b669bd55fb00210b016fde

SHA256
35f8e38cd29dc9670a87d303ded1ac66222237f08aceea49a886fbe1c509d2c1

SHA512
822075e34f9a429417adfb5930e6d22dbf395252311990020e576eecc3b013e02d181c9cb98e5266e88a8e9e65b2d988d79e01792020a36bbb0141a855ed4cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000097

Filesize
164KB

MD5
cabef86a47c992ada635841888076aa6

SHA1
0d19d5da3de76c2e417c8ec62e7229d17d8be547

SHA256
c167111744980527ce95cdf6942df24e2d0b7be9980d994b8debcf0274043c31

SHA512
9bf2d202a010d21e311720291edd4246df4afc2a1af7fad3a830c23f3f3bc338dca18b6027e47b9e7ae20e4003379575dd76aa3e2159b244f376f7da8b834e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
64KB

MD5
baeb5f5b74af2049f2a811c61a6cfee5

SHA1
92d58959e524e9f44bfce1edee4aaa52d37b5317

SHA256
60e3b37cbe16239abd8b2f1b7de15bdeebfad572f041ad8cc534aac88b1613a7

SHA512
beb2d5ce21d7af2bc52af619764d82de0b16d3ae6d9d0b833ea486d4931d1a911b6ea6208bcc1a7ce3c825d114ca851d86449f95cfac83953b95658f8e372e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
256KB

MD5
d50df859fac0f2587beed99950a55382

SHA1
9389a43a2661575dd5afdbf9f4521abffb9be4eb

SHA256
0f1fe568a93ba617348d6cdca8a12cb85e4ea8f6f6ae3cce1cd0b8fbed3de935

SHA512
b7205c1bbfb83c07a08241c106678c79f4062e1c700f2c61f71ab7288c89700a5fb13e733e4c8e3b9f12a68dba1365674c9b940af84f95bce7a38af4f1618195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
256KB

MD5
3f3297819cd2b781023bb50471132691

SHA1
206d8863f895adc7cd368b454c86715ba027a688

SHA256
bd2aadbf00196cc0ac2fb4c03e46c10ae55675b44caa9d3419d8f71662841173

SHA512
12749e9126de711f23204455aaf9992e02102cf5261e91c3e9f43016a80b83f72854188baed529c0b1ea0c8d78c031e30b2cd70a532e85fd93d1c509fe7965a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ac

Filesize
35KB

MD5
edd727844f1815cc1613866b55b1c776

SHA1
30b3433a9e2e909dcf939cce7c57d52cc06a5339

SHA256
418b39e8e35e69f4cd88ccfc77f03c27678243f0aa2e08a57bd91b652056c9d6

SHA512
1f8289cd0b28278bc4ea7e007bcb9b24441882ead585fdb5e4b5fe00ca8cc5b7aac093cb192327d84a884348ea5e80c6d4977dd4734b455c56bf4a6aaee2469d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b2

Filesize
41KB

MD5
a4a99cec7d4c2564e0de3ad3bc5d8c1b

SHA1
12b4b0d7ac4dddc25d19ebb639ed4dcc38467540

SHA256
8479dc21568491cd73fd1d6315fd43305ae8d72863a7bde727faf54a64d8f8d3

SHA512
80e0d7a93cedf22bb096385c106759dcd940e774282e62af69b5d699d977aeddf395e4b72ff346c285d5fd06dcae6e2414ea81d2ca714ba430b2bf1688ca016c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d9

Filesize
19KB

MD5
99af5da82ee74e7d9502225446604614

SHA1
7deff05853fbf1528875f9c358b8a6a31d6dee5e

SHA256
031fe7ea42e0a823949190f13ab143f1d9d26fb0b22d863b582593a37cbcda9d

SHA512
7d2cec0882df88edbb4789fc14c7721f6dca5681c85919ee1f033d5cb2324f9c1305707bbc4c534e0019a2b163291edf4bd65c374e843d75174589e7148aab07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000da

Filesize
19KB

MD5
7db3a765555e36af88644f309e7d6ecf

SHA1
7a34cc6b103c1c771904a16aeb2b098dedf112bf

SHA256
32e24e2d57aeeff36d9261f23f14c4fdcafe3f4cf0f16a30e8adb689438d97c1

SHA512
4604f6355dbacac3b3a9c1becbca463ba4a40c731c6bda7a1521a7b3cb00d2bd18a41e584061be97ad8551bd0bcace1f7d9f28827ba8baba374ad4ac09929bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000db

Filesize
24KB

MD5
644df470e63a02afb32a053a23d7502e

SHA1
d42d853675ba656fb9953071cf42f4da0a772b09

SHA256
547ba291bb16ebb655f2ff2c5ab046e08964e73c145ee417374ab975ddb5d190

SHA512
77e58c36322db5b60cc85443c52ce8a717848af215a00b555399cdb6da249eea987d77ac3100a35e8f38dec95ccf64012a75f96f95bd8188da735d2af62a5475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000dc

Filesize
36KB

MD5
fa88a6b7d76d38dbcd1b3dfc8d8c192f

SHA1
fd6341788429d858a0ee8f466668cce580a3c0ad

SHA256
b14a017f4a21fae1d261b61e884ab1a22a2b7aa1aa038a85b176c73a601aa1e3

SHA512
53626b9cdcd08138391810af0cc7bb8990a0a3354bca05db6065930aee616f4b328a4cf4a3ff667461d319bccaf713d6e79f040bc5867ec1f503e2076f2bb49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000dd

Filesize
32KB

MD5
31b05e57c066452d73ab005bb42865f7

SHA1
2a8efd5d7753dd756c539ad66831b01f603fb13c

SHA256
84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071

SHA512
f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000de

Filesize
24KB

MD5
d1a05121b66db186f7ffda295159f374

SHA1
65ed8c13bbaad11b97d9e2870bdb1aa1507dfe44

SHA256
460f5efa01c0460683af6e623b66045a0c959e5d01a543f1270b3bd557c92a84

SHA512
c0b20524ebbc408bb5e291b54fa22797693e178bf75bc0532798e2deadf34eee5f541a54e7d7186efe6d75917cfe8859308a566dc04c5a445e35219656b32bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000df

Filesize
19KB

MD5
1d063fc16643f4ac9425258ae8bbe4b4

SHA1
501c42c3ae6ac65134542dd3b305d982d9188621

SHA256
e9828fd5a0ccd6328d53d88748bef525756a267a22bc19bbb954dd3a999320a5

SHA512
a7daf31e1286c4bf0d53b027c9a5aa97811622bf95fa159cd6aa409d792f6bf85af8aaf14f38c0ea6b05306f4bcdaeb8251da7a039fa0d272319dea6388d78fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e0

Filesize
19KB

MD5
9554f25755d9cb6249900b71e91b7693

SHA1
64c1d5c34a37cfef01d4666bb33484333118326a

SHA256
cf15bff0f8ff136425f5dc2fe81e66574c3d7a3e3d8c492701efb6f703d53d34

SHA512
17552b530dc16c6272b02983f433241e73c14b2fd481a824c6fd45de7e350d1d10cc023b5136314aeda4e6a8a0309adce3514aaed60e40b9200517e87f409213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e1

Filesize
41KB

MD5
259d522a263264a2c391e44f089d3e1f

SHA1
9ab62b2da869ca14938c95951f6268e5167b3a84

SHA256
7080cccb4adc91c5f7cecb2fc2a76fc3b14e27d37a6a2b34bd3184ac41233ca4

SHA512
dad1688f485b88ea4f84f5e97fef9cdd802728839a518ab89315c4927e286531da8e922de0095ffd93d36fc7342f8c5458d06c74d63ba0b7e1f2547b72c2837d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e2

Filesize
150KB

MD5
c45a56a4e95904691e24e3a7a67b8484

SHA1
511366ffc5944dd8fdb435ac8ba2fbabf71ac246

SHA256
cbb5049d0ea14c0cf2b8b84d0090e8fde218a3eeaded4fd01bdf8f42ec2e82dc

SHA512
06cd3685dc33bd386493e1a5fc7d8b2b20a0d641931851b36279e9bf3d881dcafa1e28234a774de06e5a355dd55deb882e1801990cd7a9fc665de4b50f4df578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e3

Filesize
24KB

MD5
e0b66abd08331c9af1034ce915a5e1c7

SHA1
3010e55c0566a30cb0c71d6a182e09af7df3cbc1

SHA256
15442d410e832f6d63c620956d87b7c50346fa6b6e6ba233052d2785ecb5212b

SHA512
25f553bda1bd5ddfa028b708260c4b98675fd6f199495374051e74c955c56c80fbfbf2ed40d11e8a136e4aa6c1a3f25895712c03065b539f742c5a031efe54c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e4

Filesize
277KB

MD5
e2cbf28433174a8d07d9b8d6765a2152

SHA1
806490e39434901da864813aabb6555eb04d1ad7

SHA256
c8a2994e9814f263be9cc6e84b163c80d3e84b8b26125f2301e25f8a7cee4373

SHA512
a72e7746fa29ce507cfbb63142b49bc246028e6193b55771a04288592650626e643362df91f2fff783bf3ca8060b4b56ab6dcf221af5beefedfc46a4538bc2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e5

Filesize
157KB

MD5
1d7363064d454b57f9c84df28f566ce7

SHA1
773b8a0f0c6cbda10b0c2ba62fb53d323946e311

SHA256
f2f4d59a808653e110b074ab0dc600b249e7451cc609eeeff3efda1e32ccf7d8

SHA512
f8a9e4c39d6c3e12ad9d01db9c0318fcb82b5dbe97b57ca6576a482ce157f456786752825e397122ea45fbce77e6c3cf62a2671c1973e40dcbf3cf26852cd49c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e6

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e8

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e9

Filesize
131KB

MD5
ed96af112ae58cc87d257e3a15a15058

SHA1
2fb2963ca13d8e2dff6bc71e9ead9b0fdc686cd0

SHA256
fc76b07c4a37f312ff1883efefc994e48bfc407942abbe823d665d46c2a883d2

SHA512
16adb69862af3c24cbf37be97c366d441112222fb4f39938295e89cee92344914c346f5672d146a1edf0008eed491eb66cd91615318374a4a9e12598ee48224e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ea

Filesize
53KB

MD5
e5ecec12ee8b255b3ad47feaddfba831

SHA1
1e538a160ab4353e07a1e71b46db967faf8f1d79

SHA256
aec33c2a586f929b15340184d0bca7d43af51cca38183aaa11444cc1b8679be8

SHA512
e10fd728c2f9ca4e11edc1276dbbcaf811361b123e9e3c8e9138ffb80b05ea229d39963ecf08d1c4d52a33e61caa011a15751486ba4763de6c374210e9157fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000eb

Filesize
153KB

MD5
a3bc9deb2527b525db8107e82f1be2a2

SHA1
375882a59d7f9241f4b2c226be8ae00b6ef8c279

SHA256
7659dd297892ba665c843f026a7c9a998dfd713e48df8c793bd8abf3a7eee778

SHA512
bb829c663c7453dc1badef07641b839acefa4e9c19b56d8b6250419cfbae38c5c4b4090dd2a5c4a599a3a0e34f7d1e716364373a3249ab2763774d8b0e72e08d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ec

Filesize
52KB

MD5
0411bcc8b067ab27b63f27801ce02aae

SHA1
656af4bab2fa785ec3ecc59a1a5cb77aa830a681

SHA256
8feee999fc7d42dcbffe6c8eabb64cf7ea29cff7b803c1b9e6c8f678aa684a0a

SHA512
bbe280835988fe4185d1c396e86f35dcaa776d5498ed6f7385d1c73238bf7e19448a917d035b8a68efb6f42db4a80316dfdb6d6fd4ed30db621f1964d02f8b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ed

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ee

Filesize
104KB

MD5
8e933cf7c65b6aba2bb96f2e3a81fd77

SHA1
c95013eca019f69aa8359a7599720cc24b5e423c

SHA256
ccac5cc49a7bafdfd3d2508783482da9a31f45517697e45b07ff52aa85793013

SHA512
d4e68359332535432c7906ed60e94883487241b8a157a8dee7aca4b036f5f4eeb2776fa4c1755041163a81cf47a6221518f46fa8fec5a454580cab2d2689f612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ef

Filesize
130KB

MD5
07247cbd12d4e4160efd413823d0def8

SHA1
517a80968aa295d0a700a338c22ba41e3a8b78a7

SHA256
41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829

SHA512
27e0e7505d41891e70bd06733f96e82e45061d621a1d20bbc524fc89c5406a799cf53d98c0fa256cb4ebfc19750c9a05531a8d273cebc260d48948edffdf6244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f0

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f1

Filesize
130KB

MD5
eacc69b52736bf0b42b8fb546ec7509b

SHA1
48fc3bc87042c27da22d174ee1013bd81f8dec62

SHA256
fd7aa636c3e58e02482b1d9e0a12e71df4275a384794fc2d907d4873063f6028

SHA512
47230ce6d85064de3a5e139a604e7189ca0fe60e45a0e5cd0706a77f3e65c73ed2a71f11cc5f31e9ad85837dd4045c9ce232dadfc41d213a119c17689844fdf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f2

Filesize
75KB

MD5
5b25405c08afe3559c9d9f24c7337a5b

SHA1
8aff8aa21a3db87cba20195b6d1fc0c71b273e0a

SHA256
b326465678e1a6ed6dfdc4fc42fc721934265671b97c4b1888e8d40006c95aa4

SHA512
d42c307168b3b57dc78378bccc63921a822c436e8eb527f15c021ac5fe0be07dfefc6858235bda271732ea44973bcc4e5171d41be2cad8527388ce3bbf0f5c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f3

Filesize
29KB

MD5
7935d2be444c447fff4556b702c6c508

SHA1
f2ed4627b272b7ceba037b897c6ba0c2590d0b4f

SHA256
0544272f104800664f80fa84c77957e8c3944840a7e639f134dfc09ea97481b1

SHA512
fb61233169b44a5b0fce70fc09b90d097dbe173a5c4275f0cb4f6b5fe92074d2a47e2595a30c53a51b97b8c8582d3f84e41d4d8f7c0063cec43b2e3473f71e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f4

Filesize
54KB

MD5
fce8d1bcd4cc97b44eb979cafce57f4e

SHA1
3d355632d084d98d981fdefa7c7fb3f03acd45d2

SHA256
560a7138fa44392ff2912f29cde90cfc6f7611c4102b2a7c7569c5825e49a2b4

SHA512
304701346f9261cb27629f4446c6fbef2a875b7935a4359b0dbc9b6a6b6ac6217f2de63dde42d2d15bcf8b14f802e572b4178b743bfa55d0b81e7355d1f59338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f5

Filesize
27KB

MD5
882b9b9abe8f33015de41076c5050516

SHA1
b7ef1a0d85ebc0d6e26b603ed55e3b3d5815e3bc

SHA256
8e85c3b2152ee80058108aee48f360de91ec56d2195227cd229cab7b9a724adb

SHA512
5325df1bac69d14436b258b01e78e6496577f15b599fdf778b5ee3d714a3c9a0fe2fd49c461a5905003feafbd8dca45acda7b5152dbca6fe46702cbdf97d5f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f6

Filesize
137KB

MD5
6b5c68cdfb7f8742ef24e9309edb4ec7

SHA1
1f1997edef9ef29b7742c850b4c185fbc11304a4

SHA256
25ce66576b94cf6acceeace59e0666568268e4868c495b234d71a4a0ba0007a5

SHA512
0c17ff1797234fe3e051099ae7c0de11ddebff9f0d456b67e1bf7a380e1bdff2d0c462afc27417ac61981ead0e573c9dbb4e1000e4b1d0984516e527b935b150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f7

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f8

Filesize
22KB

MD5
48ed92e8e6b5a8574a1a50c7c8b6e49a

SHA1
36d5eab4bdc7fcab74d90e0706ee125148afd0f4

SHA256
ac70c68af081b6154d8d7911092295d211671fd4e9cb16f28f01199128733971

SHA512
c7f8513a469855fde7da6242a5719222fcf3cf64cc8c7d1af2a19bf19bb532b5578d5747007757a9b92516339d5a6dcee9ebf22c9419ff183ac655675d52d744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f9

Filesize
17KB

MD5
23a89d071088d693dc6986a70d7dabd0

SHA1
ab029c4b1b305ed7e7d46d2dd075fa2865eeb9a3

SHA256
02d22ca041a9307542d622192556b631f47d9fcac20a5508cbbe897785238be6

SHA512
81549908f9306af745308760c11047142e6f02f0bfd86ed7d65c782b4a9718283fdff317e060a7a699e9f4eb7a530ac5ac851cf00c1e8ea11c42e8a6ae938e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fa

Filesize
223KB

MD5
0b8c58364e4ed8d00d19ba50721697e5

SHA1
e4671ab35667d5d53852a1abf5b538b14da1b9ef

SHA256
c003288550623dad6548e16a4d6565df3e94034e379c961041bd215a34a59790

SHA512
2e1f0be0bc7aa1eb43338839cddad7ea8ad20d0fe5ed83deddd6ebf64b63e43512b795e3caa7e79e5148dd62a0fa2f2021ac67ad765e94c0003ba5c0819b9e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb

Filesize
67KB

MD5
136ca4c7b7f91f9beb50223270cb056f

SHA1
956bdb9b00132e26ef4a928b8ee80e306ee14c3e

SHA256
2f12b6b50dda3b77524c44e103675827986d8029f3c3f97ac5c4c1efaccc7181

SHA512
e423b5e0ca66db802ca31eefc9844b32e747b52f30a254023639ff460d24c6f2f8b67f157216c80f34f9f4463d52764f9f745c6244707e9e17e61ca9f08501d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc

Filesize
66KB

MD5
5a511bf9f1030cc5b678ed9cc30bf6e4

SHA1
b921c28fb28408b19aa5e1affbda24a85d88196e

SHA256
a895a9f985a39d9fb236380839b8e88d31c718ed3b5416e89369b22eda59faaa

SHA512
8a54df896436d195800ae92f17911f8cad061b3e1007ceef5821af8c184241ddb0be28e48b70d0ced77d7a6dd92c32d5d7a59c1d009035e470e8e4143a4d2a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fd

Filesize
61KB

MD5
671b245bca8426c1126464ad796f011b

SHA1
8b144392632ed79dd99b158e6d5887bdffcd6cad

SHA256
1e69c59cb4f50017891140226fe49c61ad2a82104acac7650b05c460c376c655

SHA512
5f6e18bd706fe703736a29f80b90dffd595c49c0e33fc7cbe1ab43973feb9c8697e5d83a4d2c981b95c951c8b5c1399f9a37b193bb916f94cd994f7463ee9631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fe

Filesize
70KB

MD5
02a0adb8033eacfb33fba9bb1b771b71

SHA1
be35a2af2aec81b8d1c7b091713446c841964948

SHA256
0fd28202e936544c1119cfcb0696ecc75576d64d7a12ac04912b9c9a1ad4612f

SHA512
37f93baafd7502d1143f98298d5e94225c4cfc4ec8347c23d3bacf11ba3817e3883dff5dc502ac25be0dcea2e534a29e2814e718540cbff2be38a5b9867fed67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ff

Filesize
53KB

MD5
355368c09ae89434b648d473ec54f5f4

SHA1
36ffe749e3c296d6e57da59f463cd2aa8f69b0d3

SHA256
af611344e2754103acef3e836d8cdfd1970391514324a3495cc04128cae9b672

SHA512
390540adb50f913669816189b8b215f76d005489e87d073132d4f958fed52c5d0a49590499a14fea6b2a1863efe7dfd4046a087e61661b9edf8805423021b22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100

Filesize
39KB

MD5
693cd866c3df2da8759e145a304b8c57

SHA1
6bcd73f5a80defc71914893a8daa90f0f9e5b148

SHA256
8fa90d96e57af2f4b1fbeaa5cedab61d0a5fac5c701021dc2a48a4fddc19ba66

SHA512
c5fb6dae3ce7f194a7480d2c0e57028fb295c960dcef07cb00343cad92c09b6649dd58956084f654692f30ef9ed9706d594f5fe549b85a8b9961ea4900b86d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000102

Filesize
43KB

MD5
365ad72098b76df3d9c265cbc2e9493e

SHA1
1d5439a15adc3f32c7eb99fde49d0706dd94d135

SHA256
326d09694bcde25d0ba0ac668d8ded2e4ff4b99bd0d7895ada402cdbcc10d640

SHA512
cdcbca51aac7d61161dd61e97d099be5d36534600b1de60a157eba5eb5947424b46da305cde1f4c800cf5637d131191dbb4f3adc5eab427af09d57289566829e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103

Filesize
43KB

MD5
cdabd474931a8d901ad98061f9f0a627

SHA1
9557dc09078507d084881b2a2e1648bb98c28f4d

SHA256
8f18a87b5aba92a2367897f6c3957ebd0ae45f1142bda4b90bcd07719ff66c0b

SHA512
4ac53921b2fec8523cc6359bbcb403801b41565899b3ae3f5ff21b430da265b804fad4331e7c9c85af3678e0af64db92bad47328a097fd712adbcb9461339319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010d

Filesize
63KB

MD5
f6e4af37f54af02deaeb1620b6c71d1a

SHA1
acafe8ec4125aa2cde4add804e5f66207b066cdd

SHA256
eab6fdffbe18d62d1f7cde2f261d1c9d2f6e498475953cafa2017dee23b70998

SHA512
0bd974f51fa7729e11eb25a1120ab2628bb766a40aa596f45614b213d3a09bab0785d81891351d8b9a8efca358633588e0bb5b1cb40b1497afd46e22b9b98d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000114

Filesize
716KB

MD5
25081476466948e2df11adc8c9937804

SHA1
a8bb6209d8264de390513e4e44df781260ce6c32

SHA256
40d8df14959a05ab2648d03121318a336d5b346b997619dc4c76423317b04476

SHA512
9b274130212f0c07c1befbe3702febe0457faa5455a64455cb8f1372cd7108a6ab7d9192ca2f8fbf4cb121d826a345df7049cccbba28b848abc9fb9e3bf228d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000116

Filesize
499KB

MD5
d07fe0483acbc3805f1e48cb971c606d

SHA1
a8d9fcde781b5045cf6572297dab853097a2178d

SHA256
1b8a56da98c2552790865d9295586b5116c9f2f08cdf69bb4479432f249c6380

SHA512
03cf0c25ea172525572ce45687207854a3a5d9c7a69d44b2de295529da7205322846d611baf9f2dcaa48235796eeee4568439cc201ea9fdfd53cfb19f2001232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011a

Filesize
57KB

MD5
fa71619e27e34bbaaab7d4ee3c99a5e9

SHA1
9a718848dceb45399e0595bd2e1e4d526c05a8c6

SHA256
1c91151f4b0ad496ca85b4b9fdff8c353579f190e84c87a032e40e0ba7167036

SHA512
fa749772e80b161798d82f0fa062063998d8ef3c86d4d1b2a8b999aff6cb8136bcd15febd334af6a0b371d31a54abe3407e827d725f3b99ef473fe12274c3f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011b

Filesize
71KB

MD5
fc7c3e8b9b4e56192ae29a74e79eeae7

SHA1
f93768c993172aba43a7849f3656f1cc6f84bff0

SHA256
0db36678407aaf5cf67550b3ecfb00eb543e7bede3dd1a0fb6317c0b94492206

SHA512
ccbfd17e3b0588aa6c1ebc49353e0c1aa1cef068b1a0b5d62f5fbb6fb0427399f2b80a5dbf8ad7a1472c0d7d824dae07787dc787fa23fd5e13443aaf83a5666c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011c

Filesize
67KB

MD5
904b063c37f686681bae16749f381def

SHA1
bc166eb7515325832d1cc33cae7138d7fd9a81eb

SHA256
27fb49959b128e16003406f365db071e81ce1adc2094e8189545d800fbfc4804

SHA512
10b24e29e7ad42c23191d6eecc69ad80ec64aefd9fafc53005439cadff29702607cf78574fe0591abb1fbf57dcf03a33da06830945da3ad55766bf30a078a0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011d

Filesize
93KB

MD5
18924e536faa399d67b057027f000241

SHA1
a852be70d9930a6ff3f7e8c684747ad895028ecf

SHA256
dd8340273c916802b759312dd809a99231e30bfe715e0ac9dbed010a7b87ed61

SHA512
04f550829596def7ec74d9daa07609f8583c0afaff745c9494e843ca0f4099ebfe86247d1d3aa70d9d96feee3c6d0b8c80768259720e487f15a8cd4bdcfd7d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00012c

Filesize
962KB

MD5
98eaf699f517ff88bb2f595bddb2c5d8

SHA1
eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca

SHA256
7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582

SHA512
7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000151

Filesize
30KB

MD5
ef3276cd5c9e34509793c65d89a052bf

SHA1
ca7fab6bd59916dfa44ab1ceacd0fbfa8c06ba68

SHA256
536518d022677549c401d2286846979a4114fcc57a5772b62ea3e7111fa541f4

SHA512
89f6b5b4f46051fb5966d6055d628d9879138acdf2691e87099404dbae1f2385e55550074a88de06821ef8ba014ebb17686db36f219b358dcb18d069d62101f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001cb

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001cd

Filesize
72KB

MD5
0eeeca9930513af1c5241b4e04e50bab

SHA1
15b02adb24b30de23e9b7068f49437a93b18d0fc

SHA256
b350cbd0a9344d96801e3a628f24296129835752a89487cd18844650b2b21022

SHA512
c24eaaf410badf59fa9349ce2d90e61f51ebb125fb3f7b8be783696deabde3f372c2f1f24d325f5525860a25b98d88f534580cbf3aa85683d40edf29fe0cb33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1bcd772dfad45640_0

Filesize
354B

MD5
a7c7f682d1168d480a0e8041d71cc08f

SHA1
4c82cd2de641c485f49db5511bf3412188312d96

SHA256
e655c26a269061a50f46f59b02bd1451063704544cf4a1cd3fc712bc80ca2fa2

SHA512
315cfb547222312c45f592af23c96b35912cf9a97e168e5f11f9fe7f12ce573f2e1622932435cae6d8fbb490e3ebe0e70f6233750b39ac2e6c70f7d30b3f6237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5929ecc3d500c691_0

Filesize
289B

MD5
66036d5c4cf8d4792578adc1fafc1382

SHA1
81ccbde39056a3f96521a8935cb4bd0f27914488

SHA256
ebe43b644a66bef2611f813725123aafaedddd05c2cc2dab5e568ac003321966

SHA512
3bda21195c9bdcdfc690579bc58c22f6d7540b769bbb5d5bf2cae03f05029db2da0c7f7c3019bb7d062bd99112119c770e9af7383e947465f2a6061cf7a1def6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\738184b4bb16e32c_0

Filesize
2KB

MD5
8e32be690235f1310f29d6fd2f730840

SHA1
a190c78f5a3f2b1f1e09d642c8fd9dc47b94a979

SHA256
d156389909bd040a68ec1a499a3228d8347e76c8140c4cd29be0b2c1d14f6794

SHA512
147d9c86c43913796b7bb21702fc5217928db2a83df47fbe54d587ad22da65d2a916d8668eec2e62f10c1094a74f99ab397fd7f1e20baaaeb9881251af58117f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\738184b4bb16e32c_0

Filesize
2KB

MD5
3c9be92453da05102e8487799270085d

SHA1
5dd8b7c405f9244025ac807d52049f3d6a5146dd

SHA256
13d543eaf61fdb1ae478a67ceab7a391bb08aa452f8e25c264895a344ff26220

SHA512
c14834249f5fbcbd6bd4f6ce6778cff4deb3c53a9e37cc307339d7733b5b7ec8b29632ddfa3016842b3a825c5761e114e70c14351db6e059c1158cea84af4167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eab402244d8fce26_0

Filesize
294KB

MD5
2ab8c4d004aa5b7e71a333087d91199a

SHA1
5d51f035995c2ab599079135caf58670b74d9900

SHA256
a8a8dabd2fa54e6199dd23e7217d1849920ecc67d66e1212149d8ce440b85826

SHA512
fbbbbd4d68ac1528eaa6d6005ead14000bd7770717085a732011f5dc3269b082628f156bfa6ae28da9b64958d901f7005c836e525974206864a05d9e324f0495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f66ebcfe242cd84a_0

Filesize
695KB

MD5
71941684dcb74066dbebbb14efb8ce8b

SHA1
75351195cd4d387d2255313bc087d8e0be2f809b

SHA256
a2176abffa58434f6f70bf306c86aedc81065bf932e1639e773de116b1337d31

SHA512
a6993077b6dfd7cb7efa6fc87c79e3edf5a587a41859911faf71f4ddd53471a02ffc56d847e42881004a67987711f9ff27a0c67cac0bb425552716df8e25fe61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
479d7807d067429bd1e310cccd4d3502

SHA1
d84aee2ab8d8c622783eda22036a07e9619af172

SHA256
153783ea5b28f37e53ef3c99cb594a7057e669f01c57af03fa54592996972cd7

SHA512
e3943c089c47cdd82d230ac9bb36e23bf13cbe5a77bcabdb795a0c20e38b69ca4cf938f0b8bfb8710dac9483a5951d693f96027698d7d5934615f1d89611c400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
e6fb8ccd7e108ddd56c372f7c7ce7b4d

SHA1
9db6d1e0394ae0017e11c71078b56e77ebfecec8

SHA256
b1c1d11c25d78f9ad94f8810d39bdbace9ef84ae8608a4a1faef9a7196190edc

SHA512
cbd8008fbb68dbdcae04272bdc57fca930dbfeb67a10578fa01f5a79d8fdb8b6ce0e16436c337f9a1e261f6166da068c88af7b9582e92d7a22658994ffaec391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
339d53f6a3161053236d5d5b256dd2a9

SHA1
6fcf7bdce1be46778c6080cc6fe9571c73735057

SHA256
f759b060bfb271d29adebfbab1fc17f08751f6b838f11f940f89967dcffeb902

SHA512
3d131eeca6bebfc0cdf9b202c8074769537ebf6528d317afea7a24489bcd8b9410232877e9923ff6bdcaf73a0070f6fa58c300f86ca87ebe85728cd65c665391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
d386b8293ff4fe669a18229b90e1fe31

SHA1
223cd90252c0850d1466135a92af97a35a314482

SHA256
68e81321a8075c54a6c73f48470121aab3a0bae0ed10b04519f9bbbf4c895113

SHA512
b9241b518bc3084dd3bf4f7f09f22ef646c1e3210727b4c49de318743766823aa2f54edf0fd31302da0b7cb442d23cb24f0c3899126467d3615ba6d34daa670b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
9f141d07abf920d738aa0963057cc02b

SHA1
7d2789b601d58f9ea331d49e4796818fc7806a79

SHA256
621892573faf3d2ff6bf78f7f203a4b76a56dbc60bb7b9eace76be1fff6daaf3

SHA512
530763eae0e2610fcc861a51a155fd8853993dda4df9a1c1c57184d82034a285e7c2a93978f7ad98afbf3b4587793476655fea90b257e93dcf14e80f7d52af47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
7d314744904c62e588f28d91ca2abcc5

SHA1
867cc1b0a13c6cd914fcf3b02eb60ca7d5f46167

SHA256
693b2ead339b16ea289872e6a468bff7de3fc1ed76e27eb9b164c1f068f31b4f

SHA512
cc79bbd6d93a2f66d24b59f8c011c2a88b501e4e28016e7f548ebf53af5c0ad71652e08bffc513e1f35f5abde7cfe803b48bede6977ce6ad5c20283ddb5fbd59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
49dbc5ca3aed88ff2343f884153014ce

SHA1
c50df37bdea52c3350f6858d284e122c07294017

SHA256
41a3a1f9405c12305676ee141c268f2f90ed87a5502c9ede686ee4cceed28d70

SHA512
8275017697ae0a06ddb4c4c573e53fc89f42f17a83dc44d686869f21178c9260eda5d7f826fead548e51fdca5f61e84497df0dc2cb50ec63e5a0a284153fa4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
42223361b53bc720e943dcdd81d2c4bc

SHA1
3bd11fc351e1606e8c5a1cbca65ae1ae31df97cc

SHA256
79ce559d27ebf5e8c58d373266d87731ec3c8618e0c5d8365afd839636d79bc8

SHA512
b4fd7ee57d5e56166e54c772ed0bc802562dbd4ddad84e4a21d3ee25c32f0d3340470dc5787ef9d037b98c1a9a6862d00464417765f5141c41cdec52941995e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
f3b5781850709f85acd33857b220245f

SHA1
c6eef274c3333444ca9804c55db69d65ede9f6e0

SHA256
c8b20ba78a2a34c3e4879332cca9be1af590ab17fc870c8b1bc55e27d06d0749

SHA512
af2fcfbf9d38569d4aba772b760ed50a5ba973ac43db23bdc06f3e1022306e1c7c4b9e4885b8488ae09ae6afb7608529a943cd3dc00c5daec1ad3f08f5c38596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
32bd28041f3de40d35aa41895206b5cc

SHA1
5bbaf602f6b55b229a2e99d0658e7c9a0e800010

SHA256
f9f1a8383f2448b787820edbec953e412ac4fc333f3c3518f76559fd5b51c847

SHA512
5034fa5dafdca6278143da874c38692202da19de64acdfba4d9fa1380e15de91ff8cb92150a947f96c23b0818f1ae886d184a2c7f262cfddd2dd822fac97823c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
9feb180d1ea1395e09ad0ffdf0517c90

SHA1
9378763ee95e8d9aa4211dd0bf20d88992aafea5

SHA256
35045fb4c5276627be48f418ea922c486ef84e13e70466f6419c66b672bb034b

SHA512
9fe42a6ccf4dad4961681331a4ad7d8b08cf9ea9393836580ca071150620f3a42e0a1695be1c030e26da8c8e1e589c750acee10ff8fe2793527a1e176ab299cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a4ce9.TMP

Filesize
4KB

MD5
bed47f6bac1a1c4577a57eb215101f5a

SHA1
f7e9c2eb1bbd23c2fbf25e0ba319cde34eced4c2

SHA256
110f8ff925713631768719ec18b4f2d3ceeefb7794e69795aaaa880e167e9514

SHA512
38e7695cbd46788df2b9c564584ffb8561677138c7f4f13f8728b56b00aec57d93a257ab37561eb7d9884308922e3e173112a6254dcf9bf749a7c1acf04481bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
21KB

MD5
58736b70a4cc95bc53191402623e3f86

SHA1
0b3aa52b3b0761e60c2b99ba4c88fc1924341c95

SHA256
af84f580dbbbb203f1b3b4aa7692e3dd7df4e099d833acfb1336b152beea1f56

SHA512
b197fd910a484306e50178a8b6f1f82e909c516ba9d018f037dc61a7d68b65452c16ce2b90c61867f222cad5688ccf0ddfb348136bf8ce5f072348b94460bec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9e085dbe719ca0c1ac2fed672000b80f

SHA1
87e2cf55163344f7b3b8b166aa4a56b9e8a54db7

SHA256
4232a03014ad03b3f6b9b35b7073334183fa7ad7d2102ed421bf28e4edd9b3fd

SHA512
096da58f9439f01910ad661b99cbd8b371bce4eef799a9be4b3ec89d552ac6a4fab6c2cc327740caaf6678f56efdf78af459d3bb852c447423177beeb897f4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8553a8178ccbe98e284d1bcf6ec59dfc

SHA1
3b97b81153ec87fac31b03e38bd7fce6fd8a4673

SHA256
bde2cdc998661bbc384b0cc3416cc159f38d4d5b0003147c101ad95784b62854

SHA512
60647a871691b1a6e891db04a8285011cf92636870c3ad1a3d149598257c124971839893e233001bc08b84d424fbc6a8cacfec3ac08886706ad15e1b076cb93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
99f9c339db6f78fc18d0673ac5b42e12

SHA1
4a656181f6ece6fd8d35a7c8f120f6750831cedb

SHA256
935b29aac29b51634e0bf576f3b212f46e4f12558c8e094316528f9e1c308d91

SHA512
37af7b840cf456f74d5b54dfd0e6f26f9f66c2de29ad9a8320ee579a844ae116e162c61b7732e41b012cc0e9e798605565c92423c192c825c4c9b1ba2d1a197d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
78a83bf03dc0111ba9cb6ee3b14c564d

SHA1
c54d8b019cf54f6325f29ad0272f1d2c0e32e278

SHA256
9d44d6b8ff5cf6c6f5f39d79fdb7a920c53e15c2c7d39743775f37b9d43d7252

SHA512
4bfa03b810a01f3befe8a2c20bf9ebd4e9c91bf23165de1e1b9c2672a024efd8ad3a9a6b7a0ea3f24d0c0c45adf07c3ab3279f8d57d52204e8c2aa13b092287d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
620f3a123cee0dc89df86ea55983ed70

SHA1
b52e3f2687f0d024a797b18abe584abb53cfb3ad

SHA256
b3200e8c8011edf40163656c5d6fed3e40e07c8c205c185a09be50b418de5505

SHA512
7a1f7ce449955f69ffbe2971b6cf5017dbc6c687efd1511537da0baeb0c3a247e5c8c977b99fac4362c8a52f571ecc7ead57dc3326c6a96b013b1e178f0c9d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
94e06453ca6d36c5865766b260b99f85

SHA1
dcaa4e78e3c2f965c55e4f10923b8ae73ec42a66

SHA256
e0bd787c379c77fb0780d3c749e3410520da264bec9e75439678da2b4f0f5d5e

SHA512
a1a6f13764d3d97623dfeeaf589c1a2352ad282d019bb2c97d292991de24094390a6bbc8bb2d1dc09da685390d69ac4d23f69f3f3f681a9263fecfbbb380e3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8a2e2439ffd145895684c5f6ce7b33ca

SHA1
c4fb32182aea9ab4af6b40fa9f3611bddb29264e

SHA256
8729bcb25dd1168be1c4bf1bc282599ae9d07dd7234c5b75cc855e0e8cfc33a1

SHA512
50e6c09b5177bb0ebfae7a53aa95574289e3097ccacc1a114cc17a32ce9d388587eada155e438458acbaf154aea2c24725c99ecfac1796deeae9dbf78405c262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b53953f097d0636d3f52fe22e9c82a4b

SHA1
ecd7b58c7f755111df5386824ca9cda692315d92

SHA256
06f82ef6366fd2b03604e233ab0faf5d246d45b72e110ff1029f2320ca159ad5

SHA512
b31c735be8d3e3de9c325c0518b2b633ff5fed47c974515d46ebd62e132c2df45d85293ffb278cf46696ac55a587c763644072faf992021a24b23b6a5aeb400b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b5c6f961367302f1e6b80dd4c1146a51

SHA1
ab5f90f5eec3222ffd35f13652eaa56422afc6c6

SHA256
d216dd05daf809d16a620fa8e9452331de02692e392f161b1a545d6010fe3bdd

SHA512
b74e99afe77cd93dbd989bda2e3610627b72a0205be6ef9d7160ced825cbdf4d93b9758e61db6bc0a065149ef63104d213839b84197dcf7215f771c7a8c59174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5aa7cfd76d985cdedcf88959b5eb68bc

SHA1
9596268cdf825e57c77902a3d9dce7be49cd8361

SHA256
60431777186cc9cbffc4f42b07ee4f2fe8875c261d3ed1c44b4556a71b323d04

SHA512
ef6ecf75393d63bfbab57ccf99ddbcfcc64633881275401c9007e3d134e4a5896f4f9138f26642e58d92ffab7d2723886550ba7b1dab59b26221698759ae3ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
864e123365eda9da75bd7fae43a17cc0

SHA1
dc0e615d4d15df3e1309a3b02c1c0fe35bdf7f66

SHA256
8342a991bb8c7558ae962eed24f86a3c05acac2b038f5ac0386f2c54aa0b09a2

SHA512
c435909fe328ecc940837a6a593034ed6dc56877add8ce9a23c1de4ac90c51e00362b99c5e177f019c178ee980ec4c8adfea262ad494aa898d72b52cf81f41ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
31ea61f93af35a2986cd2627fbe67229

SHA1
b17e55f77e21b326fc8df5a4d23bccdca1daa422

SHA256
fd1a49f816d245b18437216cfa4d67dfe47b2ec3db4e314dd1bf0c06fde138bd

SHA512
7f8ecdee743202c381d0fffd028420e5681dfc6c29c028a1c777af8ea06615c972a94ccba8784aa4827b60ec6005ec2228d181d039e645e72ec41fe65c3e537f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7cbcbd13afad35ad417fb26363d8cf45

SHA1
4307130d827aa9b0ea1a0ee555fa820adf21130d

SHA256
909a9f7805d273dd943584f11d4cc5a9eab547bc4736b473c0593172f76c5c30

SHA512
bdc34a019beec0f068af010a52f922e2975a6ef6166070bae23d237cc59b5906a603ef33a19ecfbfa53576ea587243c54b5a9c875749c7cf6c4ad28c211cfe89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
53c1dfd21c6ea9bafb7ed0687c038be2

SHA1
3a0483621b36789a9a6a4498c8796a2067c5503f

SHA256
33e7cbbbb3d940e056c10956d17b3474041ed75ebc8d9754693cc9f8c737b1cb

SHA512
bbb81a86910b33abd0ef9018683dbf184c76ac9dbd67d70cb57ca5a14ee7878ae97ab2fd8745edf1ad47890b97aa2625583910d30a13d4412d995ef31e73ccf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
fb9fa53e6e23e58aba4f39b7cb67b2ef

SHA1
1fdf7288edd8a642e8798aa8ee8cfa6cffd2f3b4

SHA256
1f6599382537cc23521c419e097dc34f443bbe26c7f443210d5b4e806ee25828

SHA512
c1a141903197846c9ed14df1aeaa065435f2678dc85b601ce095b2f786a5fd6fd8337792bba03b54754a6a0905719bc77d02afe2b7b1f06b728b633a260acc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
7937f72ae1c9b61cc2d15895fa2da375

SHA1
131c68020a4a5de5d4f8bb178346625a10c2334b

SHA256
1367c20164a6ba1ac72c6311853f926e0079a1b775ec1090c1d38b64ca0b0b63

SHA512
8d31cdc4d4b8d829cd0814e8a45cc9a3e1bdbf2daa3d60748cbb6da74e41ef9d3a2bf12cb937515d664baa69d8e26b635f98a86418794d23d006b4fdbe66985d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
8d7e5a06916653e8f95a141e4ef63a9d

SHA1
69130f73db85332788e06151e2e46e008c1b20fe

SHA256
41d8a1bb4b8fa2ded4742ae9b2efcd3704ae81aa6cdffebb1fd73dc53c8c4824

SHA512
dff51dfdedb79a4c0cdbf1cdc5af6cdfe23778613ce7d6694290c4474cb848758c24e47ba1c8bf6669e53910197ca556cf2bd0d9a54c0a69209230fd794e77c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
6909162160dd91fa2c5b48107cc02cac

SHA1
1702481d6c660622be42f5151841759d5b1cb2f9

SHA256
4a009d485fc4ace60bb1340d69b3a13283a2d8fe9b32e54af19887b956612a50

SHA512
d0f6af0ebc100181fe3612442e9b75251524f501364388081acdeabf96c572200d87380d9c2873d25af53ffcae73b099462f1cd9e48d2fc6cafbd1f165f59bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
7de2c974666d4a10f788ebe36cab6388

SHA1
0bbdebb00b4f126eaff5315b455621172953775c

SHA256
24ee05bdc81e9c5f123561d9549820a39c8907d6d6c1a79a6f459fc77c4f41a1

SHA512
32cc7a8e9dcca5f142e7e4a26c3dcf37612ae13aec19e37b490b0d92d99fc7b0c0a3141a2b0f60bf4f8e5ea966424fc1515cc5e84a750e22776d9ca0980924dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
5f99099c942872a8c2b312309214d6e8

SHA1
689f6512149852e3eb045ef9e76f668bcd1de322

SHA256
717ecc80a420d6985c1c96e32635a323a18785b444fca7ad9d0942df1e214a8c

SHA512
a5544fa43a2d9c3bcd57788037be9d6b609e861349ddf8cb80f95745b2426e5b0415488d78c772deb165b20432e40924b148f546eafa24ec1231665eb27eaa60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
93e9d3707318c84b6544536186fd6d75

SHA1
f37c8cefd12c70afe3919b8fc85aad73a4b8d31e

SHA256
06fc5d48d83faff0ec1d01c40739c9e567acc77d06bda1f44620db1c052a3267

SHA512
5af3dfc2040d481d9bb27171571510a283705324c185b77b185e700c68e623078cfc663f742a2356fb8eecfa4cec7d62d26110698ec23cf3e166e6a9a5d24761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
329c505eef62bca1d681e87011efb54e

SHA1
6d8a36d6f4f7293729f0947792ab29533d903122

SHA256
1412d7987ef9653f36dd559ab2f63a6aa6f6c93fa1f309d1aafd024ff15a398c

SHA512
1ef60c2aff71a3e99d86d792d22c3112d2c0321b65345f9d452c9536fa6687b8663239238daf3df4451102f50d1c8ae7757d390a44bbcae8733237dfe73df698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
bc4f06390e84a48d88953682ddf84d33

SHA1
45442beb816b668f03b67baa0b53ddd93a7c39bb

SHA256
99cdac0c4ec11d8fa29850f200de372e80808980f5ffbe310260939e25f35bb0

SHA512
2713e8640a3d7c107f3a9dd2f641a616e50f33dcdc7b8870e07461e5d3c6219f3db2c1c5d459a0cbf3dbfe4c51c6235329a9149bc706e686cad77c609ba265cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\21cadfbf-a7e3-4662-88e0-29f664fa1dcc\index-dir\the-real-index

Filesize
2KB

MD5
1f53e9f89b87152a5282b297a270fc1c

SHA1
f842f2cb8d7eb12a9c47bea8339661c51d33fb1f

SHA256
fe655c8aae547d393f7fac4241d50685400643d0f1fa393e500f8ee510f2e72e

SHA512
0a85d557ded40a632306b2c015ddeef5ac2bfe06c157cf88399dd757b75f9fdea361e2e055b8efbb074f3f93b859625b0e283b324ca552de2667ee66a9458365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\21cadfbf-a7e3-4662-88e0-29f664fa1dcc\index-dir\the-real-index

Filesize
2KB

MD5
e56452ba33438b0f049ef9b272b98b9e

SHA1
883c97034ef0d0e837f8033b70277d0a6f6f9b73

SHA256
2b23a10933689e684f97766adeb171ae6752652080e0f904ad18285a5c93f6f0

SHA512
794558d85fdf754b344c02733e16729942217b61af60604b4a90f926680803c1f31edc8fdd1943016b3476405142edbe9357a7e118eb575c98eae3b6e0fd0ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\21cadfbf-a7e3-4662-88e0-29f664fa1dcc\index-dir\the-real-index~RFe592f05.TMP

Filesize
2KB

MD5
8d59a695e936c56ba7a840e3a995a4c2

SHA1
e1a7b4643486a61bd7831d25934f071fe0abd876

SHA256
622217211d9f507f37404c71db1d8c6a82dbba71ed3e77afc97feea87ba7a8b0

SHA512
b2a9e3eac122804e942ccc6cb4cd418f78d74fcf3eb1e003f30eca4f14421ac39195b785c02093fe19213eb2e267bcc372ccdc360ad0269c55adcaa61a4e1df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43747db4-ccac-4f0a-8815-c0493704951a\index-dir\the-real-index

Filesize
72B

MD5
7793434a7163d7a72f939dc24d4dd7ea

SHA1
7a5645b9a02d735bc83f0786dbd66104dd23c3da

SHA256
fcefab5231489ea3c840aecf6bade72136dafb085f9f12fdca110a744f768401

SHA512
051280021d43be24d70191f660542df68edd581742bfebbc008106df9769fff17f82e9c30f3d299cf4fc1dd00e00cad1947016eab53f4a2a1f24876b814e78a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43747db4-ccac-4f0a-8815-c0493704951a\index-dir\the-real-index

Filesize
72B

MD5
03bfe8925706bb7b82933b4056822a67

SHA1
27b9084e04ef2e41c93fd473f7fa1442c80a9b4a

SHA256
7617c96f201565e4ab7be1331522e63256124a5d2aeeb765cc5549dcd2782aa3

SHA512
bf750d3f5b09b48dd3a9ad9a77b55d8d52b97e53d7b0ca50d6113a3eef6c83b3f3bc7099e08407d9bc01ecf5abdb287bb18392bc286619be580cf51c9a0faf94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43747db4-ccac-4f0a-8815-c0493704951a\index-dir\the-real-index

Filesize
72B

MD5
41d441eed497a8cf9ba129c78df9ff8d

SHA1
5323ec0e112803420ab4f2a0349171219056f56b

SHA256
42a7f6dbe35aed6caeb5431bd7ceb11c6c0f5cff1d915a8e04fcfd83821a3151

SHA512
744a26b81861ba48bd3a5832cff66a029adb692c8b31dca0365343bf4e53008ee2a93bf27eea68c4f451f129cb60832b71bc48c0e99434c3ab38b37cc2d3b630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43747db4-ccac-4f0a-8815-c0493704951a\index-dir\the-real-index~RFe5d34ed.TMP

Filesize
48B

MD5
c34d48454c362f994d21e248d2547288

SHA1
4ad9fcb2364d7ed6b348aec23a67e9cf909d888e

SHA256
3fbcfec37ea4b45690244ab53b13bc2fb262cf69bebba6a8a436ff175f6e6b9b

SHA512
53af793b7178bff12080881eb2e8c9dfa8caf5511d03d263e1d3d784895d81cea98ddc8fcb0be6eb322b357b6aa50b36bc3828ac0a3981b341d605a20bc70b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43747db4-ccac-4f0a-8815-c0493704951a\index-dir\the-real-index~RFe622006.TMP

Filesize
72B

MD5
419bbf9fe2bec09c4993aa85ece5ae27

SHA1
26eb1d2847ebafe100d767f0f25ebb45c950a75b

SHA256
1f0f2a99044852a1c8f7d3d6d5c88aa92e1d31bde0c8933202764bacf50f6fc5

SHA512
ce2b4f5cd199cae907e37a30365697264092e6deba05e79fc903a5aed2988b624f30e3d2832ada6ab6ad8f56f9a0cbc42616686a933888d36ceb74253c336c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9b40b849-ec21-401e-9046-473f6eb5b4a4\ee91b116cc2005be_0

Filesize
61KB

MD5
3813e8aa4946b3ee9d802d81947b5722

SHA1
a2e59af5305b10ddccccd74e0ffe6258a4b02a84

SHA256
86d7e0278a2ff5be2bc1bb480916e1a61f6936380ca4d0b76e7b34abddf8d016

SHA512
229b690748757804155719fef99533c27de4177da61eae87db7f837aecf6ba9fc88c459cb8e721ba72ffb7d1763968288cc935c52f6e752659f2569988a5c123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9b40b849-ec21-401e-9046-473f6eb5b4a4\index-dir\the-real-index

Filesize
72B

MD5
3bad274f58b15359d9ea003997ffeaeb

SHA1
a839c0e9f98cf1b29552d08cea3f2077f92db40c

SHA256
e6a7ce6705cba1a32cdd1e3c80ab38602dc87a9ccb9f39be82384863caae67e4

SHA512
38aaf7d9e9e1ac0df4eab9415443b79ba354efa4971d3c160efc8051677a790104150cb6605954a2342cc85afdf2475a5cb7ef9ef24609ad371ab36d0e696efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9b40b849-ec21-401e-9046-473f6eb5b4a4\index-dir\the-real-index

Filesize
72B

MD5
abe2973d0c416613e6724d2f23cf1c4d

SHA1
7a0dd0ab7677cf6d17031a6d1e54f9824b74b87e

SHA256
bf4f300e93dabac77d9ca3eca58462b37c48b566931052c5c0bce6ca88fc7a1b

SHA512
0cbf832863ef04074164a226149ac80ad30f1d266eec7e016c40e8b1a7f19c96cd255e94de26d20d6f22557ba13db263a95c37050dd796775276e2bc31b5ee06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9b40b849-ec21-401e-9046-473f6eb5b4a4\index-dir\the-real-index

Filesize
72B

MD5
6adadade1910a914059bfe071a069b8a

SHA1
9e320bb8c264fbf4c72151c4e419e4ca08796d91

SHA256
3e137e87411eca5518a8a3268bffeab06d4aa23127a04a876ce8a5a5b99aa421

SHA512
efcca813d54e87ebac57775afc211d93ed4441a08b4bc46a7f8284be85a3ff105a0bb20c11c953e32cdeb703ecde69ba3f65cf2bc2a49041c7a28d8e409c373d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\9b40b849-ec21-401e-9046-473f6eb5b4a4\index-dir\the-real-index

Filesize
72B

MD5
621b18959ce7e262417bc42e1338ae05

SHA1
bab1eaddfe74f19784435784c1c6f6e5347a978b

SHA256
ff92b78a385ef1aef3451c960f385ee9b681a73c2638b4c2c22536251a5e3272

SHA512
5623cac497b55ee612a1ab59eb460cdb5b72d5dfbefe0aa93f6531c7b1ed09c8d826faf66d9ee6bfde396dd4f3477bbd9a9f0b82667c8a94f3d9214b058c282e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cb769349-99c7-450a-a291-832b2eac5054\index-dir\the-real-index

Filesize
72B

MD5
aa804efd6ecf4265ef84c9af2ee8a731

SHA1
a0f58aa5de582bd7c94a9d8e1d49c99f6df7627f

SHA256
cbaf7b03c1caffe236294f69d83445f33bbe0d89cb19f005f061aa069652e506

SHA512
6726aca85b11c1df3a061c0873eb835ccf2dcd70089f3d36bca3a8e40f009d5f30c8df2364b64b19ecd73b7702bd790b816e437a7d5e65ed6b34c919829a8ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cb769349-99c7-450a-a291-832b2eac5054\index-dir\the-real-index

Filesize
72B

MD5
6b7a1dfe8271bf547b03df53345d240f

SHA1
bd507d9e6730ed7b691fe2e7ae072eb809b45c97

SHA256
1221b7ed377f3fca323bb37e7d4a1a73713706a4081ea8e9a0bc9cae08a12dba

SHA512
5ec57aa68167f8f3ad7d02687d1b3f0ce0589b38d3c5e6cfa7939f9413a75918d6f95726767687339ac65fe725e5f7911084adc1c84f7baf236389edbdac344d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cb769349-99c7-450a-a291-832b2eac5054\index-dir\the-real-index

Filesize
72B

MD5
24c397e77259d116a8677c9c9262655c

SHA1
6b6a5c66f2431fdf9d860ce4a18487129e672984

SHA256
d938dac7eef2d080830c75c061f609390ca585df824393a1db5aa2c9e944c1c8

SHA512
3d7f723f52e2635b1f2ab4609d7a33f2e12b158ebb52841680f509ee2337f21d272dc9e37346c48fc066d619ee49ff3368cf1cb3962a6ca077a20edff262cd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\cb769349-99c7-450a-a291-832b2eac5054\index-dir\the-real-index~RFe621b14.TMP

Filesize
72B

MD5
3f7133f2076098647e6ca99333439219

SHA1
d5ce539b7aceb85cc779f4d606bd7a1f86d19223

SHA256
ca4b48805d345746ef28b53db6a344032b6de539ec780007e739b4ddd90ecc96

SHA512
9a38322fc93d906a4525c9fb57a0bf23dada63dc8894eee7573df22b305734a1fb21e7a76b310d906a7f1bb9c389cd57bd727df1dfef342ba809602a8e80b20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
31a95dfc771ab7a3fce5c57499120a41

SHA1
cd9ecd7f0219b2beee35505a77f011ba24a6dbc4

SHA256
5f24d633e88ce18d2bcb119a5f646efa6beafb193a33b5989624a3fe1a15575f

SHA512
4978d4c33d7e6cccfb95b93f8a59ce6f5504aa50920646eb44ab514fb2f541c4f833589ca3d1143e19672e13ce373c64ec646e2ab40cd0474e13df7712f63553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
9223a646b6b97610b5c1abcc32967acf

SHA1
1175dd2e61cb02d068277f949ecd6a75e0b66cf6

SHA256
3f4896bacb8928d101afce45fe44da5f04922ce502f4b8f61935662fb03508be

SHA512
c61d05c2868f1b39d5a5defa731f741316e9e6f60f050de13ce1a9ebe982f4f7feaba608c1ea6d31117702e5718fa8b0d445307fc7785e9dce87060be0292fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
00d3a1f715bf689206720c579133dc70

SHA1
ce52764c083506d1dcf0c714b1e34f2255e6b911

SHA256
01a2a512c981d1659062d5d8f5cc687bb7637d84c5da445ede9f0f5b3704239f

SHA512
778354a7e910728795fc4a200168cc52d5ac8a9d2374abba1ffb65a8d23cbaa262881f46030227193f823ee362b1ed42f992da44aabf1ae2d8bedb1abcc58c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
9d5cd0d184ed4107ed8d7dc56f0c3b71

SHA1
b8d611c9205b37ba60df40271fef6d223a387955

SHA256
6831b57a6689da36cd3e9886cf4ab2754d34475acb87a749997d6d4e256f5c7f

SHA512
7b519dceee48e1b4cb0cc8c5aa58550d2f58b83dfb4fddd540434eb3a6f22368746fc04fae41d0a9fe69716f25b84df753bf13d81ec597937be0789354f4d25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
8b5f8df81b7b5b2bf6c68841d960de5b

SHA1
edfd7a414f8e3e96e076098fd0cbdd13bf49da69

SHA256
1ab0bacbd6cdd2fed3fd55571f13f98545b9f0cd29db8962d748788281ccb2e3

SHA512
552a4083c442a7039cba7f414cd7a7c5867c8a8564363d257c0432b87af092b1889d3853ebb1574650da71fd33ce6798a416b20aa7cb6fd7082053bb92eb234b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7f2bb3795a7bbc7735977c181760f682

SHA1
edc71b49787130af31d679a48c4a436538c6708a

SHA256
5170e2468226ffe1b2588e96a3ce2c64a17c28c30c2e2e8073ccdf0921fd31d7

SHA512
d6c6dd94c4cc51f0850162734e845e1fc46a7356385c2f9ba499aa5e76780f9a9dc542a9fa7af73400b9ce05ebe4a9794952d093709f1730fa1f2e5049bda4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59838e.TMP

Filesize
48B

MD5
4c9705dba07c2389e24c4f812e845042

SHA1
a9c46a44e50d8b0877b9b6dd22d7f312251a3e89

SHA256
a4f96b9445dfdd00718b9b173a82c96c49ba101c7ff040246ede9835817618d4

SHA512
fbaf14887bab4d2cab2ea12422e3c3c6af67f4178d4c57a5c5aed70ef8b0caca8bc47bdaf129198d63c9db20320bb10f73cc07c767007dfd1044bc72bb7afae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
45742e13142308845fade60918d3c7ac

SHA1
6e517a20f87906d32bb4d840430df35d78505ba7

SHA256
156ce9f97e412c42af2c9435453ac1367f7fbff19ec626d81b40a695045b8827

SHA512
8adc309036d43125af8d9c11a614d50a55e526cc8f01ef2098a484fc06cb0dbf736be700231f51d30d09ed6abbcf04106ff2171192700aa02df1588fbd33bcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
13KB

MD5
cf9a0cd1d5f9c8cdeb87ef3f7d30d15c

SHA1
c543e62aab24c205db6014414161c13375e9a71c

SHA256
b24f36278e4c85a8fcd66021d48c69d6b07be605673e02f0fe185bf3319f47f4

SHA512
39ad5c5753e5398906b94ab039d2eae7fe420fe35a53f190bda84d4f9262f3b14841cdf4ec76cdbff6a4578a26ab1e6c4b11ba326ec8cc38a2e2904a6f2c0d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
f9fc92d7565a78e2f65718aa1966e3f5

SHA1
4d2e1105d6c5ec895935ebcfeb5b9304379a3260

SHA256
5516bd621381ef827ab310de39d79e7842063433d717ad1d512b5a2f91ad6bb5

SHA512
e15d1d6adff07831b5eef903493d3ab5b4a57d592e6582d48df51d1ce3f78eb4301444a739f1b827a9eb008f919f18e909d00e27f80a4f33cc50f4217e43abed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
602912556e79d36cc6d8959fb7eec490

SHA1
7e2d881a6008c30f0a0eb53b6ca23e011025db20

SHA256
f27133542006df2771a2b614b7ea73757cb5480de20567f74e5015d62ad80d41

SHA512
f91db04f6d0bbcbecddb2d8f0f584358aff08b6b5f586ed25372c4cf12e612f369c1b6981d502a6505f06a37f8c50eb9f2656c47aecc72214d26b5c3e2d8dc4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
5867b0ce68313fbbb9597bf3992cafe0

SHA1
8b3f387081095cb4ad3e4a631a72860a4c93c44f

SHA256
8e4db145b06a736f80a21cdddb3f7884f1e9612be1d6a0f5ca105d94553853c8

SHA512
76ff3b71d8b9de03ae56be351b0a26bb184d94f7bf3b2f713e5d3f7380b2c20cdcec6d2c84061a710d2ca1ae03e0f06b64b76209e912c897df249ff83f7a38bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
80a541fffdf15e85a44c057fee1d0ad9

SHA1
dd85c11a5be56926cc113dd7c954eb9b0f686ae3

SHA256
18f1b6c15d91bf9a403534575a43c91b263400af6427b064d9a507ebcbb4f20d

SHA512
158d19694b4417f120c8b50fa5402d62acaf4f8af9714feae4bb019ef2a4b61f0b967021dca857128ba1c11b01285b9b99626a29b8dcba47c64f6e820f10401d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
5fce29a1246e63a9bef790895c990463

SHA1
5ce23034d18563d775faab6c2a87cb5fe83bf59b

SHA256
f5aa4991f674d8d20d21f65c2e3c30b4e6668c7d5ea26d57a8af83f9ca83c988

SHA512
429295df034afcf2bd5948731a9584c306b0cd5bbc838600c56834dd7f5bc6f146ca037810665463f2a0a8845b7ff50849220602997c4e7ad65e169d31656741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.38.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
7e5fa4ed6aa17f661f32f60b1528b8cb

SHA1
fb8fde8a15183eabc587e9e141499564c36e73bc

SHA256
5699c475bac8a24c856db71228628d0cfe1a6ba6b1c6be6a14e73d6aa835cd28

SHA512
18968db3a1cd8704ec7e9e619dd025c457085e81c27ffd3ab4af707a2daf8e870790175d93a0e6992181187a62bfa19b818c262bb0a1514ac15b3598a7e91551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-stable.json

Filesize
81KB

MD5
05f65948a88bd669597fc3b4e225ecae

SHA1
5397b14065e49ff908c66c51fc09f53fff7caed7

SHA256
0e329e63d8457bef61d0986a521f81d747a09dadf3b1136f2011942ba14d9fc0

SHA512
ed7b767a741d18c0dd35e0311db752120e0f090d39ef976d541cbc5ae78fa32655cb3f9c27cddef6ca8091ca8bf31513254a748bc8b95353897f6198a667cf58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18347.18346.65\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
ebfc16d52469e09c1907248719ef68fe

SHA1
880da3df52e2d129d1931fd0cb39d0123ff7f184

SHA256
72d8a45190b036eca35a51b7a6829103c272a00fcaa1aa013355ff2aaec7094a

SHA512
1abe28110b57d42a338d6969e8d2b0315f62edff19187e54ec9e27b3f7f247af11f7e605f339216f3af387a5ec5a878272c3818fd6a614c99f57cce43e117e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f3032cdb32c86e833d8ba3111a64fa50

SHA1
9ebb8c14c40dcb75cfd34dfb4f7a8bb31f5129dc

SHA256
a34ec9c91cd85b2787f4f3ae7472b9fef2b1f5eddcd2febe653bc99ee983e654

SHA512
13b53fb00253a7ee93fab822dda44edd5afdc8ad9e6ffb672723ff28592a415fb07047fe87f0f1682be591f4f64a562a8da731fa7447ae5dd30ca8ff981ccd27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
61KB

MD5
d08b21d0fc945f0a8f4f13f29614fd12

SHA1
2aee42dbfe0c219da811ade9f85001c6b749053d

SHA256
4e32dee52ee2ed348032159b9b904a03afdb21524f8683efe51046d239e4a164

SHA512
522229ad26229c03a179742fadb97b47ce361905a9eaf7dbda777844598540b0f0a4b58234f351817c405bf62b641007e20f97c5a48eacdf84613f3c95df12d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
d127184630bf309e3ccbbe3f42c88912

SHA1
ed2b0f489f2d608d4f29de17a5cbeb1a3183164b

SHA256
79d7ba5098c0d17622392176a9cb63a0710ee33355162708f61a55d40400e999

SHA512
0bf23b75f7a56c0b49d9aaa33c93ef57a28c5eaa25cf0de735a2bb9246158834c39d7795a5d0760fb4bf3a92fb4a036bb0de074be2cc522f74e4b43b6f416bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
ef16b1b61fb461bb93750c5f52f1b9e4

SHA1
e4731df85b20ea3d1b3f7be8ec70c660c46bc4ad

SHA256
5288f164822db886fbec4f1c6a7ba61e68f852c03e7b071a8d41f3ede084c79b

SHA512
27856a9b718d0e219dd9b3b863599bf8978039cc8ccc5018ea4578ce70b8207b5d241f043a92eb8842d7ae219459ab76956b8f5589a997f07c7c84f697d9595f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
25a462ec5a111d63cc69e24054f5040c

SHA1
cdc402884c31bf0a87ed82d12538809fa55a50eb

SHA256
810913893da20b7e6411c329f35be37d6bab9b76009cc2d461cd27665cd8a6f2

SHA512
0879439893e03252e502f4a28a3ae8182e2369d2cdc29bedb97fee936ee6b595ee29a8e88ec2daeedcd6f920e56a5dfad3475072ba41a5b611498eeda143e5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
81a80773eef3c1fc5eaa67f5dc9623a5

SHA1
04a9e089734a8142769fa82b8721d374be2300c2

SHA256
c5ee75c8ca0a44ffda0e26cddc6764b3ca29444e593950b72088013b5ac231e7

SHA512
453a76c2cc3f3bd45277c4121fe1f096828826073378afee141b2f8b4c52367608e5d38f904c905c96e54ba342a12cb232744d847d9851c3479297171cdd7d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
1b5577d64875577fab47021ebfd09409

SHA1
2c7843bb4ec553cbd117707995b5f6ea5391d1c5

SHA256
96dfa99af33017bba0ca20cb9e585c5c3dfaa60000a37d59c94da05251b8b8ff

SHA512
66adbdb509acd03c0903a1ad4bdb70edee09d1b2a1be6bbb2c7aa4e36d8010ea7b1d405f97daaf54a42cbb95e015b36f6e75effd86cc83115721a225ffb45fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
0e5688762260ad8b4f7b9823499bec05

SHA1
79455874742019a7f7cbd5bb16c05a2ac5b2bd71

SHA256
fc33008846fac4db05c6b0060fa8adfd607a85374e9dab8641311a51111b8ca5

SHA512
cd7a31cfdbca496603ce99db50737698ca7210e3a138b0b193f1ba65b2673cb6b2ea0a06fd22f1a5367b05fcf1038764bd08aabc42821233614057e697d995b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
f2de049f82bdaae8af40ee8eb5fa085c

SHA1
6ebb3fdf7f600eb3f3c5202392d2333c8c054c3f

SHA256
6619ae88120c2a2f8a56268934e8beed3944bf380933fe7baea3c643fb65cfc2

SHA512
c902313b13e1f649c312555863b0be29ac210fc5e12c1c9f46711c13e76963a51d3db9b937be2c0da392c9dcb562c180c718440f91870b76263ee6df3939892f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
29726b8cd900fb70943e0508bf2235e3

SHA1
5bf03f5aa93a835cf7c0a2b223256f4802f2b23c

SHA256
396e9daecf56c8343659790e3b374668d3c84cd91ef16015332e968a1bc112c9

SHA512
58fe52e768504fd6cc5929a40d9e16e90733fcad369d50a425bc16c34ed72dfa3a0718aa6a55c43d3830997bcf0b82647f7977408f666e965b45fdc309f6aa42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
f1e885f86fec4f2f5853f42e04ac5932

SHA1
53411f64653991da1b4777456cee1907aefbad11

SHA256
25b319ee11de566121b6dacf36d46ce9af7e6b8559bcc041412e5d11699f4545

SHA512
2cebfe195c8c336a498e45112fd6156137e6354e7838a5c698601f900beca2f36e5bea9a75f83f9af41b086d069a437f7caab159c5b8b228704ef7611714567d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
63de0523132fa9ab261b79d3b78e17f9

SHA1
bd2d8431ad1b28f972a36d58edf1d0d46aabae65

SHA256
388b824f1198da4311e96ba682b341125abf02445eb44584e1b7b2e100e7730f

SHA512
06bb0192c15ed9a9a1119d8e3c1deb6eb0a4a3a15e49f3d9b45fd864c2a936d36fc086da36f4ac98b55d11aa52e40b9fd3c492facf4c5b3dc786936913e36aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
61981e3052828773c43f4704a4f5fd34

SHA1
057f65a7ffaf28242c133294bda8b547c3d1d9c1

SHA256
ecc2d0ef728d22bb494ab80298772c3ab66f5ed1d3777311404584ca64e97665

SHA512
f73b679d4f071b0c8f5594efa4d8bb33dd7c8e4d91cb9f14d8cffe3b09972739d93c9d87035abec8ca7fb985d08c7fd41186c417c56804b1c8ae12a6bc8ceccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
63KB

MD5
ff4b54ed29c6a623c576de660ce50eba

SHA1
8f3d03f0364c4fa42a05cacfb67f31f29a570f77

SHA256
e74c54d0431e569c8e7e194d3459543d2ae14322deeb05f0fc8e451700fe748f

SHA512
82f43913b4d9a6bdcca2b5258f2d2dc8e477e675e4c44cc0e287a8787fb3eb7c774991a53b5f0b290c3ba32cde5c7b6181e0a2957b8b675222bdc4b073247aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
f17d29da934303badff0b6af62d687e9

SHA1
4ad2134fc9a524fe3ecc6dafa64d71be7fbf61bf

SHA256
1179a5c16a242bc7e4971f5a2cda7d1148ff768f37d4b438d921113ed5b865d1

SHA512
b0ceb25cbbcd778d5a58955b044e42b003e2d53091b23fe9eeb7ac75d6fd913739134c985b1e2f9918f4f7182f0eb0bfa9de62c67099085c2d6aca94b7fb55bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
fde319b725e6ededbf72bca1203a3114

SHA1
4b002794a48f501b4f6be70c1adf426c79190a96

SHA256
f9756c1cc88453fb1e9018e731850ec659de873671ba529464b077dd27bb1d33

SHA512
41c54a64651297aaa41645aa3c1c753ed4ca52310d51183d47f985674b64e2fd803c3b32e9e93930845ea3c9b3f21f258a9ae8e9016503bd695c74fc7619a419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
61KB

MD5
f1461d38c1179a83354a2cc40c0c08ba

SHA1
a4d5878c9de9166c097b08243002a0fd20462df9

SHA256
df7bedc5c69c8d49109946e98324b170cfe01f733275d79150388632e12f4dea

SHA512
50223f7a2088c4998fc9138b0d083ab14fe346be95e786a720ffedb81a2eb206a8d58b5cad716c679c3df053f03340d67ffacebde01f5024645e7b4d3721a191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
c0047d18b3770a5920930607e05634ca

SHA1
53b4dec2b4ec85581d41872b1b0b4cf1992c9240

SHA256
f686be84efd9afac9e2524e72460ed68c132ea30e98355db4714959fb1cde87f

SHA512
b9036358b28233262a9df09e2151f28ecc5105748654a72537922123cea51d3f380c9df54c2d6f1301564073288a644acc1555a89f05d451bde7b9bc88c293a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
0be5140ecaa94481f6d887f5a14031df

SHA1
41c126d812de036d50fc3b57418e94f82b09b77f

SHA256
54479fa09b6a4c6cf7cb6b10c7fd597b8ec5722d5f4b5621a876a208cdf6388b

SHA512
f8a66bcbd569b966941ea285b6d341f3bcb4575734d3c741b6ebbe1f1d89893637c7fe848e1ebbdaf5735d4054da7fce6403d937daa2dde208bdf0e8875b6fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
53d35363f91e11d3ebb786b353f2454c

SHA1
bb24a92df93c70425c23c201d6c1097dfc4b367b

SHA256
9e28ff4a19a3bfa53009af66a710ff04dee58bfb25b880f2d883e40f680e808b

SHA512
e835742d35ab63c1e97ec7a018f42aafb270fc1d1426d65fabd481ca13c9089842998bdfde8534f4a10fc0cbe5da77acfd6261da0f84bc38e98a1d7d3eae6679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
ea9b6e80cacbfec49ea71a985aa200e1

SHA1
03a65a30edf06b349a9a3ddaf4383f44553a11e0

SHA256
a94056d735f9ef33d8fb0e60d2e7b9e8e0f1b9b6371552b6521d7f14e72b3409

SHA512
674eb75d898da6adfc7a35702e38c266777bee4205f35847c1dbc2b903f85e0261222908be5cf0c4471305002770c398cf8dad883835a7103d79faf56d9c758d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
a540c511e04f146415907f58da12c982

SHA1
55f28457a513ec90361521c9b6dd2b7f1a94e2fa

SHA256
0d30d8c82def7ccaaaed5e1aa29322629e3d5132015275b76867c676fde985bd

SHA512
4005288eeee1270dfd417ed7347e033427d2d098d8a06f711b5069b110a2205ea4187c228a1b7d4dbeb5e759a6bc5c62fe66c9d17e1d7e6fc4810eaef9d7f2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
84d570d0905b003ac9b20259a843d544

SHA1
42a9f7481624250046bc2c346c2e8cb87e0e4769

SHA256
566e5ea9182e540e4bbf348a74b1935ee876754b5081d1904418387b11308395

SHA512
7da0752604e3a84dcb18db064e0df1ce8343ecd52ce8915593c65df4ff394de02461fb5c13bb6dee001bc1982be86fe8be8a6843829e8de318ec72879a2204ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
dab00cd9fae1ff158c36ea4cb92da739

SHA1
82de33b6af5a8d68b97f737b5bf236a515b992bf

SHA256
cb5b6c0251eee6e877bb8dbcabe0326d293808b15f9727b5a232381385933137

SHA512
07653490dfef34f9a813437e814cdc67c658d1a0ccd05b8722551e7ef312b441bed98c746167f3aca1434960b4e1db5897cce7b862188cc5c71e7b15c5883123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
8f36654b8722594877355e238b196f22

SHA1
ad43851c726c97cd5de348fd13ce63237e221dcc

SHA256
3ca604a182792794c75ddcc9fccf1ee904b5ebaeeeb5349e5d24cedd1dd85d74

SHA512
400fef8f5cda05d2f53ecff176d497aedeeef8f839868e1215b4787a10a524212c2c774be46a575863ee79c3a3caa3772f1132ef99f0f594ec1d19c832849912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
5da5da89ecf2c8d82150b44cb6cb6892

SHA1
6df31103179ae64ff369ba43a322ee19704288ef

SHA256
1a51174123b38ad24f1fa0d3133c37ba16271000db352df8af43914f8c98684e

SHA512
de67814cb8bc789fc8dfe4f07b5fcb1ea96aebe09dec5e38fcd504d4f20da10a2b136d38194b7e927ce59203b8903b78da3facce74a8c2d03f321ed4e76669d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
9b78c252927e88bae63704dcd84a0afa

SHA1
4bf731b03378f97190b6d453fe650501d3a12b3b

SHA256
58ce2bf00b747fb3249629a645215eb4ab9d0aa88236fd331a9a28340b650411

SHA512
64927da6b524575714e347e60953a1d57d0f822f492950b36405faa4d22d5e2f8990d957ad584fecd90d7a57c428ad1f081de3c656cb7a3c3fee09368b75b9b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
2538712762c6f4f7a7d7f87ba91b8820

SHA1
61742e5b2e1ec41147c52d7b0d431c77f7e3b31f

SHA256
8db55c54d940dfcc6fae3e6fdc25effbf5d5d22a9bf8c2fb5c07cc3d51454a73

SHA512
05600fffb0088aea1a8e15eb949b1aa8fd9cbff59b7da8fd701859696bfc90710b47d7864f6e424687a98e52eafbaa59f4e2a8e6dabbe93b14356eedc5e083e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
0073c976283ae7f3476b7170516a9478

SHA1
d6ff914c17c3b108f035d8b3501f1f26bf578fd7

SHA256
57bde95d75b162419aa15bb44adb8ff86aecfc2948b14e12e67b1000ab2caf48

SHA512
eb1d78d9c3a605d9428ba9827ff01d95a919645855d8611213e6a3415ce70df4146293eb6cdbac87225dab0c43a52fa2935bc4e8f9a5926d6ea82e73405fccdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
4afc0cdcf01d0d5e3bc6335de3f6a849

SHA1
6547fec44b5690e629cb743e399ccd8bfc5fa7e0

SHA256
a649c68180f2f8741d3dfb48264b122b8e225d28a42f4915e8eb3f66013f50ec

SHA512
f8e1a6a197cb33310657d9da54dbac4b2e38b01ade19bf76b4abb9f05ab1b5586985078b1167b94f8e36caf3f1c4171b1e13b2189d9199b6071858c53a5aa9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
37537a163acd3738dc7c003fadc4e45b

SHA1
9409b055a384702074c4e5adf3eebe45b06b47ac

SHA256
659acfcd25a948594392a7eb20039449ea0edd030201592eeef6c46887c04cc9

SHA512
a799b01edcede6d596c737c0330924adc55660300a49b7a480bce3916f33b6b714e0749a5b3644283f3bcd32ab18023c95c6e2d5d79536cd99ca5ff19149a6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
b1fce8e13d8766f4fdfd733df94653de

SHA1
09f21e680e92f0d1005d9949ded1a6e5a0987fb2

SHA256
35d0d85109d147f22d8f3f2318527dac7c4e1543bf51c4905703b2f882349f42

SHA512
d318d4cf712311c0d8d2d353bfed0c03b2449a689e65ffd9330ac15ef16243a8bb8782e4dc7782c60d964ac7e7f26afcb4a158003518f443378d114b37339c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
1e0f8f3cec74fcefaa6e8fff383c3f6a

SHA1
f488bc5a633dc5ba92375776823a62def8933890

SHA256
5cda7b238eba60049325077add4266241b6e691db8af5520c352de5deea53ec2

SHA512
ed51a44b54e575ab706715eb2224b217050ff425b90f03e0e18f5c0e308ceed9fc1071749c32b63cfdd4bd705bbb25e0a6c9474b89e0a97546dda50d20f194bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
76f13ace5a1b59ff1c82ba577d7fcb77

SHA1
c0638054f1d1375d1fa226dbc6abb56e02481485

SHA256
98494a55520c825b7c8970c45827da6c87fc812b461868913c8a95c6ee9f4ba1

SHA512
0a0f55a8cf2a9ed8f0500fb0b988c6b4f7672c71e7ed4a0f28b9aa634e79d19a9ab3df9f8ad933d958fc2cfc7dbc83db768a229347e9abe472b011c537249de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
585c09e3088230531647b6db37406f4f

SHA1
ec9b46dedd5fdb50cc767b31ad825f954e3b3777

SHA256
0404859ac79313c4261e3f333c04d2dce5337ad4b31d153878f5d7778749eec3

SHA512
eb6636c2b102a5e3c7af2fa57c95528b76ea9c559b50fdd51ae0483941bf68608f47c5438e757ce19dd868b17f392966e63667b4abb11b2ad34c2f3aeb269354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8101e45f55d248efd5777d6af8cf56cb

SHA1
ce163f1f0127c483f449cc21ce8728b9972a5bd6

SHA256
54fd92b39a432dc562d6f5c8c5fb46e6984d9743a917eaccdaa5e35026a0b38a

SHA512
e8d39c5a24476082e6794a7a8d89bfad97b0461bc55734f3fb68cb8ed0aa2398a650f7549e0ea60c175c3fc524764ccff24e47177e2cbbf4bae4d568092de76e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a98551f41809facaba58cd47f56b60c0

SHA1
a2b6fc4e65d6b8fe5b1317d6a5866a4a9d8e2ccc

SHA256
5a67f62ebd084a027f2fd4c10d6f6069b1bfd5bace295d81d344f771228d9f87

SHA512
422ccf72d1744aa062f74b03603220e2b0f5bc126f44a3e3698e7843c4e6f87528cf8d246422767aa93b0797a45943de0235e59bdd587249b23678c070108b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ee54941842a6ba8c6171372f12776b1c

SHA1
6cddc0bacb17c885fcd599afbd0c5ecd7f487379

SHA256
4ba9a7c27b43bbda2defe59d5372faec131e947ab4923aeb6e09af043191ce6c

SHA512
9fbd083841d488c4b389b1f8721c5adf013820a6fe01d33cf5739a746f0c3916aedb70fa71c23f40cfefa953b524809f3170bc807d830be374155d81238a16bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0fb9b8c5c6aa32976540ed9289d58a63

SHA1
e2297b3ba20551aca235dec08c4efe7e7972f2de

SHA256
8aba46ede912ab2bbb39c6cdeeaaa50e355981c24d90aa1600ff056decb0bd26

SHA512
c39606f19aed47dd9ea14f22f7dba21164e1fc03265de81ba68e6572870f3bc701e4bb6f9352c3f5d9eb1ad54082986bd9d00cbf32f519ab0be595b761acb1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
42dd61e58defef79fe16b3f89dd7f438

SHA1
95b4c19346c4115578438e7351a0c1378d70ebd3

SHA256
4276de9125518a5331f4d8c15debdf2219a77b91a3362f8d6ab76d4147d3a185

SHA512
56a41885709095e7448b8e7de2b73067e575184075d733dad8b74700c6134bc51e4e5e41e092049f457905dbdf47e784034209462fcda56b298387db713f9e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
5c3770c93ebc16134fb86a7e45b3bac1

SHA1
a3c5c403dd9b4de6d4732493ad5f6557db0c27d7

SHA256
7f63a2989c57c6f48e50b26e59c3be9f2002c51fa96cbfeda797ef281824c955

SHA512
d04702639d65f915bcc6681df2b3e52e687909597e31950f633ea93edac8478f94b04d9b020b069f523721f2ca313949065e8ff9bcfb46cdc87a765126de551b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e40dfb07663856cba67f17280f229a2f

SHA1
9a731534fbbabd014e6eea8999223685bb4683a6

SHA256
be7e44324be773ad10603d2bd6c06b80596863c2ce8bc7d09f4a8e2f051293b7

SHA512
4dc813c597d9ad3bafe91ca77dfc23ec1acf8c0185808ca3e9f3bdb941b7a99ccddc6ac92d4086f3dee4bc8bf9872317a16e4d16dcb5761686ed829f30e57104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a7d1456c446b3202e6623d317adcfc27

SHA1
3fcf2a7b700cf03141284c2a4c8777a3a6570c52

SHA256
7c762cd19d4981c97f9015344b403f66d16aab8c6ead11aa4d6bc116bc1fcc6b

SHA512
57809745426976d6315b3286f3179f84ef99b29c989d334a371f3ff98663786d4e3e981cebb23d55f7ccf38fa4232e0f51481c79e97c4428bd8906c22d57c3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2e9b1223747030b6eb3fabf8633632cd

SHA1
ca8c498af3d4f6d5d9c71e83c3c6bd72f49bc0a6

SHA256
6449d065ed1c2e1c63e949d8198fb1dc01cfe10b03c349fe425bb67fb9d2cb07

SHA512
99de945d1c129be5d2cd1b8ee473274217a31af7905c348068654e94c0a7309424a1055c713e6181dca7b26907a8561844408bde76aebeed9d8f2c8cf89b570d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
252742d75f1258316d6dbe228fa7426b

SHA1
97f8006fa940d165990cd70a5bd0e0399ff18fe9

SHA256
440e5445f9e44146edb1c7a9e0de9c70d4de2258c79edad530cb11e05a058de8

SHA512
7af11bbe726ed11f3b44713cbf2e63e2740283b5e27f989bf336746f4f513ddff12367f3ed3e80c68d3cef25d2f6fb26cc282d41fdf31363e02d08ecb61d3e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2ea185914c5bf3a60bbd12934c56d7dc

SHA1
f781f8e2555ca6ed83166c5d4508b3c337101a43

SHA256
99a249e04ca0486624209914a8e251c0cab331ff371493f9953569fd7491d0ef

SHA512
70e272be0860d4625781e634c9f903dc2e5354b3c7b56614d4f5a853d96388ccd2a9e436beb8af346ab70f7e75c1d281d735279933330f088de7e733450973a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2ff1b7d80c1d206c6ca9cd4a2305800a

SHA1
0b74d46da9da004492dc915b1b6fd797fecbb0cf

SHA256
89505b03cf7a624c9288c82230ed8b4778166343b069103e7050ab137033b29a

SHA512
ac782f82dd71b266c57b4d56626b6cbcbde4d93265dbce03a3dbc0cd2d61e578475e6e3f1b5e9696d327505b9803d8b63e91d5c8633f857f5d688787fb5b24e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
fe5072ccc4a2b6de96e78a91b4bc8d6b

SHA1
f6561f8f5f72d950c77400819925896faf622de0

SHA256
b600a0a6159f0602dbec9de949d1626aaf68fbab7019589ab7939da7e51d8412

SHA512
6d79e1417c29335e5d412fdb562db9d16fd9b138b780d49123f9a5baa4f9588c6f35d1a90be8581b736ad94c9194b463c7e61e43790ff94cf08d0def4a1fb595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
afe9119cdaefe865df28b309a11c3752

SHA1
eafe899c9864e0a1358dee701a22ee131e435e6f

SHA256
053dd78e6f1a97a48e3a06cc9d644dcab60a91dbe3e2dd12eff03689da2e6215

SHA512
9a3a769a19ccec0a4822c60423f393cd321fa6e3f0c5c3e47dcb3439dfdb90e052a58e2f8c11ac0430056adbb0b37184bf431c0e8d1ed1a0aa3be002fcd228a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d57f28b749dc9f94be7f46d33e4d465b

SHA1
39982de5b19df889d27ac4483fe371fb1df8bebe

SHA256
5d196b917f21d469490af9bd2c11744f77080086b21894e386401dc4da52ed7d

SHA512
ac5ed31fb315f5547a8d134569e74d556c6ee1f37f12874ea4b0cbbbc40f9d37701ffa529719aabc25894ecff8448743d2cd20e152b3bab4d0d759659b4968cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
793457cfc34f56f4f868a9fc8ba2869d

SHA1
99c105fdd8c2c4ac6131b8deceddc159a51280c0

SHA256
2704d9ec3de0a2a3966e061810099bb1870e6bcc586a83991599ab095315ff43

SHA512
71e8d17c04623735a00bc02ee52d7eafb477ad6ee6ea4b424b464303a43454e494a458434f68bb42e342912202c76b7c16ac889e03251e8d681176fd0cd0ef6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f30986c0b76b46283503f0063eeff02e

SHA1
b156a08084852e7a7d915b53c0b45ba3d955165b

SHA256
f2717c74c3fcad090d07a482dc98acfba2f4554f4609f6d8cf2ede653968c327

SHA512
a1d1ba30daffb378def7f599f0a5f9b63a7042d7f4a7e4c6783de54629c70bb40d774b8d05286800e489ad87e60a8010af3110c05df45ccd4c257d538204fa80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f6b7839329913800a64fbe8c72c61175

SHA1
84244478059e98cdce82f2610fe425242b42dcbd

SHA256
11edcbcdaec857650d7fa155053a47b288e9da5871b2c05589e7bdbe5bd0b243

SHA512
f135b0a6507108703bcdda19d05e43b0504544978763a1df2413ad68d859bf5e58a1ad430e8a0203933287da70901ed95365647c745b2292b498d5be2f9bdd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
defc0411a040e215a1e4eb347c2a197b

SHA1
e2fa641456618d73f7a0c83acbfd76df27ba0e62

SHA256
520713c979f8707fabe2b0b274e7490eb23270cca683823def8244ae27debeef

SHA512
ebf18550739bb40759b68a6ed4b9fd0da27855934b402b75ec162ad0009982863991cc3ef3d15028424164ddc84ca2e4b3933df8ffa7fbbef5ef495cb3882022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
9ffc4851db91f079370f59c99aa2764e

SHA1
9688c9c6ad037f0514d10b133f9a287b21e0cf3f

SHA256
bca8a7c0bd623762185f387382d0bb1df77f1e8c06f85fe7ed8f58fdf7fba97f

SHA512
d538ae8dc824751870a92d18807dd7ee5dc5187a344a9e5353bbe159e5ae7876365c35ad26973bc6dae7f6f8347b46ea615ddc8c9b46f9ad6e00e427920dc415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
6791fccf5d32dc31b9c7ca0e8851b091

SHA1
8a1694aaa87c98abc8ae44ac62347bea2a976411

SHA256
5732626473d24ec35cc9c488df9acc75284f2e265f9c3ee836b7008085c33cd6

SHA512
dec6d6b429f1091a2325da244eb8bbd08462aaa0e921dcad7cc2343a138f9d4de87feb852d6cf9a0322f511eaedf970679f19ac117b901e1b4c6c63810363828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f9b65ed3ebc96eb037080daf39ae18ed

SHA1
7e883680bc55c288361e987bd12131d97105ce20

SHA256
46b6d60d87ed248572883139b940a85e6adaa954154a7f0787e7e4b95f2c1e60

SHA512
e5436768b18157f1791002ee2b3e499176de90ed5653917704e67bbe34ff3740530366d14c1b497a2127c22fb5455bc949c6aff48df63ca17520422146c9bac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
fd94e9a7c37e259ac032d57e77374239

SHA1
7abdab83067fb9c2a163bc6a6d198d341efe8ff1

SHA256
65abe6796554011352bfda498ca6302ae720a6d4479777e8c667dd8716fa0397

SHA512
8c883a5b0c15308bdf255faa8b37a74c231e5ad4c0564172daf1e390af77b6b2810818b676179a0b448c4ea6b67dd7d2aac28cdc4655c2d5fc9de975abf3f78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
b51882c18a8b3c2ff4b84e726f527a6c

SHA1
16c27023676b8cb0349c73a0d3d2d522e6cd3928

SHA256
5be175743834e0f2f92ce09689f09188f5ce4f695aecac6ff74ab36c18a04787

SHA512
4cf2ca31902357a0771b0c79af12b1eb3c136d1308573ca1f0fbf8d5599139935b7f294d10f1fc65959cda591e3ffdd37248254ea54814c671f3811e7032a6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
9191ffbd98ffc9ed935f480ac9d9b54d

SHA1
106b38f4032cfec7a97e966d659bce0a61dccb85

SHA256
769e5b948b35b29adabedcc3be8d44765ca58587f33803eb10f1010108f1a070

SHA512
da0d04e6bfa5a0e992c18988b099b78c0c91aff1b72be1d47486bef5952c1d6164938e1f3d2d9fcd39c89c95a8e05e74a30649382bb77a962e2b189f7302a26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f484d8fc8d52b6df4c560e79f501030a

SHA1
83bf52a6feda3c1a284c9b0fed183832fa69f426

SHA256
bcceb8f09931ab1f1c90469f770f403b016373604d875acbdd20a49f0574d257

SHA512
8a80225a403486672ba0354f9113a9d972aabb1d009745186cc1fb1a93535bc673c686b45e80fe142bc63866d86fa583ee9c706571bbd0ec0ba0e0d514328ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f8a4927e2b520b5a4f5844e676da273f

SHA1
59f601d50fad607b518e41bb819d404c02c27ad4

SHA256
8d809e210bd4d85835502f300d158960ff2c8087e35a7d667ed7ee380d95002a

SHA512
abf9cef8600ad04265dab3d058e886eee37a7876d2b44e0ccfc45dc60594a77c5771553695ac9ace7008cec8e1cab1e90e9aa00b821aab68e4cea709eadb91a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c9742b91b474626baa2044d3b0057c18

SHA1
0672aab091f5084b7f63da757cc7221fffd1b68d

SHA256
a03e14405cb757be48df58edf39d972c9a33bcf3144b80fd373c35978a2fcdc2

SHA512
62a730fa7731d19336442f19d59e9da887b3e3b064a553d185b268d259f1e5f9b0be7c85b6ccf339d0b620e359c976449a18f1bcbb55fb58787d6f319a04a26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
fc82ffaa7351c45d5dc6e5802ce13f9e

SHA1
a39d9bedb314847c00f7a96ce0bf68e3c0d9c9f7

SHA256
3d53bceac85e362204dbb85ce33b5b234277328a2bc9f5052a2ef607a6767b44

SHA512
e3de546238af7edd459c48f73a43aba50fd100f393292820af946fa75cbfe81552b3ff2154018a033da39d7b595958fac0e5491b4a386b55bacf943d673f3d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
37c176966aa1faa391fbc3a141dc56b3

SHA1
b27204706e77d4942ccf8e71e259eb54a6f1230a

SHA256
1c3d7e648559ae35293409749435746da2f23f55582fa5c50a0a788d52172866

SHA512
28ba962531e1ce2f756ad93877b3f9a5d1faf9ffa6b7556ea038b52b0039a03696c75569faadc50225657ee527156fa5c0b87dab17bdd021a6f9b98172fad0ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1f308798705e181393f1d3c88c26c7b8

SHA1
72f0c39a12cefc6cb35be5632ab11873fc4b081b

SHA256
1c48e5c16a6fae051e5e049e4554706332eb706cf77f61f888dc741c127926fd

SHA512
3ed2b09577ae2a1e32efbcb64a115e59f6e8009e374348fb296709a8ac6683d0d56768bec4ee3bb9aecf2da86b66cd63ee70e1831d28a2d34af3a1410a6f3f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
852b64dacd75cf2c357792b640918e1e

SHA1
f7b96818ca138daa463094d715b5327defe01606

SHA256
3640f8d67f4867da85282d8a02792065df4f9fccc58721427c21307aa827193c

SHA512
2a1f389de55fca52d35fe352c50e29e761ec9f675f678a7939bef3ebcc63fd51b3dbc7c73a984040a9e5beb1a4ce882220d8283fbd08a99cec3d105fb1bbb00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
31af0326c3d71af699b1214f24854d7f

SHA1
d25fe360d83c36472af5ba17b176e6606f312a36

SHA256
e00a538ecdf98baee3c2b8988ebc1aaefa38575ef039d9490315706e2d07f889

SHA512
3342b9fb814ab10e6fcd9e9985ac65640772f849268dc69c400fa00504a46061cb424a352dd7c4a537ca7f10a11cddcc6ed0a0a250036fbc39a065d1c65fff98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c7e076f95f2a6123104cc9b1ecc28068

SHA1
28814af2b5baebc17c04d85bee2e546bf1a3bd43

SHA256
97a090046110145c576e6b51166cbd91ccc30b1207dd95479fa027211030ab8a

SHA512
ad35ed7ef3c20bf917c67bc0a856338a5b27200bd7f30de0eaa58d7e72787e039aad03f80bdf2a3cef08882b1aec30af0f96f9e6d9c802a85901833aeae502ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
fb4d964b463d874a4aebc8980eb1e17e

SHA1
3a50c3438bef9884671b5d2d25a45c4898c8cbc7

SHA256
bc6604b435014bf0dc1fdf12c1b5eb1e7178960fc84dafe5bb83048b7b9cbe45

SHA512
dbf5afb89214fbadd51d94251db790d6515ba5f6a781e3816a10a3f158d05795a91ca60a572ddba3fedb7857eedae3b90abb6ae48844fbdbcd50159144b3ecd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe595a7a.TMP

Filesize
392B

MD5
0ad42d5f6e268ded4ded004fb75b0851

SHA1
6cc6c3a16dcac7a76ce4accb35f595072235821d

SHA256
82c2a6bd09e28efc4349fde2e7229ae6cb9ee64dcdaefd6abcf015cf16bbc4e1

SHA512
e12f0dfededc719ec7b271a98f09e9a47b11229f845360b3b970e10aca1f238833e96f2b393739f687347a0e571d992adaa220cf8cf317509ac86c83c25c47c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.15.1\typosquatting_list.pb

Filesize
623KB

MD5
8f3d7269c9b667dcc8ccbe6ecc1e2b20

SHA1
b5f295eda0e21035335f246e0956c8f19a664154

SHA256
7e4eb19d32348c88a4aac0aa4e724d17364ead8c8089d0bb7bbf59dbf73a5b2a

SHA512
b998a887ea846f5f735e03c60a67e0dbc60b1d4a6c15594c72483fb2a245dbffc28223f4524a35fe045c9a657f1af3b8046ed6e581298bf3a27732261a0f02c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\8de97387-dafa-43e1-a208-16b1e4d37c08.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00008e

Filesize
36KB

MD5
21f4955f4e7a07d5cae4a46fc74ab263

SHA1
3e3e25ca71bb03ce2c9b2a495b346b9653568b1d

SHA256
0870954849b1ccc0e6a9754cfbd3ce33f791cde77156d1f84519713ac47c37c5

SHA512
ec857db1522f15d6b769dc775550eb0023e27c080de45f6c091bae25b8524ed17fba0ca84af38459bb1d772bf479327b031e5ef677d3eb7f65c703c03fc70b84

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_0000b6

Filesize
52KB

MD5
af1dd6b3574f3e28c23d60e9508a5557

SHA1
657b8061e4f38ebab5e1ac6abc4379d89d15c403

SHA256
c1265da9c87b7a17354e3af8366b52107da06d92f7c91bea2671578a8df1107b

SHA512
eb9b5a03a24e03f32831eda7a57cae7731f54fa5e55b274e1f1d39adf6ff58e4d4171fe38f312b798685e3f8ee0dece9a0daf1968cd1ae3586fc23727d3b637b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000100

Filesize
38KB

MD5
1f010c04c93d65ac5c52f0cd2e57434f

SHA1
5118a1b8e4c40667b328e5f2a4bd56214fcaba7c

SHA256
dd7c7f754ab3b964b2c23537b03321e46012c5aa5c53fbce8f4c49b944ed681f

SHA512
761cf46e2878323db44e035584ea60e51c79c7c5d37946795d183eed29db897473fb9506a7094e45d7479394068a8bdf4eb9d531e270422b4bc1e5fcc830cff1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
d8aa8a81801102b594ebc06bf7a26914

SHA1
fb1b97bd9953edd0bb072282073de547483b65de

SHA256
9d04f629d3dc25538bb00178e3affa6e0363de2d1ce395bd34caf2c6be0baae0

SHA512
2c43ab06d86889be0b7aa854b2bb3d2622d10d27614102a34e0a90ea7621e507d4adfa8e15eeeccdbc5ac66ec1d64d6a1f83cc6bd3c9e331fa959a0ce54a83fe

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d6f5591ddfa6613d3946f967b0883d3f

SHA1
bfe6426019085a57a920b75bd38f79db1dac952c

SHA256
7926667a9c9a7c2688dbe7e6bd6b57b77d199b2e6d3ba859b1a7e897d867e74c

SHA512
f484539fcb5ef9fd0c6131a01740a1eb8143807dcb52697891622182666f322bee1498e6e0e7dd7ddad6748a209d80e5188a66e49531f3228ac5517afb43c19e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
252dff7ae46ae76dcccbd9bd3477a95d

SHA1
bf58e76065e6fb0e391497bd702861a36857bb32

SHA256
3217098a2950fd616258a32e4b42ca0d138325161447a537cd9c5f94e6e9a9fb

SHA512
902e87be09b18ce391d1e956d09afc3bf6bf29e8968b11e0729cce093886008a2b7d1d8cf68577f6b53dd1b90709453aec1785b1bf630e050c1e7e31ed8f4d09

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5c5d250d63b711abcf6ac710606412b6

SHA1
b936175622b91b50d0d1299d1355440a4c7d6ada

SHA256
1092b4ffa387e390ea3092f630195ed5360beae05b41ca68a81343a79366d729

SHA512
12398be7b2a74ef41a31bf2ba9d5969da7a7a89ff18e0224f03138f9ebf2a637c3a745ddc66993d5c9676162da7941159101f4bf8d1b7232734aadc58a3e0dbd

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
4bd1b95c39cb45fb318ee83074001254

SHA1
264078a5a543cb1ef8d126c55d591669e4c1a424

SHA256
869bb0e7c1229da71191425f25bcea8fa08ab2661362f0381efbe27c9193bd7b

SHA512
af3892b680aed5d91be19c5a2cb3f0aeb54f7a6402c5924001ad021f292001db8ebb50c9696d0548a42e35f18b1316a6f7eba1cdd2f61966a0d95e39aa61a7c8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5ad1a9.TMP

Filesize
48B

MD5
7781ef6ae693200bb5aca6483a3b32b3

SHA1
af8932e7c6ea62513d9e3ddb76b4ac8f9481a134

SHA256
ec884a030c38d426eb28f4ea87103b4605de88ba4fd962c327075ce7613eb18e

SHA512
32273e9ee533695d88a0f2e38bbfdcf230adac2f395014a30a2177a97b5c027c2ac7fc21b31339fb1690ecf1f07685b093b4d1b9ef2df23d6914fb55bf866a0b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
710B

MD5
6c1c82836040920ed1df0a732c11c2f6

SHA1
3069e53aacf9c7a732268d5c48bfa0dabeb4b1f7

SHA256
f2e85221725d9909af3d027a2b0505e1ea8a944fb027ed3fc2c03742a11a10c4

SHA512
a3fc1e322888de636bca980bed2d717b1705461b16afaf908c7773cd7c70a4878451912fb178a8ca6ce4ca4e94d29408a26ee6a353fabbff463b4caef72b4180

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
3d49b69c741a58ccde2c8b3f898e2d6e

SHA1
45832e60994e780782e0690fb50395b8ae5a8137

SHA256
6ea4d0f6da329cce7924bce49aeb032d7dc08fb7eca2a7f5c9cc0de5602c7a9f

SHA512
7a9320e8449c475ec06548818c982d3d65227058d842292eb60b96d117a7b107b71dd8f6423cab38657803695ac4f3170c91d044ae88b287f3f95fa4fa6628f7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
822B

MD5
6d26b92c43f56a013ef727e49da996d6

SHA1
bcfd14c00a5c296241c814f13567109f5096bedc

SHA256
d860c1c416a34dafb6daf59d4d85c42ed10ecaba4860cf377b754eda5277f4fa

SHA512
f79012df6195309c2f15ced56f72bbb28446a53e980cda00994d09ef03f4866fe57fdfd1aaec1916db8445ef27332040d04355fa6416ddaf58699e4a26439122

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b8f1d.TMP

Filesize
529B

MD5
dd00d23dd198b03640696378b19b3287

SHA1
dd84b431b50810a783e7b6aaf6576346ccf2e755

SHA256
34003696d0f4208458f7f7a7c3a8bdcdf93acd4883013d5e16cd3289d7c5b2c4

SHA512
59a5f6091b8e3dc2c9a157d2604af01c48d7be68d99fa06febf5166ccc209bf5c2be90254ecca1988138e920e748a57a83b2ba8ab3dc8841c414c08a59fb90bb

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
686B

MD5
fc1ee2d13e7fd76cb242fba461fc4533

SHA1
28a2f09d7ac73fe1f5365aef6d3751c165ef2fb2

SHA256
6a6cc739d3d30b7f0f8a784e68da27c047c4ebdf7e68b677da285c16c5ca3950

SHA512
3e081399601b5cfd57a02f224add6734d4141288818a467695defa429e932a05ca8f626617a2885fccef9751ef6b7048ef3c1d509fc23ff3932ee0729dfe948a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
dc0d7368dad04272bf543257bb8691eb

SHA1
31c662f3764a3f80f398f30059d4fc8b9e2757c1

SHA256
80979fd803dba2535b1160510ecf80975a1f8fe5e13db01ec9559ad2a3d180d4

SHA512
2e0719313d8dd41763cc30be7e9f7674ba728a5c9e547c0008b06be3e5ab8a7fb040c408fce4e24fad07eaa04b4f94001c40d5fa51aba760d1ff2e3cb1a6a072

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
3595f3ac69d23eacdefab48b0db2fca6

SHA1
3da3f780a26b79de1868930183c0b9e120f9b1ed

SHA256
180d7d329cf69812d91db8044c264afd2cd419e743845b4d45c09c3d70428754

SHA512
b44ebe5d0f77a8cab7a29df712d58c2ffdb74dd23e97ae2045fdbb0dcf714a9d054f7a3e59d3d8ca701820d7bfe819aaf2e690cc0b19d7c2f47bc3a41690de6a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
cbec5fb1e72a3881747d745347c1b8e3

SHA1
599bfb4a25660e65dad3b938f812f7793ded847a

SHA256
19556e22bc636cda9119162b1f682801d74ec827666636c90e3aa3df1b0e8e7b

SHA512
6eb68205fea5115a36c69cdacba5534bf7e6a9cb3c346e498ac561fb46d721e889625ea35d21c85aa75db3285b34054d63c8912caf5118b501d518a940b59c3e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
05e9b2f07834b08bc0c8e57f076dea8a

SHA1
f89cf480cbf9fb20ab3d56cd4c36a63a15570abd

SHA256
9a22efec827e8302d5e0a350a0b6a604a9ef76a41894261585065e2b3bfb2e7e

SHA512
db0df71d9cc4538125532457d346436053f593b280d71fa41542e3bf368c4ee5e2ab95261730c65bfa69ce1fade62d35cd704070490c8516c16b6ea69384d5cf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
28c1f79521fd216fe08f77d1bca031e2

SHA1
56c79af273053b62229dcfd34e713428a6686795

SHA256
a9d3a1e3fa53772e2f128519a1e9113249b53fb7932f7351c970333c9e501a86

SHA512
2374567d0958d9daaaa15d880571053fae8219fbb358d2471dc962f7315efe014c9287e710d9dd6ab1053ddd8b70970010e86ac7b25e060f0b96ce840bb7f38b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
3b52e142f110e222fbf236d8cfeb077f

SHA1
84a8186b7c5ef6d058a53ac2c5b92af00767d427

SHA256
307dec04a2eddabffc18d3449dc01717a541da563aa713b630116571df9f360b

SHA512
d85dff48a95c2645fc33f18c93a88a2bc55495456e3ab83ceb53106da7c0c8247e75619f9e8e440d52c82274a12dd243f9ba512fdba856e01fc53a12849ebc4a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5ba2a5.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
3430c373f0b22272fe3cdef4ad772a01

SHA1
bcff89b0fedab7b81ceb0455b87dc16901a97c92

SHA256
bb5a4961cddeaa24fc83ff320f2d6ef6467abcedc16981069267ef9c7f3cd229

SHA512
ec83cb0fb999bf6075afcb72752186799ada72cffac8c7becf4c533288022d4039c18ef5a43bca92a51907848fe60359b4fee3c6b12a42695751beb11aca9290

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
ddda0d7af4f76b6a5045f3ee88925b74

SHA1
b9a0952036ef42c558c9cdf7e5861f9a72d8dbf0

SHA256
070425e4ebbba147d9c9db32fe7d52c0a9b23f643b37a99d522f665985a830a4

SHA512
367834076428cca9ef3a5b04ca9448dd24359cdeaf76f68255ff957adc13d80c1bed0e85e25de43c625223272792a64fa0707f5a22d40d614f9e5ed0b89b6da6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
90192caea8baf91366cb9363ca6050fb

SHA1
4ce9598b3f03b9661783119bf109f4e82b17cd07

SHA256
749a56ec2949fbb6397f9c88d31cbb108d001422e4d127f46291819288619092

SHA512
0864ca35148fe1751b2cc3fdc805610ba2af34fc191f2d644429b760f296deddbb1b10c3b87d1c2fddc5e2971312d0cd3091a312d3f3c205777f86391f0e0093

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
f4bf5aa429f4cde5773f24500a293dde

SHA1
5cc5953490d2214783d508f4f485f58ad786faf3

SHA256
20acb02ad627fcc262fcd60f3a00661c385031da1f6bf8a3e1dcf7a47be8d02b

SHA512
4fdfe8cd38c82682149daaf76c54221d0c11ff8eb43ca970270fc509f32e5f055320b053fd3afb0d299481118259502fb1966a3ae15f1cb4b15ed591ab4b6fc3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
384452e29c01a9f5147b95b7e29ad760

SHA1
0ef45fe03b5ac1f4e704ccec0fd4e6b5e866a3e0

SHA256
788b3845110440e14a023f564918e7cdb27c1f5d17a51a8f22e40068faf65cb4

SHA512
e74442fd697b8c86c5e9e39a70caa2a61bf738cbbcc3a794d6dd3c8f7deb41d6b9d3612ceb16969aa115c80f24908282ec1199837de6006202ee8cd465e695fa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
f81040af3fcdea8b568f4e7d5be58d40

SHA1
928a83ce0d8d995413c906d311b4bf8991dbec82

SHA256
9a0d052d2390517661aba5f7609c86a520e0fdaa69d728939a4b9e1d733c5b7a

SHA512
1d268a5c0fb2c55cffb82bb81483ccbe977967b423d08059218af842b0f846698ba47fafcfd287f30c830234cec219821b8ce56fdff6eb1503ace9fc2af9f470

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
44d4dc31a4ce47c67c5d10625c7b3822

SHA1
3a67ccb9ec4f5026874c1d698ffbb6d7da140b84

SHA256
6fe83c720a032bc7e93665692cebc2c0f76914919a78e1eddfaffd51bec573bb

SHA512
f2d13d7445e45cb08e79a2ee964b9e19a9ec493725d5218cba0393d88179966f014d3b6c4f7de1d311861e0f6b514579e71999aa986e9522dd6ed4775d412b5f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
641ab1f842809efaad6744998ba8e137

SHA1
fab16d5bdf2545df6bb0be5e6e73c17615cbde9e

SHA256
2c117aa188848bf7a8d55b9f1e3d8b267ca20da5d87917cb70c9e63cdefae13e

SHA512
d83ff46abe9e6585e0db13756d085d0682b8c9192004bd5d756e98e158653415e555257de7910a453695ea8401bfc2c8b85ac7f29d9f26c30a3da733f0a0fa3f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
188B

MD5
320c154f9a2adef79ae1010ac5a526b8

SHA1
035809b9e27a84f964013fd7fcc7b159ee3f0f19

SHA256
ead040d6aea011cdbf99fe25b7c18a15173669e2223d3ab60aaf04cd2afb6017

SHA512
65fe75c70c2c3df13269a06167bc7167ae88db8cb4e26810a3fab68c6d84d746a81ddcc7546550f3e5a7ab3d40fa9d8986b0259e4ef7e12f0d2604dce12da8e5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
524B

MD5
0ae448a30b91664c7c57ab7c5cafdeab

SHA1
b89880c740cad02c6f9ac78fed881d3e429b395a

SHA256
8c5c646f1c4971cb65db837ed0921cb700ea7213b12134021de788abce568148

SHA512
0b4ab2be4565a716aaa4075d1a45d32c1242d5e97610e61ea95ca8a6ef7f7bb6d1d0714c88b786b53e1c322305ff3bcc0dcc2aad007e3648508504c684fe7d82

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5b2cba.TMP

Filesize
188B

MD5
a688dd3cc35e3633a8585873fd88debf

SHA1
22552bae5c6e59ad3a460b036bb211a0ea609ac4

SHA256
e6ef32bcfc506fe185618621e2abb3915cb747cd9440c2af581c92ebe7ad8e48

SHA512
380202fcc38baba657118c4a85df251b6c03ca0820cde6c225556386b232f7e26b47c4eed12ee629db1048f9f3281011c70854cbfa936f4ada8c18d70a5456c8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
2KB

MD5
602c49f9246967bdcff45b4f43cf2fb0

SHA1
4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d

SHA256
a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114

SHA512
2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5b2c8b.TMP

Filesize
2KB

MD5
68b20851ccb9834d21fb32615e42bd43

SHA1
88fab935f0b9484994097c08f785e9ecb7d68127

SHA256
a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f

SHA512
dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

Download Submit
C:\Users\Admin\AppData\Local\Steam\local.vdf

Filesize
1KB

MD5
7b5d6e47ad42804aed920e93ba6988c8

SHA1
834dcf28a9fbdf80e6196ad1a7f6bb4d950afad8

SHA256
50769c3c1c421dc9d08e9e6ff6a355653c5f9cb168c94e5134077b51e11384b3

SHA512
a0a617581bb51609baa35699e1a6048730da3d21dfc78a7d33631d42ffc5f433fed66441d2ea8ad8dc4a89d9b6dc29ba84a328869d77c44e5d9cd6000fe50bca

Download Submit
C:\Users\Admin\AppData\Local\Steam\local.vdf

Filesize
117B

MD5
350f2e5394aee9de9db65a10b4fe74d9

SHA1
b3a3ae0474a2176eba8973e23e4174848bfa9ccc

SHA256
722b397d0dc0ad71d2237184018ab6a17b1404011f23e1909d421f75e1a23523

SHA512
c4f0639393c3cf006078832ccc946849bcea1399ba61ee7b56c9497f6c31c46a172691ee60251a037474b43fa7df18579170b4cec602ae6a6d71583636b18b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC00C.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC00C.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC00C.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC00C.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseC00C.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\AppData\Local\Temp\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
dfe5fb98c30d34bc6e7618ec22cce170

SHA1
1b4911e9ae348af103a905d40089c9ab6417a88b

SHA256
e6159c1de2eb1dd955b12d1bc5cb4ed73880b88e5c29e1a17ac32f2afa115733

SHA512
c407f2b9b88ae3a7994889b36a7ed0e0416c89210e0863a2a532bb49b3ca80290b0d533b164c13416f84d67c9078346da6b734ae74748728dbbb89c2e57ff5f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
a5719f5cda91b781d412300528a2c4e9

SHA1
acdf66a54c13a4a3e332955c405db60bccb6a8be

SHA256
dc3d8e7e19933d3c6e6bcedc23f93f701cc6e736dd8c9325ea6a9abf3c5143f9

SHA512
92b1729a0ffcd1249135c4a32677a86a2b63c91e165d5e373887690e63cf919d768be9baf36f72e9bac0f393e11ca3f1fac6aa797a2b5f2e6e9e697f561e978b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
11790b51b025a630e5223fcff092960c

SHA1
ef064ba785c72019345eca264b2cb765fa02f4a5

SHA256
520126bc4ab97d958cad010bc81dde2971c2effea375fda4aebf234c5af923a8

SHA512
c6bd5cf6aadf758f8393049737851f180fc3abaa51e99f8c4d0b6a4cd1fee9d57b9bd30e14a73d60b6d62e31c86c3dcfe3c826e22ed2d977699141138ae7df6a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
7c6ceb3547efdd0f05fc77094e415aa5

SHA1
14b70839e19e9fec533f29b0352787687c5929cc

SHA256
c50096fb63095aa27594af7e417fb0bb00223e181b0cccf43e80bef19ef93dd7

SHA512
4e00cc708ac8d90ef1c9cdfb7cf77efcb8f52a9313c5c44e5b6cb90e2acd2790b1f97560e646c788169163d0d85b6bdf5d0f94b4cb8c7c18c9ddf52328a54861

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
11KB

MD5
dbc73eee33b8e1878af784fa935e3a3d

SHA1
8cae1881b20c248c585e78fbd7ed2f39ad4a693c

SHA256
d8ec21824513730b728bafe1e1d63e50bdd2c0b2d47547b247db4f2d67485389

SHA512
d15c676e7ef8f00e02de55b55152cb61a33cb55b898596bd367357f69d9e0484818d4a840a3fc8d5daba2dcba47029ca55fde7a2a7be699469bdf78c57a2db4a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

Filesize
6KB

MD5
56cfbf40a062a532b637d8932a6280b4

SHA1
4636e4feb0f160883b04cd15c7d30834486a00e0

SHA256
fa2670131cd1fdbb1fbca5e53307a6408dbbb3b74875b6fb4adc84f0b3c52836

SHA512
7fa9250311b86d50065ed8272c94d93571c30dfaef6822f6aed9b6cca420a7d026fe0147d315e953d3be1f548dbd1b6c1790d7ba79103128616a7c152676bd87

Download Submit
C:\Users\Admin\Desktop\Poppy Playtime.url

Filesize
223B

MD5
846c20590b1182c583602c5c34c78bff

SHA1
a6d06688fda2782ed81d957e35787c640e068421

SHA256
c200fe66e419d31f832155ed47b1c6b0e4d389962b4906769a7d394464b1a0d7

SHA512
3f6132ad07be9298a75bb1ef41055e334816fd3f14b8190edcfa082379588100fc01d01a90b7b06553f8b764a5835d697afc7522db653f3c7d895ce5439f6394

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

Filesize
147B

MD5
96cc35f9c335e5d36087e266e777167b

SHA1
287b2312525e0e481580796145dd09c36470de94

SHA256
51aaa7f351f7c389bb989a1ad21ff64ba36c34e70a6e0e94040b6b05de30c4f2

SHA512
df4834206f7e5f834b80997c95bef560745e2113dfb8b8477324d55ba1986ba774c325a09e2fb811d91960ca157a0bd284645ee638789ee7bb0442832ed0a2e4

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10764_1720004853\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping10764_1720004853\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_1047010774\deny_domains.list

Filesize
12B

MD5
085a334bdb7c8e27b7d925a596bfc19a

SHA1
1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2

SHA256
f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85

SHA512
c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_1047010774\deny_etld1_domains.list

Filesize
6KB

MD5
93c7fc76f7223d043593c999de1c0bea

SHA1
dd7c906c629466fe53a29d3945e31801065b5b1a

SHA256
0db8861eb771d2662ecabd8c7125c5453d6f3d976c14401ecb252e1f85b018d6

SHA512
55c752b20ebf883adaf0bf696fbe7c3f94b06d5bff907b39e9f43358ee7a58336024145b77ba315393609853c54a701ec25592ffc32b9ed3e2ce4857a4186c8e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_1047010774\deny_full_domains.list

Filesize
9KB

MD5
a3b6c4249c181157cf292b749209fb49

SHA1
f3704c2d69b8f1c7738104f2d9fadf5ae644702b

SHA256
2edfd6823e18cb7a1e9e6abf571ef33c5be863cb5ea891ffa3df9a06fd0bfe98

SHA512
113df193b92ac3312b4e983434d0fb61fde5f3675ea00687ab6f9c53f17635bc5dba2970a5af6dc176618d962f982ab514b82d9ffbf894e315a31797887d35f0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_1047010774\manifest.fingerprint

Filesize
66B

MD5
a287310073c3b178dc97cb38269847da

SHA1
ab283f53827794fffcfbf8603d33a3d9f6a5bbf2

SHA256
3af99da8ebc689d4324a15e3f059e379c9be7e523b5b26efb9261cb507a6f6d3

SHA512
bdd9f96341fc74032c9ae8677e6a06badae1ab60f4ae48ced84853a0a57a16e16c68d636bb821f10fbd06779462ed3fca5d4eb903e5235f519dfdd46b1d7e95c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_489321008\_metadata\verified_contents.json

Filesize
1KB

MD5
68e6b5733e04ab7bf19699a84d8abbc2

SHA1
1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0

SHA256
f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709

SHA512
9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_489321008\manifest.fingerprint

Filesize
66B

MD5
8294c363a7eb84b4fc2faa7f8608d584

SHA1
00df15e2d5167f81c86bca8930d749ebe2716f55

SHA256
c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694

SHA512
22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping240_489321008\sets.json

Filesize
9KB

MD5
eea4913a6625beb838b3e4e79999b627

SHA1
1b4966850f1b117041407413b70bfa925fd83703

SHA256
20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c

SHA512
31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_208796449\manifest.json

Filesize
116B

MD5
d20acf8558cf23f01769cf4aa61237e0

SHA1
c4b21384309b0ff177d9cd3aa4198ab327eb2993

SHA256
3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78

SHA512
73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_2143289162\manifest.json

Filesize
122B

MD5
0d77c27baa669b0714c49b73e68447ea

SHA1
65103c9707e083c5503ad9979560ba1bb7634ae4

SHA256
c853d6a286d9d31a382c6d3fb109d5336d275651950f22b8243289eb6125b516

SHA512
1f011c405ec558229a1f5e2923b38b7054144c66d4c69d658c9c2c371f6cc365317485c274cafcab80bcb88f989b0be4c43c763933de3f86362a79ec1e962ff3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3368_324156883\manifest.json

Filesize
145B

MD5
6d9ce9f996b9f9fe10bf9546dd82f952

SHA1
0bcf62c147fab9f8eeaf575902c2b6e77053b88d

SHA256
c94951578b17215081e5ca755033993f5d50fc812b8d5e8cd4bf6a6c68b36a55

SHA512
ae6ba65587b6b8b087c57a2f0fcbb529764891eb9e4d3b419194501020256872878af14484a1909cf2293a3fa80c0e74db13dbb3a6b5289c62df3f69a4c7e3b3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_1410478828\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_1410478828\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_1626617456\manifest.json

Filesize
118B

MD5
c54fe40731b48d54a8bf4a75c9bbd00b

SHA1
c0a51f93ab33f434c5deff9afe002500928b3cf5

SHA256
bc698bc55ab41dbead04a286706669fced31a351957cb51ae8a21c482b752909

SHA512
372171276869335a8a4dc5de8ca85e6b9cd8294b1c25eba423799fdd9478e98adf11dd9283b2c7718e968ec7d48df383b1d65c3ece1418fc3f3cf9dc271e803f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_24425695\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4092_338336546\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/5532-14054-0x00000000003B0000-0x0000000000862000-memory.dmp

Filesize
4.7MB

Download
memory/10676-14611-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14505-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-15456-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14432-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14465-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14364-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14316-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-15399-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14267-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14405-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14680-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14229-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14590-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/10676-14558-0x000000006D8C0000-0x000000006EC82000-memory.dmp

Filesize
19.8MB

Download
memory/12152-14236-0x00000169D9C90000-0x00000169D9D33000-memory.dmp

Filesize
652KB

Download
memory/12152-14116-0x00007FF867570000-0x00007FF867571000-memory.dmp

Filesize
4KB

Download
memory/12152-14115-0x00007FF867F10000-0x00007FF867F11000-memory.dmp

Filesize
4KB

Download
memory/12260-14712-0x000001B6AFAB0000-0x000001B6AFB53000-memory.dmp

Filesize
652KB

Download
memory/12260-14545-0x000001B6AFAB0000-0x000001B6AFB53000-memory.dmp

Filesize
652KB

Download
memory/12260-14237-0x000001B6AFAB0000-0x000001B6AFB53000-memory.dmp

Filesize
652KB

Download
memory/12260-14409-0x000001B6AFAB0000-0x000001B6AFB53000-memory.dmp

Filesize
652KB

Download
memory/12260-14476-0x000001B6AFAB0000-0x000001B6AFB53000-memory.dmp

Filesize
652KB

Download
memory/12260-15401-0x000001B6AFAB0000-0x000001B6AFB53000-memory.dmp

Filesize
652KB

Download
memory/13088-14541-0x000001F558270000-0x000001F558313000-memory.dmp

Filesize
652KB

Download
memory/17196-14694-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14702-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14701-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14700-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14696-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14695-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14703-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14704-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14705-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/17196-14706-0x000001E1732A0000-0x000001E1732A1000-memory.dmp

Filesize
4KB

Download
memory/18484-15046-0x0000021C09520000-0x0000021C095C3000-memory.dmp

Filesize
652KB

Download