Malware Analysis Report

2025-08-05 09:27

Sample ID 240223-qep5asgc81
Target https://yandex.com
Tags
discovery persistence upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://yandex.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence upx

Executes dropped EXE

UPX packed file

Loads dropped DLL

Checks computer location settings

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in Program Files directory

Enumerates physical storage devices

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 13:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 13:10

Reported

2024-02-23 13:17

Platform

win10v2004-20240221-en

Max time kernel

344s

Max time network

351s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe N/A
N/A N/A C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe N/A
N/A N/A C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe N/A
N/A N/A C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe N/A
N/A N/A C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_x_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_up.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\sv.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Allied Theme\ractr.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\driver_dialog.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\XMP27MW.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Battle\8_yellow_snow_gardens.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\twitterActive.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\gameproperties_general.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\4_copacabana.map C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\2_tubac.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamclean_danish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r1_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_up_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Qt\libfreetype-6.dll C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Soviet Theme\GameInProgressWindow.ini C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\2_sahara_le_v301.map C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Mod Maps\Oil Island\8_oilisland.map C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Allied Theme\160pxtab_c.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Taufr08.wav C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Tauir02.wav C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\bump_paper_n.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\icon_steam.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_x_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Soviet Theme\GenericWindow.ini C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\amazdelt.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_spanish-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_swipe.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Battle\8_tour_of_egypt_4v4.map C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Transylv.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\UseOfflineModeChosen.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\ucrtbase.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\CnCNetLobby.ini C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Standard\mockcrocs.map C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Taubr02.wav C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\btnDisRight.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_touch.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rb_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\locales\fi.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_l_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l4_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\ssa\eula_japanese_bigpicture.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\XValleymw.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\bins_codecs_win32.zip.vz.ab7eb555083e4e6b5db0dd387cbbadf1ab1787fb_3301611 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_circle.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\c1a03md.ini C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\2_the_path_more_traveled_by_le_precap.png C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File opened for modification C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Taucu07.wav C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_spanish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_up_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_x.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r4_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_spanish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\xdisaster.map C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Tauir03.wav C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_up_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\ C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\ C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-910440534-423636034-2318342392-1000\{9DE85796-D939-4558-B38B-C78A0D784F92} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 740432.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1816 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1816 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdff0046f8,0x7ffdff004708,0x7ffdff004718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7792 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=tr_TR" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1012" "-buildid=1705108172" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1705108172 --initial-client-data=0x370,0x374,0x378,0x34c,0x37c,0x7ffdf08df070,0x7ffdf08df080,0x7ffdf08df090

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1648,17139525911620140417,545396578096693998,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1656 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,17139525911620140417,545396578096693998,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2172 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c8 0x4ec

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,17139525911620140417,545396578096693998,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2500 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8024 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Red Alert 2.rar"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Users\Admin\Desktop\sa\Setup.exe

"C:\Users\Admin\Desktop\sa\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp" /SL5="$9020A,2171548,227840,C:\Users\Admin\Desktop\sa\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-lolz_x64.exe

"C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-lolz_x64.exe" d - - -idx=00

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-srep_x64.exe

"C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-srep_x64.exe" d - - -idx=00

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dodi-repacks.site/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdff0046f8,0x7ffdff004708,0x7ffdff004718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\CnCRA2 - Launcher.exe

"C:\Program Files (x86)\DODI-Repacks\Red Alert 2\CnCRA2 - Launcher.exe"

C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe

"C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe" "SFXSOURCE:C:\Program Files (x86)\DODI-Repacks\Red Alert 2\CnCRA2 - Launcher.exe"

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe

"C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe" -speedcontrol

Network

Country Destination Domain Proto
US 8.8.8.8:53 yandex.com udp
RU 77.88.55.80:443 yandex.com tcp
RU 77.88.55.80:443 yandex.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 g.bing.com udp
RU 178.154.131.216:443 yastatic.net tcp
US 204.79.197.200:443 g.bing.com tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 80.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 216.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.55.80:443 yandex.com tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 favicon.yandex.net udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 yabs.yandex.ru udp
RU 93.158.134.91:443 yabs.yandex.ru tcp
US 8.8.8.8:53 static-mon.yandex.net udp
RU 87.250.250.36:443 favicon.yandex.net tcp
RU 93.158.134.91:443 yabs.yandex.ru tcp
RU 87.250.251.92:443 static-mon.yandex.net tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 182.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 91.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 dr.yandex.net udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.242:443 dr.yandex.net tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 36.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 92.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 242.134.158.93.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.77:443 yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 87.250.251.92:443 static-mon.yandex.net tcp
US 8.8.8.8:53 store.steampowered.com udp
GB 92.123.241.50:443 store.steampowered.com tcp
GB 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 77.255.255.5.in-addr.arpa udp
GB 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 200.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 egress.yandex.net udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.211:443 cdn.akamai.steamstatic.com tcp
GB 104.77.160.211:443 cdn.akamai.steamstatic.com tcp
GB 104.77.160.211:443 cdn.akamai.steamstatic.com tcp
GB 104.77.160.211:443 cdn.akamai.steamstatic.com tcp
GB 104.77.160.211:443 cdn.akamai.steamstatic.com tcp
GB 104.77.160.211:443 cdn.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
GB 104.77.160.200:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 211.160.77.104.in-addr.arpa udp
GB 92.123.241.50:443 store.steampowered.com tcp
GB 92.123.241.50:443 store.steampowered.com tcp
RU 87.250.251.42:443 egress.yandex.net tcp
US 8.8.8.8:53 42.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 media.steampowered.com udp
GB 104.77.160.211:80 media.steampowered.com tcp
GB 104.77.160.211:80 media.steampowered.com tcp
GB 104.77.160.211:80 media.steampowered.com tcp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
GB 92.123.128.133:443 www.bing.com tcp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.177:443 r.bing.com tcp
GB 92.123.128.177:443 r.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
US 8.8.8.8:53 177.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 83.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.oyunindir.vip udp
US 188.114.96.2:443 www.oyunindir.vip tcp
US 188.114.96.2:443 www.oyunindir.vip tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 acscdn.com udp
US 188.114.96.2:443 acscdn.com tcp
US 8.8.8.8:53 www.indirads.org udp
TR 193.36.61.68:443 www.indirads.org tcp
TR 193.36.61.68:443 www.indirads.org tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 youradexchange.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 172.217.16.225:443 4.bp.blogspot.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.61.36.193.in-addr.arpa udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ctrtrk.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 104.21.85.92:443 ctrtrk.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 104.21.91.188:443 youradexchange.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 pubtrky.com udp
US 104.21.8.108:443 pubtrky.com tcp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 92.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 188.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 108.8.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.230:443 static.doubleclick.net tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 live.advotoffer.com udp
NL 34.141.179.97:443 live.advotoffer.com tcp
NL 34.141.179.97:443 live.advotoffer.com tcp
US 8.8.8.8:53 enashouse.azurewebsites.net udp
US 40.71.11.169:443 enashouse.azurewebsites.net tcp
US 8.8.8.8:53 97.179.141.34.in-addr.arpa udp
US 8.8.8.8:53 169.11.71.40.in-addr.arpa udp
US 104.21.91.188:443 youradexchange.com tcp
US 8.8.8.8:53 feed.cn-rtb.com udp
US 104.21.73.203:443 feed.cn-rtb.com tcp
US 8.8.8.8:53 sdk.ocmhood.com udp
US 104.26.7.228:443 sdk.ocmhood.com tcp
US 8.8.8.8:53 cdn.ocmtag.com udp
US 188.114.97.2:443 cdn.ocmtag.com tcp
US 8.8.8.8:53 t.ocmhood.com udp
US 8.8.8.8:53 t.cn-rtb.com udp
US 104.26.6.228:443 t.ocmhood.com tcp
US 8.8.8.8:53 203.73.21.104.in-addr.arpa udp
US 8.8.8.8:53 228.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 228.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 test.steampowered.com udp
GB 104.77.160.204:80 test.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 204.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.154.77:443 api.steampowered.com tcp
GB 162.254.196.84:27017 udp
FR 185.25.182.52:27018 udp
FR 185.25.182.20:27017 udp
FR 185.25.182.20:27018 udp
NL 155.133.248.38:27017 udp
US 162.254.192.71:27018 udp
US 8.8.8.8:53 77.154.214.23.in-addr.arpa udp
US 8.8.8.8:53 84.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 52.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 38.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 71.192.254.162.in-addr.arpa udp
US 8.8.8.8:53 20.182.25.185.in-addr.arpa udp
N/A 127.0.0.1:65430 tcp
N/A 127.0.0.1:65428 tcp
US 8.8.8.8:53 secure.gravatar.com udp
US 192.0.73.2:443 secure.gravatar.com tcp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
GB 172.217.169.78:443 drive.google.com tcp
GB 172.217.169.78:443 drive.google.com tcp
GB 172.217.169.78:443 drive.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
GB 216.58.213.14:443 apis.google.com udp
US 8.8.8.8:53 drive-thirdparty.googleusercontent.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.97:443 drive-thirdparty.googleusercontent.com tcp
GB 216.58.201.97:443 drive-thirdparty.googleusercontent.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 clients6.google.com udp
GB 142.250.187.202:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.187.202:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.200.14:443 clients6.google.com tcp
GB 142.250.187.202:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.200.14:443 clients6.google.com tcp
GB 142.250.187.202:443 drivefrontend-pa.clients6.google.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.200.14:443 clients6.google.com tcp
US 8.8.8.8:53 drive.fife.usercontent.google.com udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.200.33:443 drive.fife.usercontent.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.202:443 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.16.238:443 ogs.google.com tcp
GB 142.250.200.33:443 drive.fife.usercontent.google.com tcp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 172.217.169.74:443 ogads-pa.googleapis.com udp
GB 142.250.187.202:443 people-pa.clients6.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 clients6.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.135.104:443 aefd.nelreports.net tcp
GB 88.221.135.104:443 aefd.nelreports.net udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
GB 142.250.200.42:443 blobcomments-pa.clients6.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.200.42:443 blobcomments-pa.clients6.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 contacts.google.com udp
GB 216.58.213.14:443 contacts.google.com tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 216.58.204.74:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.204.74:443 peoplestackwebexperiments-pa.clients6.google.com tcp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 216.58.204.74:443 peoplestackwebexperiments-pa.clients6.google.com udp
GB 142.250.200.14:443 clients6.google.com udp
GB 172.217.169.78:443 drive.google.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.14:443 clients6.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 172.217.169.78:443 drive.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 www.dodi-repacks.site udp
US 172.67.166.133:80 www.dodi-repacks.site tcp
US 172.67.166.133:80 www.dodi-repacks.site tcp
US 172.67.166.133:443 www.dodi-repacks.site tcp
US 8.8.8.8:53 133.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 184.3.17.104.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 172.217.169.78:443 drive.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 854f73d7b3f85bf181d2f2002afd17db
SHA1 53e5e04c78d1b81b5e6c400ce226e6be25e0dea8
SHA256 54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4
SHA512 de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

\??\pipe\LOCAL\crashpad_1816_PSWJRQZSJMAAXFLE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a65ab4f620efd5ba6c5e3cba8713e711
SHA1 f79ff4397a980106300bb447ab9cd764af47db08
SHA256 3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76
SHA512 90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd1583d0b524b532c78cd0df7f8bc77e
SHA1 4fc7be6c5b0214e0c0ac37657669e5f6ac4482c3
SHA256 2a1b4f2f3fa50596a8784352c053f566530131757604a83c265f65d8d911adfd
SHA512 ba82c08d57afb1df9015ec511a6ff097c48265172671fee5b9381d0f5b666f5f45a0b150a78d25a8c11c622e042e9ed63e4f0b33eabb88dcf58040ee88130dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de037b703475b0856d8d000c9ab7bb24
SHA1 39b4f4c0832687b6f825c873af93761b17ad460f
SHA256 9bd2c7094e3bd42cf5b2a10b28797ebf60199cfe7baf4c4c461ffd6cac084026
SHA512 a58b29d50533831e9a4e339dd08abaf9ad22a0b416e223be3a1e563022eea520b60797cf61e0b8e56b4aedf053fd766910fac3279e4bb6730310ef59943d5bff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c533ff37dc34bf2e231f32f6e4d8312
SHA1 3515d91a69224486cb2da27b011308352481b07c
SHA256 aed0e67e3e23a7a102990d1e5af0023351909d2969fe46c1c435590ccd8bd177
SHA512 3def375aa44d8fd417ad7a0985572dd9949bce2b56d6bc089124ceae049fc7b014ce61b203c618cf5c782d42bb05972c7c67fb9d783eb43aadc8fe9cdfcb1e49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 740432.crdownload

MD5 5b9285776cd12fbbdc48a1d691bd3315
SHA1 0af4a8792c9531a04c66372841c14073bbeda44b
SHA256 73afdd98ff38ab914fa927d62dd546f208954df4c2b9782e263ad2483a01bdcd
SHA512 bdbdfa2ee57bcdb62230d52b22d95e31a79339c71b3e73b225c24a346ad3cb2221b7b1e8da25557d5a778c53a50c0610646b01511d0edbbb2c21b14dec99dc73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 df5029e92ca41e3bb3d719b4e3680650
SHA1 95e3a8e2aedd566c25a17b3e1bd9a68c67a0c1aa
SHA256 f3e498a56f66177b30d763834ceae5daa602ea39ee171630d056def1e2fcfa58
SHA512 84bab772924261a00f62c8171f4c7ef81792a08d61919c9c83f2ab0139803606179c8db3cef8eee53017ad39ee4adfdf84aea18864717c4a250ded128f1dd8b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5790d6.TMP

MD5 73e9ad38a7584e607bd784e44f52a99f
SHA1 e1e9923a8362c6e273757cb0870a7b6d3c37018f
SHA256 4e40f2520834b4a227da6ea3c16f80a162017bc6313ff107eb736a974cb09b11
SHA512 b724691611d82248a60ce0e43c0eb69ed24aedb7fa44940342dcb802d43d12513b1af1025bde0fc74e778bd23fa65c7fb94530ecaa24d3b23d37f25fdec855eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad1a15645b577ed47d4ce5ef4d4b9a24
SHA1 cbba425e1215482ffc919aee8749c6c99af03921
SHA256 e714e0101676163c58af24c3e3dbd647848999b06be07a3754561f5be7f664e7
SHA512 7183b9a5c3c0809aa959a57ff849ffd639ef58584305f1007a7f048df142c3e38535b4a6619b2bafd563124fe5921285b0c58d4f026e723e4de6fe58c1229b97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb2cef8384f49d7444b4479fee91f880
SHA1 2d50749684d9fb7d3ad409694193f64df49da3fb
SHA256 8d23485c05b098f57e148ff0ea6801be719d2e8eed4603de6652c7301a13596e
SHA512 c2ac96d3fc5cc84b890c5d588b88f61460e718df25b714d735f91f06d343fa7a76633f258b504006a8ed1ea81eb743f8d9f9d20c713545fb29c774db27a7052a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a363f7403aef0c2cdbb8a1009ebbc67e
SHA1 6a2e2800091ad46f8af3df433d85752db66663cb
SHA256 5729317b14e1ee2f456f0c36f5679f219994e5b6df0f6a8a342623e46d0e2728
SHA512 53af30a8397848e08c9b3fa3ea2da68a02cf3b4983c40cbd126c438ad0d10848af9d2fb34de72434906452d58f3797149d44f9069e9ee904d4bfa98b087c0237

C:\Users\Admin\Downloads\SteamSetup.exe

MD5 2d42e4b028c911abf2aa7fd8f5a0a8ef
SHA1 ec48a05e67880a13f5714e39b222aefeaeb3047a
SHA256 38ac40ada4e9627eed41e5299203be16ebc30627af2d42985f029fe6c813926b
SHA512 b0d83bdf10e747aa0cb4be55e55c8c7a2d27f10e38841fd10c0846a94d31b338a3886afbc61fe81315472ecc3ff0c4ae43a511c7e081e898e53b35933cf3dacb

C:\Users\Admin\Downloads\SteamSetup.exe

MD5 c080db324792034eafe5ea28c28b511d
SHA1 9dbf8ed9d6b240a4e8b75d9b1e0543b413d1510d
SHA256 7c389e4d4406d091d5b3266caf8bb8d3122afd373929bcee733efd272382eced
SHA512 32cf12c6670d39a4f3ceb8b4f75f59f2edb46b32656ba96d6c775b0cb698191aeaed9cba8ff237a8f2e5e01eb08bcd05c8e011fe238dd4e515531fc9fd92841c

C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\System.dll

MD5 a4dd044bcd94e9b3370ccf095b31f896
SHA1 17c78201323ab2095bc53184aa8267c9187d5173
SHA256 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
SHA512 87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\nsDialogs.dll

MD5 0d45588070cf728359055f776af16ec4
SHA1 c4375ceb2883dee74632e81addbfa4e8b0c6d84a
SHA256 067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
SHA512 751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Program Files (x86)\Steam\Steam.exe

MD5 9cbf7c737de5ba37f2fd8a3662baf107
SHA1 0c1bbb813c0dff4f67385ee419608a6f0ff75896
SHA256 dd95a7cf8274fdb2c42f0db7da02ddda317ff159a76bd6c167c8116324e94c13
SHA512 c85d4b4dc68675cf34696a1cde50111fe0a13a577558dd340ccab573791d0f220e65e0b5f9d8645765554855b2897505598e222848e7cc44f254e904fd0e0fa1

C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\nsExec.dll

MD5 c5b9fe538654a5a259cf64c2455c5426
SHA1 db45505fa041af025de53a0580758f3694b9444a
SHA256 7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7
SHA512 f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 da396dcf984ab0b66bb77d8041c0d095
SHA1 b9b76927ef13e5640ed0fbdcad75beca37251ace
SHA256 3b1b6400c0185a83378aae68860d365a9580f6f72d3a7e19c2950c63b19ff498
SHA512 16c101656776a420a2501b6d00641c71505eb53b7fe077ba0eedbaece78ef33d470c24cf9b918a3591f4981e53c598c8575244ea8bf67b4638bd8ed180d3c40f

C:\Program Files (x86)\Steam\bin\steamservice.exe

MD5 2de3f7cf6020b3bb6bc4199459a63016
SHA1 8a30e5e333a353eb069ab961a4c1918fcbb44623
SHA256 f649f4a1d41cd442d5e3f079b1677442a2123eb494bda58ef866870b25915d7e
SHA512 5d1e016c731dd1bfaaf24fde9da4f453f71773a71db956290809eb82064fa0307874cd412be6ad98c4fdbb36e94cd8ae7aa27341aaa1f9f3f9e696afe0cca56e

C:\Program Files (x86)\Steam\steam.exe

MD5 b4411620a3551834e4f699cc5a9b27e6
SHA1 5093960cc86613e310d13770b5adef00fe93f3eb
SHA256 3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04
SHA512 47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 8ebd46495dd3b4ab05431c5c771d5657
SHA1 e426214322a729faddb5bc80053af5750c76683b
SHA256 70c39d5d5b16640165de19cee80da4a391035108cbc5f5009372a86954f0fe92
SHA512 53afd923f583eda4db580935a8cdd62413af8e830c04f2c12d15c55e905c114ec11a5e4483660601504c27e9350e9e47c6432f8f699464e11c5050fe846d7dc4

C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

MD5 f8a86b74ce3b446e3111d1480b5feaf7
SHA1 af21c55fd6ac99e65db55af9b8f4ffe790c4382c
SHA256 8a049b6126e904dcb9ba5d8af21cc0ab25ca55221cf2cd48eea45504fe23083b
SHA512 70f8009f5940b10b77a6c152c8c73f3dd425fb9ac917014504e8116ef00032888de686271e0262cbe7a55c6e605e837dcfbeb54ece71e49646b1030195fa0845

C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

MD5 cadd7a2f359b22580bdd6281ea23744d
SHA1 e82e790a7561d0908aee8e3b1af97823e147f88b
SHA256 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99
SHA512 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

MD5 29f9a5ab4adfae371bf980b82de2cb57
SHA1 6f7ef52a09b99868dd7230f513630ffe473eddf8
SHA256 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f
SHA512 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 1a537a1d30fba1d3db449a9207b63835
SHA1 ab6903b4c8d6bd3571960b1218714b8d76b1880d
SHA256 49b6b664d50a1ae0c732bcfbbdd1db1812ddccf00bcf5f40200f0e7cff5542ee
SHA512 1215b0d017a6e3ea207edafe8edd500a91a7a971b2f989d8006fa65e475ae32ec00df3e8ec06b4077f64f5b789c536bfb9d8b9945ca0e0731d68e48876bd8459

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 5c7bc92e0d948e3bba3f26f64a22fe7e
SHA1 bd259397a312bee9b8262058c30e0e354eeea93a
SHA256 5e6b0978fe8e2d14905f46e089b06681d6dfe76dd0c1551c168171ac4de75969
SHA512 8a6e18ce3d38a9658172b1871255a9941c572114137e468f130956c73ff13f282a46074a1dda6404dbdbf317ecdaadf01324194b8f8c081f862037784f4946ba

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 e9b8fccdb78bf9d275b79c75b2ff3e7b
SHA1 4b549411ed4db0f0a3699e76531353c226b06a76
SHA256 41ecfe0ffd6043a66a41bf9ea032712f2d1bbc19b434c6c666a107ee379f21e4
SHA512 4ce905a31f3a410712722271abd7e0a9a6c43646b61a321912b4a8e8f6fab68ab69add1d701c501bb069b8ecb65ecaf3bfa9be983933d0234a8c81c24bc6601f

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 31bd3d4d8de5af4642b21d586d5ee54d
SHA1 552bebb93c71cd8acd72558db1810530909fb276
SHA256 52f256ded29ce22945b5bc0ef7a227189dfa91da69265ec13283a7067c239071
SHA512 cea49fc70b18a1294ec7e564ff7f4d1ff7efeb0db1cf1b088da6adcecc282569380f225e9a150d1666c5c1977ba4de0a5d9d667c72cfb8569a50546b978e9132

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 5462f47e56b978659ef56f196db013f4
SHA1 4749824d4e909369f59217d4980963ff17353f3f
SHA256 cbfbe91d4a4661df814ea447c03f4ca872ef3e27073a1eb746faccbfe75afc8a
SHA512 5a437968fc06619cf553ced32dba9c7c948f4364f02c8017986e9a4f09e9832b849c7e0567485ca1beba34a258d29b2612ea3ed6045c81777e9a5201139f81a3

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 d75580775d67a85353189736222a8878
SHA1 ccb2275c8f5d119640064fd533ca15f30d93f331
SHA256 10720923c1048502c5191d6d1d8580e35e707b24d457941dae94a87371af989a
SHA512 757dd94a1e3debb2520855a3d00e44e3a98b5764caf9c16c8d088fc1a1f1024eed742f1051635721f4bf2c00d1dac11fd975c09a7f5df78d1863de88f9bbf9fe

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 b9e30df8cf272813b121133fcf259752
SHA1 16706f982f16d5feb9c808f94b8cfa50c23f5d80
SHA256 88919d7be26fb3e06401fc0254733d92fd743ecc56da4177b41613e1f094c3e8
SHA512 7beb65c0477b02742741a8ce23557f4f15e8cf1b1ef03a6bbadbf594bdf2cd686d7356d93719111d27b309a10ca75846765a13bb3eb4d0411785dfb13a675fc4

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 395286db3e67a59868e2662c326c541a
SHA1 716014d76622612a1bde2d4e1744d024f6d0b830
SHA256 02e48ee4e10354a2b2741d2e57ef565404753779f847906b5ae5c98ede06c01b
SHA512 64cdf1e6701ea57474051e338eee74859fc0ff4acd71ee0718a9b8cd698e94a9793c1901b6791fc0fc268c53fbc1e7e2f94ac1024f3f8765bf713954c194b0fe

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 da69785dfbf494002f108dd73020183d
SHA1 34bb6061cdf120e7dced0402e588c3f712cf2dc0
SHA256 8cce22e7f13486f2bc612dcc8fa31d81038e6084a350fa10299d40c3a7f878c8
SHA512 db773783b63ed1d66a59272e05304c174b69f85d2838ae8049dffed6b6b30c2011fd9042dd652f9a1733a2b6891870b426cf1985d41921e5360c9b1ae1330e20

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 594be5b10d9f551e551cf20eae0e6dfc
SHA1 191c20f5cb0c27ecc5a055fa2379694f5e27a610
SHA256 e350ca62e777da4da6d25885be96d48e7ce3acf021a74f2a4902354a1bf03fbb
SHA512 e27bf6593a177c22e16ddf5a44d82b34b02063645a7fd63943b936028d9c433c89628038768a300c296c2d3bcab2ef6b8532a19f7283952d041865c704f62b0b

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 2fe6613e267857982d7df4368c9827ec
SHA1 d520c7427b283e3ff167b850ab15352e46d328d3
SHA256 2eba5f3f0b0dbcc2cd69c36c220a2355d1ba3cd67b6e25b5846c80e1604bcac0
SHA512 cf2fc8978adf54dce5700eda7d8beb4917c89bf5458131171eab95463e1b3a3315770f4baae07e498e8e36a8478f09e27054ca2d06b4542c86d8459360572be4

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 6def4d3cf1453d5fb69d22fca29892a4
SHA1 09fe62653e55668de75a9fc5b64949ea81eb4991
SHA256 60c29f3c57c44c58daf69be797bfede31967b1ddfc9bb68cb7ddaa0acda67c8c
SHA512 ee4f3f5dd8a8aadde9cff8f8aca8a45fa419c36fd8a4a7d3af9b71e1f7e5d9e1d01c329c70e6da53238822b536e35224e55004bf2e1af4ec17d5b56ccfc58549

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 239c03a3dc1c27993da724736d086cef
SHA1 ff88246f8ea3502873dcbdc622378f006c58a2e6
SHA256 b387e2fb971297d3438acca130c53dfdd202ae2ca5b52d6503333734cda4fbfc
SHA512 656922e8f2dec46ef36efba5c85088c47b02e89f62b27559611fcbe6ef85c6cd8462a4532e2d2d7f4faa977ab24f0de6f5f72e3075f8889db9e6e60baa162a32

C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\StdUtils.dll

MD5 98a4efba4e4b566dc3d93d2d9bfcab58
SHA1 8c54ae9fcec30b2beea8b6af4ead0a76d634a536
SHA256 e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48
SHA512 2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d33917e8a7c4bb5b8df7393355bb56b
SHA1 5e85b5a85fde67f044f83c59d5e56eff62d3d5ef
SHA256 493acbd01766970d5ca8af20ad5f3bb4e4faed916929f795258ae7433d4e323e
SHA512 6ab88a4f9f5e2f4a3d800ef92798c476fe2d4c332e372df7eab94b88805fce23d5a3a3f995bbee0c47aafc83e46f0f031fff45554476450c05c81fe51c08339c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fb553297134966aeac20fbc59249a7d9
SHA1 d279a98760b4ad92eb7f859270ee8f60a95f18e0
SHA256 4fb4e647616b2a87b7f0655de33d8da8c4796b10c348cf8add793803eee673de
SHA512 58eb6ea32a64291b87a0043162b3d6d19982c5975cbd6aaab43ba70b21ddcb52dbc0c5e19574a68476076b077fc7331ab7e49e41dfab5eea6976431086926098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 77ff617c311cea1836480f71f3d80ead
SHA1 74a49b97281fd2b104ddc991bedd367d8a2a3cd1
SHA256 f1583e7661ca87c9011ebce26cc0d5b49ce4938f750805ad4e35216b9cae26d4
SHA512 c0f46cde8b75abff1350980cd4777168b0e5f5d94a60b321aeeacc8826015db172dcb683fb5b86cf27ce3a06bbcb6991e0ba4d31ae4589c1e0e4285992cfae3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21db6b5fe031fe07d4a04bf31b2fa3ff
SHA1 961288dc1028e8a3d9b9ab8a5fc2cf1eb9643db1
SHA256 249217f49bc763e19aec9167664aa2d61bfb03cfa31e77d40994c0f4ca65ef54
SHA512 cc5f48db9c83ac797d833aaf16a0658980016b9c5fa0c7bf8b7fa109d5bc8d4449dff073f80dd0818e117d6da77bb98701a17146428f88e2fa3277cdb9581a9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 43c1271cabf0aa48ab993eef3c6d07f7
SHA1 853279f515923561d8634d5077f333665448b32a
SHA256 6a369d86b4d03d434749557378aedf0ef368e684d58d3289d557fb5c83c5b6c4
SHA512 abeda0d90be876e99af3f633c4afa8168ebf0bb69275dae0669acdf4f20127d6673ab25727c0186a7a62bce4c4edad8545851d148bb0758af0abc2c07f7b9f32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa73b343b07db336ba6caef2e089fc5d
SHA1 5563cc6e72ea86dad2ffd2a5ce1c3cdb6dace68e
SHA256 ba65345ddf802c64aecfc09626c83e830a457a9c79388d04d4a3a3d39dd79cc9
SHA512 a17dff694e767e62e1e6702496cd5827db6c658bcb0f34475af4872e684b3ee123fd25224e350d85df986707b05ec216563c39a7c3401e8691621b211289276c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e7c8381a9834d8577d48b8a71405af1
SHA1 5dcd831c13b4078994c3d36030c699b6bef96964
SHA256 7ac801bc9be83830f78d6e42e64d001d734490150fc0e2bcda0156a24fa95837
SHA512 989a87e16aaaee40a67310bca147a0bceaf03476d881af566ff82b3096671879cda0cf15417931fe81b4afe69962e968538547e9d38d4a96ea5fe4c336bbb1b4

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e14ff6bc105c9726b18109c8d559458
SHA1 5782c31f78ae2d828a90e24833af406f8a83a2b6
SHA256 44fc07d6db4ef635da48570ec6e138a197e9c3c3cc9105542222968749c58988
SHA512 7c489c701bca29306c99b1e9b84a431a1c52b1192a7d354ab68486643403d4c113d4a259c8fedb2cbe8797c6019b262437a498dd264a808c6842ee85336df75d

memory/440-13165-0x0000000000930000-0x0000000000DA6000-memory.dmp

memory/5156-13171-0x00007FFE0C5F0000-0x00007FFE0C5F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4741d595a58d4a483ebc13165827f84c
SHA1 1b2b110a31689eeab685b904b1bec31341cb01da
SHA256 e123d82ec0f3674f1080e4f8e0d05abc6fb0a924b12cd58cfab7ef05690039c0
SHA512 7cbe04a2f950d8a3fc33edec4139cacb85a9bfface159e398b82a9898d916549662134f6e72600034e66232c95aa5f71ae68848282de3b4d9572a4a04842ab33

memory/5276-13194-0x00007FFE0D670000-0x00007FFE0D671000-memory.dmp

memory/5276-13195-0x00007FFE0DC10000-0x00007FFE0DC11000-memory.dmp

memory/5276-13237-0x0000017FB34B0000-0x0000017FB351B000-memory.dmp

memory/5276-13238-0x0000017FB3520000-0x0000017FB35CD000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d6ff6e2778733a7356d3e1ec84df329
SHA1 c30599d979433cff63151db10f330a436e254a01
SHA256 1dc0e10ce8fbfaa86727ae85d8b6bc84ebf95af6150328734732235335ae1ed8
SHA512 9e44c40c0ef80f1d3fa5d08e9329c1b3a71553c3c9db05cc544a78c4d417c50583615c15c8a13968582ff62fa8ddf13d66205ef632a092c0a9d730358bee30d0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 69fb0b60b374c2f840a241fb3592f369
SHA1 6b1f4ed024d77066dc02cdae7c085e7cdea497a9
SHA256 083a0ae159f9850f0b60722e9f699b38948467ae0fc486d2a90d3681a2d424c4
SHA512 4323d3b9c36fc1b8e5ac50da96fe9e90534456b566aec96acb1bf15706e15c902cd2763450f4bd7a5d9aca69ea75843b42ac8df39d3f39dbf11e295f2d58302c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe596f2b.TMP

MD5 9595dba186960bcef5b83f617e364f08
SHA1 4ffc4ddbc654d33a437a40dceaf11dd84cb7e826
SHA256 e24b6a6ad311f26769b7276dc2790f4d966d1bc5b4f04a48252f31b1b2c5d835
SHA512 4fa3cc8d5b797e2c0841a47e31b60cbbbe3fee1c372fdcb86e58eb33ed42f3ee052edea397677d8d7ba9f71dc66edec0dcbb16e5e6b809480abe705cec5626ee

memory/5156-13302-0x000001861BD40000-0x000001861BDED000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f102ecec714a5096d99dac1b271defc1
SHA1 e918e1ab8021c1d59fedb48a76944eab6924b3d4
SHA256 614d8865e4381f7549bd4d2c8aafbeeb1bb6b29c8d0d013260830474013a703a
SHA512 4982227f5e039c1c9cb333e5a10a2de8e31974cf4967e6af2c723a2ddfc221d718be4fa699dd482ccfdf4abef99c20376e837a8ead80cd85b2d302459ddad54f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 24398d743f350f3dac3c28e6749f1815
SHA1 7622cb49ef8cbe31ede054ef15674bc4e223a614
SHA256 61c22755d5c6e984fc4cf92edcc2e07d07566f99d768f7760726dc9e0593d364
SHA512 1402cfcacd0eec31271fc9482f99ddc88f5d12bd21063352ae7f2ced513414d9bda76e292289ddf5196e9691d059d72e72dac1805be6d353daaa80a1fab5912d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

MD5 2fd093ba1ab6fcafe1263c686eb129f9
SHA1 7563a8b8c9893d8c55831dedd07f7327a94f3d8e
SHA256 74767429c47b573025cded7b094046c1a9eb158ac529a128e6578392f1016d09
SHA512 9c84430718600bffeafc1f817ea32921fe255f2064c363b2ee62df54c36bc93b3ca056e865b899f72a693e710654f42d6d9efac1bc4c15a52b06a35423ca24bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6c422bef9a7f9542a7bfdf733b89afbf
SHA1 228f2781f28028575fb33b943cbc033152a1fa4d
SHA256 ff1c445adac5e0279b63e4d419a78ff881e5e3fdc0bd8f2fa9c653b9098edb84
SHA512 ef364f903c988015927b08fb6a1c487f18add34204acebc575daa72ee18ddb00178ffc515feb20872ed6822cba009f3a9c242ed634fa9e83d29acca880ebaad4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cedf6523576d98a4748aa53a3ef8b58
SHA1 7c4ee68cb53163161780d3599d96b79d76b77f23
SHA256 8fb3d5b880d9c137548975cf4f2a85cd1bc3054ac08f0f84658bec9b95f27e07
SHA512 254a6d1075d2587f3e1d6bae817cdc35ae240f83276640f015e3ee7440f056c0178df82f15b729e1d6321406baa9a085fc66a58bef4cf5843b1cf38e9127e21d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e2ba367df56338dabdb000910cf951e5
SHA1 d720dec64facaf43f0d8a0fb485fee5fd6863e92
SHA256 82072a0364961e452f37915b34fe437b7813092eb0527364f5ef7b0ce4347518
SHA512 6c439dd6fc9520f7229590df9333547727b698252d0cf0c7ca0093dc43372cada23304124e013721ae3626fe684e3bc87bd4b9e6a1759e8411ade93736facd75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 57dedef511d95974e1eb27cfa50ac5c0
SHA1 b78ffc6addc82dd67e84f041038aadf34e342e38
SHA256 bcb81777efcbf399a4b9de4400d5dd884b74492b98e4208608ae0ff19c7c813e
SHA512 7127f5c8e0ada5925fbc4558cfc22d20f103b4609b1c94a3ad9070979fd01efd80463fa08834abac1029271d09eef1fba9c3090df6a2e44fbc6d559b38273c94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19967d1d161a4c17704df4c228022730
SHA1 81fe3e004494c7bc2277b3281b04e9ed18d112d7
SHA256 8ef34f99bb02508e380e363f1a2abb60347a237ccea46cd866dbd7c647a8c12a
SHA512 aba91e028b6ba03898b9b5182eb4ab11d5c32bfe65c3817f24c5a80313b95340a8f497395b2a7e98846fc147f565e5006c5befabc0db2ed504f658bc0e2e4a57

memory/5912-13551-0x000001F16D440000-0x000001F16D450000-memory.dmp

memory/5912-13567-0x000001F16D540000-0x000001F16D550000-memory.dmp

memory/5912-13583-0x000001F175B00000-0x000001F175B01000-memory.dmp

memory/5912-13584-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13585-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13586-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13587-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13588-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13589-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13590-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13591-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13592-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13593-0x000001F175B20000-0x000001F175B21000-memory.dmp

memory/5912-13594-0x000001F175750000-0x000001F175751000-memory.dmp

memory/5912-13595-0x000001F175740000-0x000001F175741000-memory.dmp

memory/5912-13597-0x000001F175750000-0x000001F175751000-memory.dmp

memory/5912-13600-0x000001F175740000-0x000001F175741000-memory.dmp

memory/5912-13603-0x000001F175680000-0x000001F175681000-memory.dmp

memory/5912-13615-0x000001F175880000-0x000001F175881000-memory.dmp

memory/5912-13617-0x000001F175890000-0x000001F175891000-memory.dmp

memory/5912-13618-0x000001F175890000-0x000001F175891000-memory.dmp

memory/5912-13619-0x000001F1759A0000-0x000001F1759A1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c8f30c28725f0e48f5918614d2ecd55
SHA1 a9bd4ef1a35442f42c19d2dfb6295d774f788492
SHA256 21a1056ebcbbb2478f565b489a9a940defc51a06e773792b6f15b1bbc6ccaabc
SHA512 2bb64a07582d7c6d08d7a6ea169590a033e5977dec674ad81f739813f16e454249159ed1cbad0e10528276e415121aad665705fdc6698f6ad7b7fc87bb4736d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bad8ef8bd77fe1cd0cb0e092659b3387
SHA1 099acc8a4b1c2d4a6a50a3ee6ad7bbb2d8000ddc
SHA256 a3ba7786c8ad62b245ebfbc5da72c72cd5c33a3aa6de51d85dc56a62e6523819
SHA512 888d8ebadf1086ac93fa79803a6ad6d6d29ead3e0ea9c743fa4828b9ff82f96176ca6b070df52a56425e9d0d5302198bf4c5f87803643190ac786bc3ff8ce484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 156a2a44ca1bde23db0367fa8050bb78
SHA1 ed7b968f8ee2929dd202da353f0eb17d5f23ebf9
SHA256 5efb4947e34aed4a2579a701e86c5ade04dce072b8e4ca55610f32d254a353a2
SHA512 0413014ff94ef1eb08ca81e5100996925c6d85a0a97339efea448fb29985970c0903ea85afec58c734628e54faf7574ae7264d0d617e41a10f502fc7b93244c2

memory/2884-13669-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2884-13671-0x0000000000400000-0x0000000000442000-memory.dmp

memory/4940-13674-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/4940-13681-0x0000000003240000-0x00000000032B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Autorun1.jpg

MD5 5bad9e83f49a33e93412c4cf050343a8
SHA1 3d4f208d9c09bb00d05d4a5912f9f3a5c31accff
SHA256 1a279c613d0f75799034773002895ddf9eadc15c22996ae36664679759266ac8
SHA512 fe4392332bec8e2d8c2860f268ea208522082186d63ac6dc650c508131028773d73f93c23a328c7d60f93edcb4607de54f64e4a030134862bbd96343632d2638

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Dark.png

MD5 185d31c702a861fd7026c693513eb3fb
SHA1 4857cba77bce860ee34df70d2ed06ac51958b53f
SHA256 56e1b926b344ef760fea6a4fd862e066ea5295f7e5671fc7c0d1f1bc148e2009
SHA512 9cabac5d73a9dada0d809fdfbbb552c105d0de975a545fef70322b8c86b001691af6e2dc58e980343342a953bed12d91553dc253928cd6357836b6aaf5efb8e4

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Install.png

MD5 3a104b9ff4b59bba6dc3b30114c5b31b
SHA1 3a03ebe2b3ff5d4bac88355c82a86da3bb30cfde
SHA256 1a72008c2393b330c3a9e05bcba070e538d9d5078767adc49a86a05473226ced
SHA512 8d4d985d5003b2b7739c9f5549b8ea143adcfa78188fea45de49a73f82dd1e88709ef35a62bdcfdf360a1d3face0cb40fb8ff782d15f5081127dd6121a7e0289

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Uninstall.png

MD5 1dbec7e15bb3fe912ea362c7f5305cb8
SHA1 8ee2dca3f834cd7809dd50681bb432fa17f982f6
SHA256 43bfe50a575e87237abe4f65eee18b23e667c0a6c9fa1fd6fc2176948edfa527
SHA512 dc46536df17a17410a4aa2b6afaee9a620612e23498d009e766411bf2d17c87da0ac3b3f5a950375c34f4355f6b2924dfdc99c52102e1e702fd55f29333fc55f

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Exit.png

MD5 91f97aa4b051e7b2991e5456d2c8655b
SHA1 901dd406613f3e97d8d6141bb061b242a3b5fb4f
SHA256 0ff3fbfbb177d5ffc8b577f821a91f9d39f13f5f548f9570c12cb85ccef526e3
SHA512 b664f7aff75308d416c9e479bbd9a9b840816d41fb1dc218187c01636e443c4c7976a635459f626f971961c89d0b8e3c91bb0d61940e487a36179437fb0aa296

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Tile1_Icon1.png

MD5 bb562c499c7bebaf0c0b0869f3833538
SHA1 4de593260cc4833ee3f903e122b39cd346bb1439
SHA256 5a497b1f9789ff32c31c033d660e45bf0a2f543a5a7b5e96e3cf4cbedbdbcf4f
SHA512 648fe2673dfcb1c679a7f0d9b2c39c5c1166efffdfa473d8bb517d2a7b12733297f8ac30e3b4bb1d6c3bac9d45eebe2199d8db1529dbfaf3f4640c42a60808a2

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Tile1_Background.jpg

MD5 5e25fc73867c51bb749fa958b7c04fdf
SHA1 7c670bca631e94b46b33f50f1b8ec9d9d203898e
SHA256 36cf201c5171646a151b7ff5518078d6068f5437b52557784e4163a8e87a13a1
SHA512 e49b15ca8c190eb45a3920f87d652ef9ede95c1b68d48d99e8445373f875d5991fd1320106d2d2130d51484852ade59348b343296be285e127a2d18c3bbbaab4

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Lockscreen.jpg

MD5 5802eb61062a24708cd8604246b35b34
SHA1 596700a486cda97f1d9f2cb02d68b5e982fbe014
SHA256 022c65cd46557602ad1fb1f4a0cf7fa3a0f8c8883c79c6a1b39a18d8fad27cf5
SHA512 07b1c77739b9450a90dc03f071e960d29bf085d3951369a9af1aa05fa5d4678db726d2baab1e2f7a9eba3c2709de358b4cf910acbef4bc24e0a831947bf956f7

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\logo.png

MD5 a8c0b36fd2754dec770bb5de8abba77b
SHA1 e7fb461044217186053ad089f5ba42811be96dd5
SHA256 425db45e29d376d84c1b35035e841ab706d69b6a03848dc9a221c6bd53d58f37
SHA512 b94abaf615c7aecd37d20b218f35f7314e3357513474d7944ad8043a9d26508ae6e1e98cb497f7bfb4e5ca8c8b53a4f1a1b0b8310aedeb7b3dcb434924149b3d

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Lockscreen_overlay.png

MD5 f5f4fe2b811e5a07ae1184579cf36557
SHA1 9ae1594e259f1aa06734c8653796596113f2d08b
SHA256 d66bbf3a8d5f5890c3dbc95e77068abb10f3db4ebd0c71ae5dbf15d99174889c
SHA512 eded97ed79f84916e5727f83e170f3999478df537bebe39767c49a3bedf4c86cd5bc3dcfd5d767559b9333ce9e06bddeceb96469e5a70eaae47145a838438f56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4b5ca8380dfae3d7a150e704b9bba4c1
SHA1 2aa9c57a7280e34c9f6a2e6628b34686bc7f28cb
SHA256 79a4000d25db821f10e39468a990544952cfd69b6edda603e35f82740efa65e1
SHA512 7c47709191fdfa58b855a29a4795e195e2032603aac09a0093e267cc94c42d5390cf96006ce38f421781db29494fce8ab504b8e11f163a53943e2632a3fc2cca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7afe93b419cee3b0a2659489dd529858
SHA1 020fc868866dfde78c48050bbb2ab18ec479abe7
SHA256 beee79485c892ed54f601fe6dfd783489fd6885dcc2153e7a6383dff67e6a270
SHA512 a8749bbfb8785dcc640e5e916eaa676392ea7c4c5c9662563e0ac56f5fd94a4b9ca4e8c48b8010033062b1e9e8d89e2b1f82c2d2368e91ab0a8f7495f2baa925

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Setup1.jpg

MD5 68a1281e48b64b5b03a0681dedbe299b
SHA1 5517bf03ce935c1f99413ea129ab2607a8211cbe
SHA256 0df7427241bbc3a55906173a510e1c6ffe4d78201310ed8e20c7951ca2b5a967
SHA512 4e3cde544c06f6c3c22419ef1807f8251f49c35787a8028ae78c821b37addfabf4274b9154ca794833f3fd01fde50fc634485949270f1684a886bf3bc42d6273

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\botva2.dll

MD5 619bf9ddcb5fe39ee9e5b0167e7f4f0d
SHA1 6da8c0d2407d5221172765b00452efa0f361902f
SHA256 609661a14733f6e9c2c2f2ff9c274f8a4cbedaff4dd32049aa5161f8d7083d6a
SHA512 a89fc731805e83f889f408fe3fea769d0e44faf1e1dd37d3569bbf57a6086b1ffc8783778e0be8236447c7661c44051b2d4b1d3a643f7ebc35f6ef0625c6897a

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-srep.dll

MD5 9e1e200472d66356a4ae5d597b01dabc
SHA1 8d93246907a422d2333697cfe999cd9aeaea764c
SHA256 87df573ac240e09ea4941e169fb2d15d5316a1b0e053446b8144e04b1154f061
SHA512 dd16e9c0831e72d19b1bf1431a2c8c74bcc183cfa16f494b5f11f56168209948744e0add7f2afe62db7f34adddf940fd570e28d60bebf636e07f57a0bf0346cc

memory/4940-13830-0x0000000073D80000-0x0000000073D87000-memory.dmp

memory/4940-13831-0x0000000073D70000-0x0000000073D77000-memory.dmp

memory/3240-13834-0x0000000140000000-0x0000000140057000-memory.dmp

memory/2884-13835-0x0000000000400000-0x0000000000442000-memory.dmp

memory/4940-13841-0x00000000021F0000-0x00000000021F1000-memory.dmp

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Binaries\XNA\Localization.dll

MD5 e8b656130fa9dce610b1eae202fe9e27
SHA1 13417fc0970cae646d4f87eb799005e078029dd0
SHA256 6bd60d0d782dc20a2382bb46ee3bcf6208e39d3e10aafabd4cdaa6cdf6b060f9
SHA512 72e703c86f76d68b4bbbc68f42b0e284be99f53ac0ac87cc83960b8c8316d2eb546691610694dbd2043612213fd9c60d79844ed9726e2f5c6f272013c44d273b

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\gamemd.exe.manifest

MD5 6a953af579e6a4841876c9fa8646a703
SHA1 b94e303187f91c88242b0613f5ffd9b695b42479
SHA256 96e4face378b27559eddcbacaff6953c9a21ac6498bccaabd510c7973b4c6dbf
SHA512 53cfe06aff54dcdf5c692c5d410fb49810d9674097e062932d04f7ad2f318f5f06ca50418b715d3b59cf483499d9a14a2ce9623fd3bd49593fb14e80243b2c01

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Allied Theme\scoreviewerpanelbg.png

MD5 465ea8b30414ce8ed4efea2f594c7c4b
SHA1 fbb28071dacfc08b39648a0f16b62d7464155239
SHA256 cfad749fbcec2fadedc6f47289e9679defacfac386125bc88643ed1275518eaa
SHA512 2f50a6e32ef06f72e520bcd0f55ce5f4db759eae5bddfb8f6089ba2733e0c2a3399397f4a18ca6f0b9bab2e459276d8306e09603ad1128d83ee3552b5fd557ce

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\50percenttransparent.png

MD5 cfa3dcc306163d917639a5736b1301d5
SHA1 76aa04711ee2bfe28a7734e9e852e9837ea3a4b5
SHA256 26fa0ac644a37cbcf0e9f1b422db23938f721bad6b7aa5d12b1b4db955956773
SHA512 87994429c7458ee818f0a860cc89286ab529a2d176534be63a3d5be8f7ee7a07d9c470d90a94a75e88b439075994b887ee8927df43fa4e3254c20e86e32c1491

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\missionselectorbg.png

MD5 2cb7c0ba9ccad51f8530b4bcd8779c14
SHA1 596a1e21c9a8b1dd113d9b4eb725db765235058f
SHA256 492ebce231800b1f856e6a8aa72410c7b9395f7aa448048075e914e899c158dd
SHA512 fe9182ceb5176aa8e25aeaf301bd654616307f42d1c6c6948b7744070f3dea63125b658e629c7e0851502b5bc58d3ac28cbd0f37d6d6c09f9f3b0bd090aa987f

memory/3240-16661-0x0000000140000000-0x0000000140057000-memory.dmp

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\racbl.png

MD5 48de5f08c53051c75efdef99284f2cb9
SHA1 f99010dc9c225e8e7adf36bb6f205276bbd56d31
SHA256 3980b11eeb1d5243cef031b446dadf7083209b4e3750932a55d1af1700c79fc5
SHA512 ea02dc65bcae906032a46fe87875f6d0540e0af4df489a36768a19b267df6dd48a4ecc583a2e8f789c31300eaf86974b878e6f4d727d86d7114b28938ad37f18

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\racbr.png

MD5 d8ebfd67f4dc32c22b2f653265dde147
SHA1 10c3e7106a4d9ae83def7842ce763265bccdbc65
SHA256 d9cd2d383b3105411b673e2d199bc69605f8703b903f181cfd42e310634b2f9c
SHA512 a7a21d75436f086d149ee037720973681587b8985dee048aef4babbc8919dfce4819b2c1cd56e2a2bf19f22121514980dc2e1b8ac9bfe4b7163d91d2a2e03efd

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\sbBackground.png

MD5 203dc203345c2e54568175f3ba429a29
SHA1 0e0f8665425375dc57ac1de92e9459933cd37731
SHA256 7454675ded65a1008e4afef24e386fa8685b544935516003e7412d4e43bd950f
SHA512 f9ad976c722a1f6a2dd83c968618d98225f598dacbdd06ef3def9639456a720e05e7266aa0d1a8469ab55327fd6eb18a5f4ce65835e72c47ee0e4e40f6f01b0a

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Uninstall\unins000.exe

MD5 81d15eaf6db69ed0fc7f7db22b66bb31
SHA1 36280044dbd6377871409486c4d8e97f8602d766
SHA256 e69b8b6c725d5c540d2b3d9327029d4ba74b53f2f3a538c32692aad8317d811d
SHA512 ba38265b645672486bf912632aad1b54676eb7e015ce543bd3d33ef7d2cfc6e2569e1469d4302f2f91dc8e06c6a5f99fcc0a12b486ee3c4f5427144433e5207a

C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Light.png

MD5 5036fbdd45fec2ad2f18c0fa51a584be
SHA1 83c012dd5808248e27b611ad921d729e230cfaf7
SHA256 9813c13b925ca95d4038c827e5efa1bf6c00aed41c65b7e7d5907ddf68866847
SHA512 7c554d62e09410c4ae9a6cc02102ec618a35e93c2c74cb59b26e9c5d0bc4eee68a12c051c30cbef1c7c6ea5730e67ec551a3548834f1251e01bbb4bd561e7736

memory/2884-17115-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 ff0b6fc73358bd0eaecd4a123a6d3367
SHA1 720ac34756ab8f053b8b286bd0ac2d9dac9e96d4
SHA256 65f8e74664f855f037de0332d100cf2b7edbaa298f7b6f0dc833d46fde8bb7fa
SHA512 d8a00b2585183c1c4ac03dbed04b652808a3431637490fa56b9767c3b4826223e82d8478a98c1fcabea8d265773e7ca4659bbe43f30e7c8a058d85d391839053

C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\Icons\Icon.ico

MD5 70b70c2dc30119140c6e62ff0e6d2545
SHA1 f766049ac3452231aeac17ea868032424bea2100
SHA256 11e6c8e0aded95a7a794bc2374ead6fc7431cc567c406795655bbfea54c9cfe1
SHA512 3696057f8c4258b7c461ab607ec5b7f171ec78f55b61a3941515d29a8b722c8f23990e87a38fe191d88b6bd12c490f3a5f6a4b886e9e25351439fcfc29c82f48

C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\Images\CnCRA2_R2PLauncher_ENG.jpg

MD5 d3900a5460133249b28cb50f865d6dc5
SHA1 989986e9f5cb796a17004f4abfe5d2ecbcac8c1d
SHA256 332854594368c63650be9883f56e7b3c27e806c53ed2bc7454b1c1cb0e7e3d70
SHA512 b44a67c52e9f2b8e7331b6c3253f4d7a7d7cf5c1f0a7ee6d1b373b04d24c296ec0fb39fed667e3cebc2aa3fabf8a6bd0a32c010921a83b2c51c1ccfc8f6e4249

memory/1208-17183-0x0000000010000000-0x000000001001E000-memory.dmp

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\ra2md.ini

MD5 214eb8b00e14945f98395225afcd228d
SHA1 594def95eb9aa66785533ae71b785d51047dcfa9
SHA256 6c53a8d60318873c192d4726a06983f3b8c5b4aee0c4c5cc2ba740149ab22f84
SHA512 2de9e08700580881f7c5246294cdc3ec05255cc360f347b318d860cf5b03670b0606cc0c5699298cf27c14b5cc60cbf0526c07fe6a0995ab4be13979bc26357c

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\ra2.ini

MD5 8b9439fbf019766c209f2b74ec386828
SHA1 2feab77fa0ed0ab8a8d4c7e1c2fd5544f99636b9
SHA256 7a768c38c53d4ed54a72f61a4a5ebba2dcc534371d100fdaf3d9cd54c0a376a3
SHA512 145d3ebe2debf1ff68cb6b02e4a62862a8f60a395dca60c0446dffd8443bc37f222f76db764a772d40e89f97714295dee64d9ad6a61063415e996450efdfa51f

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\ddraw.ini

MD5 47b96beb9c7b85a42291d35f4847dcd1
SHA1 2d31b004218de51619ec92a86f458d19dcc9c64f
SHA256 392716ffd528120a4992a3b593b0651ff9649da44f2ae888b0cf6205761d90ff
SHA512 f91715e356361c4311ae3263cc9e9ddd0d761a3c4b5863a445755608c2dc8e1eae40475281b5157405cd117d269433db736897e7fd16ad0ec64639904fa89198

C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\R2PVersion.ini

MD5 e949c05c12afffbf08ac25949e74f125
SHA1 cd09149534b214045b1198561071e17d4cde015c
SHA256 bd06f41b50394123758aca3642d8d5e1552f8846d703d70e22cbd68fe9778a5f
SHA512 c0225d9ec520824f0df529a30d68c5b373ef7ec202fe43d39c9500e5bd4d5b815dee6a7bb19539bdb94aa63a475b72d905f87f161df4a15d9de44642332f32ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 128adca544977d8ca600d831d184821a
SHA1 70b8eae85f4b7c6f994cd838cf78593c16c36cba
SHA256 ee3ac097502509411276e9f4e92c62f3a1a745265af7f6ddeb466b30b1f85522
SHA512 90af49733e9bff7746b445f603be033a8e83595a248b08a9502cdb6894b6942bbd0a99b0e929a8bcd48dd1918e1d62577af61e150d913d291b95a8ac8347ce12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 99f7e160e31aabef08c8a6ea2b54b0ff
SHA1 14e540c522a6e9c80bdc84c95d6560aaa0889f97
SHA256 9189cf1f0abd369c30b9fb92e291984f2dde49c89f2917eb18c6d47011cf1cd3
SHA512 d66c54d8bce964443e5a93fa132041d76633dc3163738f4311558ab3a10153f13c532a3b80333cffebdd289799ac5830a8e4165fa17aff0f03a1a056449db0e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 871e85dde2921559a2ce2eb9fe8be01e
SHA1 aedc37b5d076ad9e82c68a3190f56691b257b705
SHA256 ade88084ee248e662cac201fdd2fa8dfd5ab49e76f19f656dce52f69ee37f67b
SHA512 969961765008eb26f817838e694332b0f9c76abcc21137f757c4fae586608386b715bd79bf9638f6ba479b11891a3e8e3bad6f144d6aea45f88c58edbd13c858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 21f345266115edd80b8e1d2acb6cec57
SHA1 f558c62e8fb9874b588aef3a3f1c8f634cc34579
SHA256 96d7edc8b059e36915feb26ff5310e18834d064a7c2d2d6107f55572cc3b1c9a
SHA512 5cf7d94fcc237c74531c2e06ef03db16fcd77b1b6535da93fb0a5b58dd612be6f1a687dab84db1d8091ceab75d5c447179b2cf919b22e8ad5ddc3626ccca01a4