Analysis Overview
Threat Level: Shows suspicious behavior
The file https://yandex.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
UPX packed file
Loads dropped DLL
Checks computer location settings
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in Program Files directory
Enumerates physical storage devices
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 13:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 13:10
Reported
2024-02-23 13:17
Platform
win10v2004-20240221-en
Max time kernel
344s
Max time network
351s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_button_x_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_up.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\sv.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Allied Theme\ractr.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\driver_dialog.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\XMP27MW.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Battle\8_yellow_snow_gardens.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\twitterActive.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_lstick_click_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\gameproperties_general.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\4_copacabana.map | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\2_tubac.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steamclean_danish.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_r1_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_up_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Qt\libfreetype-6.dll | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Soviet Theme\GameInProgressWindow.ini | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\2_sahara_le_v301.map | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Mod Maps\Oil Island\8_oilisland.map | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Allied Theme\160pxtab_c.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Taufr08.wav | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Tauir02.wav | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\bump_paper_n.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\icon_steam.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_button_x_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Soviet Theme\GenericWindow.ini | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\amazdelt.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_spanish-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_swipe.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Battle\8_tour_of_egypt_4v4.map | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Transylv.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_right_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_soft_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\UseOfflineModeChosen.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\ucrtbase.dll_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\CnCNetLobby.ini | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\Standard\mockcrocs.map | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Taubr02.wav | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\btnDisRight.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_click_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_touch.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rb_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\locales\fi.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_l_click_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l4_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\ssa\eula_japanese_bigpicture.html_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\XValleymw.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\bins_codecs_win32.zip.vz.ab7eb555083e4e6b5db0dd387cbbadf1ab1787fb_3301611 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_left_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_circle.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\c1a03md.ini | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\2_the_path_more_traveled_by_le_precap.png | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Taucu07.wav | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_spanish.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_up_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_x.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_down_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_r4_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\overlay_spanish.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Maps\Yuri's Revenge\xdisaster.map | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Taunts\Tauir03.wav | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_up_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_click_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\ | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\ | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-910440534-423636034-2318342392-1000\{9DE85796-D939-4558-B38B-C78A0D784F92} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 740432.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\sa\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-lolz_x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-srep_x64.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\DODI-Repacks\Red Alert 2\CnCRA2 - Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdff0046f8,0x7ffdff004708,0x7ffdff004718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7792 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=tr_TR" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1012" "-buildid=1705108172" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1705108172 --initial-client-data=0x370,0x374,0x378,0x34c,0x37c,0x7ffdf08df070,0x7ffdf08df080,0x7ffdf08df090
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1648,17139525911620140417,545396578096693998,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1656 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,17139525911620140417,545396578096693998,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1705108172 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2172 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x4ec
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,17139525911620140417,545396578096693998,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1705108172 --steamid=0 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2500 /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8024 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Red Alert 2.rar"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Users\Admin\Desktop\sa\Setup.exe
"C:\Users\Admin\Desktop\sa\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RLI3R.tmp\Setup.tmp" /SL5="$9020A,2171548,227840,C:\Users\Admin\Desktop\sa\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-lolz_x64.exe
"C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-lolz_x64.exe" d - - -idx=00
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-srep_x64.exe
"C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-srep_x64.exe" d - - -idx=00
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dodi-repacks.site/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdff0046f8,0x7ffdff004708,0x7ffdff004718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6152258663967955660,8181335705375372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\CnCRA2 - Launcher.exe
"C:\Program Files (x86)\DODI-Repacks\Red Alert 2\CnCRA2 - Launcher.exe"
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe
"C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe" "SFXSOURCE:C:\Program Files (x86)\DODI-Repacks\Red Alert 2\CnCRA2 - Launcher.exe"
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe
"C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\game.exe" -speedcontrol
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yandex.com | udp |
| RU | 77.88.55.80:443 | yandex.com | tcp |
| RU | 77.88.55.80:443 | yandex.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | 80.55.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.55.80:443 | yandex.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| RU | 87.250.247.182:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| RU | 87.250.247.182:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | yabs.yandex.ru | udp |
| RU | 93.158.134.91:443 | yabs.yandex.ru | tcp |
| US | 8.8.8.8:53 | static-mon.yandex.net | udp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| RU | 93.158.134.91:443 | yabs.yandex.ru | tcp |
| RU | 87.250.251.92:443 | static-mon.yandex.net | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 182.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dr.yandex.net | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.242:443 | dr.yandex.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 36.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.134.158.93.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 87.250.251.92:443 | static-mon.yandex.net | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 77.255.255.5.in-addr.arpa | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | egress.yandex.net | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.211:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 104.77.160.211:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 104.77.160.211:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 104.77.160.211:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 104.77.160.211:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 104.77.160.211:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 211.160.77.104.in-addr.arpa | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| RU | 87.250.251.42:443 | egress.yandex.net | tcp |
| US | 8.8.8.8:53 | 42.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.steampowered.com | udp |
| GB | 104.77.160.211:80 | media.steampowered.com | tcp |
| GB | 104.77.160.211:80 | media.steampowered.com | tcp |
| GB | 104.77.160.211:80 | media.steampowered.com | tcp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| GB | 92.123.128.133:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| GB | 92.123.128.177:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | th.bing.com | tcp |
| GB | 92.123.128.133:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 177.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.oyunindir.vip | udp |
| US | 188.114.96.2:443 | www.oyunindir.vip | tcp |
| US | 188.114.96.2:443 | www.oyunindir.vip | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acscdn.com | udp |
| US | 188.114.96.2:443 | acscdn.com | tcp |
| US | 8.8.8.8:53 | www.indirads.org | udp |
| TR | 193.36.61.68:443 | www.indirads.org | tcp |
| TR | 193.36.61.68:443 | www.indirads.org | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | youradexchange.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 172.217.16.225:443 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 157.240.196.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 172.217.16.225:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.61.36.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.196.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ctrtrk.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 104.21.85.92:443 | ctrtrk.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| US | 104.21.91.188:443 | youradexchange.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | pubtrky.com | udp |
| US | 104.21.8.108:443 | pubtrky.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 92.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.8.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | live.advotoffer.com | udp |
| NL | 34.141.179.97:443 | live.advotoffer.com | tcp |
| NL | 34.141.179.97:443 | live.advotoffer.com | tcp |
| US | 8.8.8.8:53 | enashouse.azurewebsites.net | udp |
| US | 40.71.11.169:443 | enashouse.azurewebsites.net | tcp |
| US | 8.8.8.8:53 | 97.179.141.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.11.71.40.in-addr.arpa | udp |
| US | 104.21.91.188:443 | youradexchange.com | tcp |
| US | 8.8.8.8:53 | feed.cn-rtb.com | udp |
| US | 104.21.73.203:443 | feed.cn-rtb.com | tcp |
| US | 8.8.8.8:53 | sdk.ocmhood.com | udp |
| US | 104.26.7.228:443 | sdk.ocmhood.com | tcp |
| US | 8.8.8.8:53 | cdn.ocmtag.com | udp |
| US | 188.114.97.2:443 | cdn.ocmtag.com | tcp |
| US | 8.8.8.8:53 | t.ocmhood.com | udp |
| US | 8.8.8.8:53 | t.cn-rtb.com | udp |
| US | 104.26.6.228:443 | t.ocmhood.com | tcp |
| US | 8.8.8.8:53 | 203.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| GB | 104.77.160.204:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | 204.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 23.214.154.77:443 | api.steampowered.com | tcp |
| GB | 162.254.196.84:27017 | udp | |
| FR | 185.25.182.52:27018 | udp | |
| FR | 185.25.182.20:27017 | udp | |
| FR | 185.25.182.20:27018 | udp | |
| NL | 155.133.248.38:27017 | udp | |
| US | 162.254.192.71:27018 | udp | |
| US | 8.8.8.8:53 | 77.154.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.182.25.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.248.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.192.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.182.25.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:65430 | tcp | |
| N/A | 127.0.0.1:65428 | tcp | |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 172.217.169.78:443 | drive.google.com | tcp |
| GB | 172.217.169.78:443 | drive.google.com | tcp |
| GB | 172.217.169.78:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 216.58.213.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | drive-thirdparty.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.97:443 | drive-thirdparty.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | drive-thirdparty.googleusercontent.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | drivefrontend-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | clients6.google.com | udp |
| GB | 142.250.187.202:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.200.14:443 | clients6.google.com | tcp |
| GB | 142.250.187.202:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.200.14:443 | clients6.google.com | tcp |
| GB | 142.250.187.202:443 | drivefrontend-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | clients6.google.com | tcp |
| US | 8.8.8.8:53 | drive.fife.usercontent.google.com | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | drive.fife.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.202:443 | drivefrontend-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | ogs.google.com | tcp |
| GB | 142.250.200.33:443 | drive.fife.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | people-pa.clients6.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | clients6.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.135.104:443 | aefd.nelreports.net | tcp |
| GB | 88.221.135.104:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blobcomments-pa.clients6.google.com | udp |
| GB | 142.250.200.42:443 | blobcomments-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.42:443 | blobcomments-pa.clients6.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | contacts.google.com | udp |
| GB | 216.58.213.14:443 | contacts.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 216.58.204.74:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 216.58.204.74:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.74:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | clients6.google.com | udp |
| GB | 172.217.169.78:443 | drive.google.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.14:443 | clients6.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.169.78:443 | drive.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dodi-repacks.site | udp |
| US | 172.67.166.133:80 | www.dodi-repacks.site | tcp |
| US | 172.67.166.133:80 | www.dodi-repacks.site | tcp |
| US | 172.67.166.133:443 | www.dodi-repacks.site | tcp |
| US | 8.8.8.8:53 | 133.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 172.217.169.78:443 | drive.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 854f73d7b3f85bf181d2f2002afd17db |
| SHA1 | 53e5e04c78d1b81b5e6c400ce226e6be25e0dea8 |
| SHA256 | 54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4 |
| SHA512 | de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971 |
\??\pipe\LOCAL\crashpad_1816_PSWJRQZSJMAAXFLE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a65ab4f620efd5ba6c5e3cba8713e711 |
| SHA1 | f79ff4397a980106300bb447ab9cd764af47db08 |
| SHA256 | 3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76 |
| SHA512 | 90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd1583d0b524b532c78cd0df7f8bc77e |
| SHA1 | 4fc7be6c5b0214e0c0ac37657669e5f6ac4482c3 |
| SHA256 | 2a1b4f2f3fa50596a8784352c053f566530131757604a83c265f65d8d911adfd |
| SHA512 | ba82c08d57afb1df9015ec511a6ff097c48265172671fee5b9381d0f5b666f5f45a0b150a78d25a8c11c622e042e9ed63e4f0b33eabb88dcf58040ee88130dc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | de037b703475b0856d8d000c9ab7bb24 |
| SHA1 | 39b4f4c0832687b6f825c873af93761b17ad460f |
| SHA256 | 9bd2c7094e3bd42cf5b2a10b28797ebf60199cfe7baf4c4c461ffd6cac084026 |
| SHA512 | a58b29d50533831e9a4e339dd08abaf9ad22a0b416e223be3a1e563022eea520b60797cf61e0b8e56b4aedf053fd766910fac3279e4bb6730310ef59943d5bff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c533ff37dc34bf2e231f32f6e4d8312 |
| SHA1 | 3515d91a69224486cb2da27b011308352481b07c |
| SHA256 | aed0e67e3e23a7a102990d1e5af0023351909d2969fe46c1c435590ccd8bd177 |
| SHA512 | 3def375aa44d8fd417ad7a0985572dd9949bce2b56d6bc089124ceae049fc7b014ce61b203c618cf5c782d42bb05972c7c67fb9d783eb43aadc8fe9cdfcb1e49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 740432.crdownload
| MD5 | 5b9285776cd12fbbdc48a1d691bd3315 |
| SHA1 | 0af4a8792c9531a04c66372841c14073bbeda44b |
| SHA256 | 73afdd98ff38ab914fa927d62dd546f208954df4c2b9782e263ad2483a01bdcd |
| SHA512 | bdbdfa2ee57bcdb62230d52b22d95e31a79339c71b3e73b225c24a346ad3cb2221b7b1e8da25557d5a778c53a50c0610646b01511d0edbbb2c21b14dec99dc73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | df5029e92ca41e3bb3d719b4e3680650 |
| SHA1 | 95e3a8e2aedd566c25a17b3e1bd9a68c67a0c1aa |
| SHA256 | f3e498a56f66177b30d763834ceae5daa602ea39ee171630d056def1e2fcfa58 |
| SHA512 | 84bab772924261a00f62c8171f4c7ef81792a08d61919c9c83f2ab0139803606179c8db3cef8eee53017ad39ee4adfdf84aea18864717c4a250ded128f1dd8b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5790d6.TMP
| MD5 | 73e9ad38a7584e607bd784e44f52a99f |
| SHA1 | e1e9923a8362c6e273757cb0870a7b6d3c37018f |
| SHA256 | 4e40f2520834b4a227da6ea3c16f80a162017bc6313ff107eb736a974cb09b11 |
| SHA512 | b724691611d82248a60ce0e43c0eb69ed24aedb7fa44940342dcb802d43d12513b1af1025bde0fc74e778bd23fa65c7fb94530ecaa24d3b23d37f25fdec855eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad1a15645b577ed47d4ce5ef4d4b9a24 |
| SHA1 | cbba425e1215482ffc919aee8749c6c99af03921 |
| SHA256 | e714e0101676163c58af24c3e3dbd647848999b06be07a3754561f5be7f664e7 |
| SHA512 | 7183b9a5c3c0809aa959a57ff849ffd639ef58584305f1007a7f048df142c3e38535b4a6619b2bafd563124fe5921285b0c58d4f026e723e4de6fe58c1229b97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bb2cef8384f49d7444b4479fee91f880 |
| SHA1 | 2d50749684d9fb7d3ad409694193f64df49da3fb |
| SHA256 | 8d23485c05b098f57e148ff0ea6801be719d2e8eed4603de6652c7301a13596e |
| SHA512 | c2ac96d3fc5cc84b890c5d588b88f61460e718df25b714d735f91f06d343fa7a76633f258b504006a8ed1ea81eb743f8d9f9d20c713545fb29c774db27a7052a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a363f7403aef0c2cdbb8a1009ebbc67e |
| SHA1 | 6a2e2800091ad46f8af3df433d85752db66663cb |
| SHA256 | 5729317b14e1ee2f456f0c36f5679f219994e5b6df0f6a8a342623e46d0e2728 |
| SHA512 | 53af30a8397848e08c9b3fa3ea2da68a02cf3b4983c40cbd126c438ad0d10848af9d2fb34de72434906452d58f3797149d44f9069e9ee904d4bfa98b087c0237 |
C:\Users\Admin\Downloads\SteamSetup.exe
| MD5 | 2d42e4b028c911abf2aa7fd8f5a0a8ef |
| SHA1 | ec48a05e67880a13f5714e39b222aefeaeb3047a |
| SHA256 | 38ac40ada4e9627eed41e5299203be16ebc30627af2d42985f029fe6c813926b |
| SHA512 | b0d83bdf10e747aa0cb4be55e55c8c7a2d27f10e38841fd10c0846a94d31b338a3886afbc61fe81315472ecc3ff0c4ae43a511c7e081e898e53b35933cf3dacb |
C:\Users\Admin\Downloads\SteamSetup.exe
| MD5 | c080db324792034eafe5ea28c28b511d |
| SHA1 | 9dbf8ed9d6b240a4e8b75d9b1e0543b413d1510d |
| SHA256 | 7c389e4d4406d091d5b3266caf8bb8d3122afd373929bcee733efd272382eced |
| SHA512 | 32cf12c6670d39a4f3ceb8b4f75f59f2edb46b32656ba96d6c775b0cb698191aeaed9cba8ff237a8f2e5e01eb08bcd05c8e011fe238dd4e515531fc9fd92841c |
C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\System.dll
| MD5 | a4dd044bcd94e9b3370ccf095b31f896 |
| SHA1 | 17c78201323ab2095bc53184aa8267c9187d5173 |
| SHA256 | 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc |
| SHA512 | 87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a |
C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\nsDialogs.dll
| MD5 | 0d45588070cf728359055f776af16ec4 |
| SHA1 | c4375ceb2883dee74632e81addbfa4e8b0c6d84a |
| SHA256 | 067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a |
| SHA512 | 751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415 |
C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 9cbf7c737de5ba37f2fd8a3662baf107 |
| SHA1 | 0c1bbb813c0dff4f67385ee419608a6f0ff75896 |
| SHA256 | dd95a7cf8274fdb2c42f0db7da02ddda317ff159a76bd6c167c8116324e94c13 |
| SHA512 | c85d4b4dc68675cf34696a1cde50111fe0a13a577558dd340ccab573791d0f220e65e0b5f9d8645765554855b2897505598e222848e7cc44f254e904fd0e0fa1 |
C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\nsExec.dll
| MD5 | c5b9fe538654a5a259cf64c2455c5426 |
| SHA1 | db45505fa041af025de53a0580758f3694b9444a |
| SHA256 | 7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7 |
| SHA512 | f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa |
C:\Program Files (x86)\Steam\bin\SteamService.exe
| MD5 | da396dcf984ab0b66bb77d8041c0d095 |
| SHA1 | b9b76927ef13e5640ed0fbdcad75beca37251ace |
| SHA256 | 3b1b6400c0185a83378aae68860d365a9580f6f72d3a7e19c2950c63b19ff498 |
| SHA512 | 16c101656776a420a2501b6d00641c71505eb53b7fe077ba0eedbaece78ef33d470c24cf9b918a3591f4981e53c598c8575244ea8bf67b4638bd8ed180d3c40f |
C:\Program Files (x86)\Steam\bin\steamservice.exe
| MD5 | 2de3f7cf6020b3bb6bc4199459a63016 |
| SHA1 | 8a30e5e333a353eb069ab961a4c1918fcbb44623 |
| SHA256 | f649f4a1d41cd442d5e3f079b1677442a2123eb494bda58ef866870b25915d7e |
| SHA512 | 5d1e016c731dd1bfaaf24fde9da4f453f71773a71db956290809eb82064fa0307874cd412be6ad98c4fdbb36e94cd8ae7aa27341aaa1f9f3f9e696afe0cca56e |
C:\Program Files (x86)\Steam\steam.exe
| MD5 | b4411620a3551834e4f699cc5a9b27e6 |
| SHA1 | 5093960cc86613e310d13770b5adef00fe93f3eb |
| SHA256 | 3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04 |
| SHA512 | 47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024 |
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
| MD5 | 8ebd46495dd3b4ab05431c5c771d5657 |
| SHA1 | e426214322a729faddb5bc80053af5750c76683b |
| SHA256 | 70c39d5d5b16640165de19cee80da4a391035108cbc5f5009372a86954f0fe92 |
| SHA512 | 53afd923f583eda4db580935a8cdd62413af8e830c04f2c12d15c55e905c114ec11a5e4483660601504c27e9350e9e47c6432f8f699464e11c5050fe846d7dc4 |
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt
| MD5 | f8a86b74ce3b446e3111d1480b5feaf7 |
| SHA1 | af21c55fd6ac99e65db55af9b8f4ffe790c4382c |
| SHA256 | 8a049b6126e904dcb9ba5d8af21cc0ab25ca55221cf2cd48eea45504fe23083b |
| SHA512 | 70f8009f5940b10b77a6c152c8c73f3dd425fb9ac917014504e8116ef00032888de686271e0262cbe7a55c6e605e837dcfbeb54ece71e49646b1030195fa0845 |
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt
| MD5 | cadd7a2f359b22580bdd6281ea23744d |
| SHA1 | e82e790a7561d0908aee8e3b1af97823e147f88b |
| SHA256 | 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99 |
| SHA512 | 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519 |
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt
| MD5 | 29f9a5ab4adfae371bf980b82de2cb57 |
| SHA1 | 6f7ef52a09b99868dd7230f513630ffe473eddf8 |
| SHA256 | 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f |
| SHA512 | 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a |
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt
| MD5 | 1a537a1d30fba1d3db449a9207b63835 |
| SHA1 | ab6903b4c8d6bd3571960b1218714b8d76b1880d |
| SHA256 | 49b6b664d50a1ae0c732bcfbbdd1db1812ddccf00bcf5f40200f0e7cff5542ee |
| SHA512 | 1215b0d017a6e3ea207edafe8edd500a91a7a971b2f989d8006fa65e475ae32ec00df3e8ec06b4077f64f5b789c536bfb9d8b9945ca0e0731d68e48876bd8459 |
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt
| MD5 | 5c7bc92e0d948e3bba3f26f64a22fe7e |
| SHA1 | bd259397a312bee9b8262058c30e0e354eeea93a |
| SHA256 | 5e6b0978fe8e2d14905f46e089b06681d6dfe76dd0c1551c168171ac4de75969 |
| SHA512 | 8a6e18ce3d38a9658172b1871255a9941c572114137e468f130956c73ff13f282a46074a1dda6404dbdbf317ecdaadf01324194b8f8c081f862037784f4946ba |
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt
| MD5 | b2248784049e1af0c690be2af13a4ef3 |
| SHA1 | aec7461fa46b7f6d00ff308aa9d19c39b934c595 |
| SHA256 | 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690 |
| SHA512 | f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c |
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt
| MD5 | e9b8fccdb78bf9d275b79c75b2ff3e7b |
| SHA1 | 4b549411ed4db0f0a3699e76531353c226b06a76 |
| SHA256 | 41ecfe0ffd6043a66a41bf9ea032712f2d1bbc19b434c6c666a107ee379f21e4 |
| SHA512 | 4ce905a31f3a410712722271abd7e0a9a6c43646b61a321912b4a8e8f6fab68ab69add1d701c501bb069b8ecb65ecaf3bfa9be983933d0234a8c81c24bc6601f |
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt
| MD5 | 56dcf7b68f70826262a6ffaffe6b1c49 |
| SHA1 | 12e4272ba0e4eabc610670cdc6941f942da1eb6a |
| SHA256 | 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f |
| SHA512 | c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt
| MD5 | e04ad6c236b6c61fc53e2cb57ced87e8 |
| SHA1 | e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4 |
| SHA256 | 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e |
| SHA512 | 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331 |
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt
| MD5 | 31bd3d4d8de5af4642b21d586d5ee54d |
| SHA1 | 552bebb93c71cd8acd72558db1810530909fb276 |
| SHA256 | 52f256ded29ce22945b5bc0ef7a227189dfa91da69265ec13283a7067c239071 |
| SHA512 | cea49fc70b18a1294ec7e564ff7f4d1ff7efeb0db1cf1b088da6adcecc282569380f225e9a150d1666c5c1977ba4de0a5d9d667c72cfb8569a50546b978e9132 |
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
| MD5 | eb8926608c5933f05a3f0090e551b15d |
| SHA1 | a1012904d440c0e74dad336eac8793ac110f78f8 |
| SHA256 | 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04 |
| SHA512 | 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a |
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
| MD5 | 9b0b0e82f753cc115d87c7199885ad1b |
| SHA1 | 5743a4ab58684c1f154f84895d87f000b4e98021 |
| SHA256 | 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32 |
| SHA512 | b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df |
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
| MD5 | 5462f47e56b978659ef56f196db013f4 |
| SHA1 | 4749824d4e909369f59217d4980963ff17353f3f |
| SHA256 | cbfbe91d4a4661df814ea447c03f4ca872ef3e27073a1eb746faccbfe75afc8a |
| SHA512 | 5a437968fc06619cf553ced32dba9c7c948f4364f02c8017986e9a4f09e9832b849c7e0567485ca1beba34a258d29b2612ea3ed6045c81777e9a5201139f81a3 |
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
| MD5 | 7913f3f33839e3af9e10455df69866c2 |
| SHA1 | 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25 |
| SHA256 | 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c |
| SHA512 | 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804 |
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
| MD5 | d75580775d67a85353189736222a8878 |
| SHA1 | ccb2275c8f5d119640064fd533ca15f30d93f331 |
| SHA256 | 10720923c1048502c5191d6d1d8580e35e707b24d457941dae94a87371af989a |
| SHA512 | 757dd94a1e3debb2520855a3d00e44e3a98b5764caf9c16c8d088fc1a1f1024eed742f1051635721f4bf2c00d1dac11fd975c09a7f5df78d1863de88f9bbf9fe |
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
| MD5 | 7e1d15fc9ba66a868c5c6cb1c2822f83 |
| SHA1 | bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7 |
| SHA256 | fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265 |
| SHA512 | 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406 |
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
| MD5 | 8958371646901eac40807eeb2f346382 |
| SHA1 | 55fb07b48a3e354f7556d7edb75144635a850903 |
| SHA256 | b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585 |
| SHA512 | 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554 |
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
| MD5 | 18aaaf5ffcdd21b1b34291e812d83063 |
| SHA1 | aa9c7ae8d51e947582db493f0fd1d9941880429f |
| SHA256 | 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5 |
| SHA512 | 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154 |
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
| MD5 | b9e30df8cf272813b121133fcf259752 |
| SHA1 | 16706f982f16d5feb9c808f94b8cfa50c23f5d80 |
| SHA256 | 88919d7be26fb3e06401fc0254733d92fd743ecc56da4177b41613e1f094c3e8 |
| SHA512 | 7beb65c0477b02742741a8ce23557f4f15e8cf1b1ef03a6bbadbf594bdf2cd686d7356d93719111d27b309a10ca75846765a13bb3eb4d0411785dfb13a675fc4 |
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
| MD5 | 395286db3e67a59868e2662c326c541a |
| SHA1 | 716014d76622612a1bde2d4e1744d024f6d0b830 |
| SHA256 | 02e48ee4e10354a2b2741d2e57ef565404753779f847906b5ae5c98ede06c01b |
| SHA512 | 64cdf1e6701ea57474051e338eee74859fc0ff4acd71ee0718a9b8cd698e94a9793c1901b6791fc0fc268c53fbc1e7e2f94ac1024f3f8765bf713954c194b0fe |
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
| MD5 | da69785dfbf494002f108dd73020183d |
| SHA1 | 34bb6061cdf120e7dced0402e588c3f712cf2dc0 |
| SHA256 | 8cce22e7f13486f2bc612dcc8fa31d81038e6084a350fa10299d40c3a7f878c8 |
| SHA512 | db773783b63ed1d66a59272e05304c174b69f85d2838ae8049dffed6b6b30c2011fd9042dd652f9a1733a2b6891870b426cf1985d41921e5360c9b1ae1330e20 |
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
| MD5 | 594be5b10d9f551e551cf20eae0e6dfc |
| SHA1 | 191c20f5cb0c27ecc5a055fa2379694f5e27a610 |
| SHA256 | e350ca62e777da4da6d25885be96d48e7ce3acf021a74f2a4902354a1bf03fbb |
| SHA512 | e27bf6593a177c22e16ddf5a44d82b34b02063645a7fd63943b936028d9c433c89628038768a300c296c2d3bcab2ef6b8532a19f7283952d041865c704f62b0b |
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
| MD5 | 2fe6613e267857982d7df4368c9827ec |
| SHA1 | d520c7427b283e3ff167b850ab15352e46d328d3 |
| SHA256 | 2eba5f3f0b0dbcc2cd69c36c220a2355d1ba3cd67b6e25b5846c80e1604bcac0 |
| SHA512 | cf2fc8978adf54dce5700eda7d8beb4917c89bf5458131171eab95463e1b3a3315770f4baae07e498e8e36a8478f09e27054ca2d06b4542c86d8459360572be4 |
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
| MD5 | 31a29061e51e245f74bb26d103c666ad |
| SHA1 | 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc |
| SHA256 | 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192 |
| SHA512 | f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8 |
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
| MD5 | 03b664bd98485425c21cdf83bc358703 |
| SHA1 | 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb |
| SHA256 | fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115 |
| SHA512 | 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d |
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
| MD5 | 6def4d3cf1453d5fb69d22fca29892a4 |
| SHA1 | 09fe62653e55668de75a9fc5b64949ea81eb4991 |
| SHA256 | 60c29f3c57c44c58daf69be797bfede31967b1ddfc9bb68cb7ddaa0acda67c8c |
| SHA512 | ee4f3f5dd8a8aadde9cff8f8aca8a45fa419c36fd8a4a7d3af9b71e1f7e5d9e1d01c329c70e6da53238822b536e35224e55004bf2e1af4ec17d5b56ccfc58549 |
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
| MD5 | 239c03a3dc1c27993da724736d086cef |
| SHA1 | ff88246f8ea3502873dcbdc622378f006c58a2e6 |
| SHA256 | b387e2fb971297d3438acca130c53dfdd202ae2ca5b52d6503333734cda4fbfc |
| SHA512 | 656922e8f2dec46ef36efba5c85088c47b02e89f62b27559611fcbe6ef85c6cd8462a4532e2d2d7f4faa977ab24f0de6f5f72e3075f8889db9e6e60baa162a32 |
C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nsmFD8C.tmp\StdUtils.dll
| MD5 | 98a4efba4e4b566dc3d93d2d9bfcab58 |
| SHA1 | 8c54ae9fcec30b2beea8b6af4ead0a76d634a536 |
| SHA256 | e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48 |
| SHA512 | 2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d33917e8a7c4bb5b8df7393355bb56b |
| SHA1 | 5e85b5a85fde67f044f83c59d5e56eff62d3d5ef |
| SHA256 | 493acbd01766970d5ca8af20ad5f3bb4e4faed916929f795258ae7433d4e323e |
| SHA512 | 6ab88a4f9f5e2f4a3d800ef92798c476fe2d4c332e372df7eab94b88805fce23d5a3a3f995bbee0c47aafc83e46f0f031fff45554476450c05c81fe51c08339c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fb553297134966aeac20fbc59249a7d9 |
| SHA1 | d279a98760b4ad92eb7f859270ee8f60a95f18e0 |
| SHA256 | 4fb4e647616b2a87b7f0655de33d8da8c4796b10c348cf8add793803eee673de |
| SHA512 | 58eb6ea32a64291b87a0043162b3d6d19982c5975cbd6aaab43ba70b21ddcb52dbc0c5e19574a68476076b077fc7331ab7e49e41dfab5eea6976431086926098 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 77ff617c311cea1836480f71f3d80ead |
| SHA1 | 74a49b97281fd2b104ddc991bedd367d8a2a3cd1 |
| SHA256 | f1583e7661ca87c9011ebce26cc0d5b49ce4938f750805ad4e35216b9cae26d4 |
| SHA512 | c0f46cde8b75abff1350980cd4777168b0e5f5d94a60b321aeeacc8826015db172dcb683fb5b86cf27ce3a06bbcb6991e0ba4d31ae4589c1e0e4285992cfae3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21db6b5fe031fe07d4a04bf31b2fa3ff |
| SHA1 | 961288dc1028e8a3d9b9ab8a5fc2cf1eb9643db1 |
| SHA256 | 249217f49bc763e19aec9167664aa2d61bfb03cfa31e77d40994c0f4ca65ef54 |
| SHA512 | cc5f48db9c83ac797d833aaf16a0658980016b9c5fa0c7bf8b7fa109d5bc8d4449dff073f80dd0818e117d6da77bb98701a17146428f88e2fa3277cdb9581a9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43c1271cabf0aa48ab993eef3c6d07f7 |
| SHA1 | 853279f515923561d8634d5077f333665448b32a |
| SHA256 | 6a369d86b4d03d434749557378aedf0ef368e684d58d3289d557fb5c83c5b6c4 |
| SHA512 | abeda0d90be876e99af3f633c4afa8168ebf0bb69275dae0669acdf4f20127d6673ab25727c0186a7a62bce4c4edad8545851d148bb0758af0abc2c07f7b9f32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa73b343b07db336ba6caef2e089fc5d |
| SHA1 | 5563cc6e72ea86dad2ffd2a5ce1c3cdb6dace68e |
| SHA256 | ba65345ddf802c64aecfc09626c83e830a457a9c79388d04d4a3a3d39dd79cc9 |
| SHA512 | a17dff694e767e62e1e6702496cd5827db6c658bcb0f34475af4872e684b3ee123fd25224e350d85df986707b05ec216563c39a7c3401e8691621b211289276c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e7c8381a9834d8577d48b8a71405af1 |
| SHA1 | 5dcd831c13b4078994c3d36030c699b6bef96964 |
| SHA256 | 7ac801bc9be83830f78d6e42e64d001d734490150fc0e2bcda0156a24fa95837 |
| SHA512 | 989a87e16aaaee40a67310bca147a0bceaf03476d881af566ff82b3096671879cda0cf15417931fe81b4afe69962e968538547e9d38d4a96ea5fe4c336bbb1b4 |
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e14ff6bc105c9726b18109c8d559458 |
| SHA1 | 5782c31f78ae2d828a90e24833af406f8a83a2b6 |
| SHA256 | 44fc07d6db4ef635da48570ec6e138a197e9c3c3cc9105542222968749c58988 |
| SHA512 | 7c489c701bca29306c99b1e9b84a431a1c52b1192a7d354ab68486643403d4c113d4a259c8fedb2cbe8797c6019b262437a498dd264a808c6842ee85336df75d |
memory/440-13165-0x0000000000930000-0x0000000000DA6000-memory.dmp
memory/5156-13171-0x00007FFE0C5F0000-0x00007FFE0C5F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4741d595a58d4a483ebc13165827f84c |
| SHA1 | 1b2b110a31689eeab685b904b1bec31341cb01da |
| SHA256 | e123d82ec0f3674f1080e4f8e0d05abc6fb0a924b12cd58cfab7ef05690039c0 |
| SHA512 | 7cbe04a2f950d8a3fc33edec4139cacb85a9bfface159e398b82a9898d916549662134f6e72600034e66232c95aa5f71ae68848282de3b4d9572a4a04842ab33 |
memory/5276-13194-0x00007FFE0D670000-0x00007FFE0D671000-memory.dmp
memory/5276-13195-0x00007FFE0DC10000-0x00007FFE0DC11000-memory.dmp
memory/5276-13237-0x0000017FB34B0000-0x0000017FB351B000-memory.dmp
memory/5276-13238-0x0000017FB3520000-0x0000017FB35CD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d6ff6e2778733a7356d3e1ec84df329 |
| SHA1 | c30599d979433cff63151db10f330a436e254a01 |
| SHA256 | 1dc0e10ce8fbfaa86727ae85d8b6bc84ebf95af6150328734732235335ae1ed8 |
| SHA512 | 9e44c40c0ef80f1d3fa5d08e9329c1b3a71553c3c9db05cc544a78c4d417c50583615c15c8a13968582ff62fa8ddf13d66205ef632a092c0a9d730358bee30d0 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 69fb0b60b374c2f840a241fb3592f369 |
| SHA1 | 6b1f4ed024d77066dc02cdae7c085e7cdea497a9 |
| SHA256 | 083a0ae159f9850f0b60722e9f699b38948467ae0fc486d2a90d3681a2d424c4 |
| SHA512 | 4323d3b9c36fc1b8e5ac50da96fe9e90534456b566aec96acb1bf15706e15c902cd2763450f4bd7a5d9aca69ea75843b42ac8df39d3f39dbf11e295f2d58302c |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe596f2b.TMP
| MD5 | 9595dba186960bcef5b83f617e364f08 |
| SHA1 | 4ffc4ddbc654d33a437a40dceaf11dd84cb7e826 |
| SHA256 | e24b6a6ad311f26769b7276dc2790f4d966d1bc5b4f04a48252f31b1b2c5d835 |
| SHA512 | 4fa3cc8d5b797e2c0841a47e31b60cbbbe3fee1c372fdcb86e58eb33ed42f3ee052edea397677d8d7ba9f71dc66edec0dcbb16e5e6b809480abe705cec5626ee |
memory/5156-13302-0x000001861BD40000-0x000001861BDED000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f102ecec714a5096d99dac1b271defc1 |
| SHA1 | e918e1ab8021c1d59fedb48a76944eab6924b3d4 |
| SHA256 | 614d8865e4381f7549bd4d2c8aafbeeb1bb6b29c8d0d013260830474013a703a |
| SHA512 | 4982227f5e039c1c9cb333e5a10a2de8e31974cf4967e6af2c723a2ddfc221d718be4fa699dd482ccfdf4abef99c20376e837a8ead80cd85b2d302459ddad54f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 24398d743f350f3dac3c28e6749f1815 |
| SHA1 | 7622cb49ef8cbe31ede054ef15674bc4e223a614 |
| SHA256 | 61c22755d5c6e984fc4cf92edcc2e07d07566f99d768f7760726dc9e0593d364 |
| SHA512 | 1402cfcacd0eec31271fc9482f99ddc88f5d12bd21063352ae7f2ced513414d9bda76e292289ddf5196e9691d059d72e72dac1805be6d353daaa80a1fab5912d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8
| MD5 | 2fd093ba1ab6fcafe1263c686eb129f9 |
| SHA1 | 7563a8b8c9893d8c55831dedd07f7327a94f3d8e |
| SHA256 | 74767429c47b573025cded7b094046c1a9eb158ac529a128e6578392f1016d09 |
| SHA512 | 9c84430718600bffeafc1f817ea32921fe255f2064c363b2ee62df54c36bc93b3ca056e865b899f72a693e710654f42d6d9efac1bc4c15a52b06a35423ca24bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6c422bef9a7f9542a7bfdf733b89afbf |
| SHA1 | 228f2781f28028575fb33b943cbc033152a1fa4d |
| SHA256 | ff1c445adac5e0279b63e4d419a78ff881e5e3fdc0bd8f2fa9c653b9098edb84 |
| SHA512 | ef364f903c988015927b08fb6a1c487f18add34204acebc575daa72ee18ddb00178ffc515feb20872ed6822cba009f3a9c242ed634fa9e83d29acca880ebaad4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0cedf6523576d98a4748aa53a3ef8b58 |
| SHA1 | 7c4ee68cb53163161780d3599d96b79d76b77f23 |
| SHA256 | 8fb3d5b880d9c137548975cf4f2a85cd1bc3054ac08f0f84658bec9b95f27e07 |
| SHA512 | 254a6d1075d2587f3e1d6bae817cdc35ae240f83276640f015e3ee7440f056c0178df82f15b729e1d6321406baa9a085fc66a58bef4cf5843b1cf38e9127e21d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e2ba367df56338dabdb000910cf951e5 |
| SHA1 | d720dec64facaf43f0d8a0fb485fee5fd6863e92 |
| SHA256 | 82072a0364961e452f37915b34fe437b7813092eb0527364f5ef7b0ce4347518 |
| SHA512 | 6c439dd6fc9520f7229590df9333547727b698252d0cf0c7ca0093dc43372cada23304124e013721ae3626fe684e3bc87bd4b9e6a1759e8411ade93736facd75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 57dedef511d95974e1eb27cfa50ac5c0 |
| SHA1 | b78ffc6addc82dd67e84f041038aadf34e342e38 |
| SHA256 | bcb81777efcbf399a4b9de4400d5dd884b74492b98e4208608ae0ff19c7c813e |
| SHA512 | 7127f5c8e0ada5925fbc4558cfc22d20f103b4609b1c94a3ad9070979fd01efd80463fa08834abac1029271d09eef1fba9c3090df6a2e44fbc6d559b38273c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19967d1d161a4c17704df4c228022730 |
| SHA1 | 81fe3e004494c7bc2277b3281b04e9ed18d112d7 |
| SHA256 | 8ef34f99bb02508e380e363f1a2abb60347a237ccea46cd866dbd7c647a8c12a |
| SHA512 | aba91e028b6ba03898b9b5182eb4ab11d5c32bfe65c3817f24c5a80313b95340a8f497395b2a7e98846fc147f565e5006c5befabc0db2ed504f658bc0e2e4a57 |
memory/5912-13551-0x000001F16D440000-0x000001F16D450000-memory.dmp
memory/5912-13567-0x000001F16D540000-0x000001F16D550000-memory.dmp
memory/5912-13583-0x000001F175B00000-0x000001F175B01000-memory.dmp
memory/5912-13584-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13585-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13586-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13587-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13588-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13589-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13590-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13591-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13592-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13593-0x000001F175B20000-0x000001F175B21000-memory.dmp
memory/5912-13594-0x000001F175750000-0x000001F175751000-memory.dmp
memory/5912-13595-0x000001F175740000-0x000001F175741000-memory.dmp
memory/5912-13597-0x000001F175750000-0x000001F175751000-memory.dmp
memory/5912-13600-0x000001F175740000-0x000001F175741000-memory.dmp
memory/5912-13603-0x000001F175680000-0x000001F175681000-memory.dmp
memory/5912-13615-0x000001F175880000-0x000001F175881000-memory.dmp
memory/5912-13617-0x000001F175890000-0x000001F175891000-memory.dmp
memory/5912-13618-0x000001F175890000-0x000001F175891000-memory.dmp
memory/5912-13619-0x000001F1759A0000-0x000001F1759A1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0c8f30c28725f0e48f5918614d2ecd55 |
| SHA1 | a9bd4ef1a35442f42c19d2dfb6295d774f788492 |
| SHA256 | 21a1056ebcbbb2478f565b489a9a940defc51a06e773792b6f15b1bbc6ccaabc |
| SHA512 | 2bb64a07582d7c6d08d7a6ea169590a033e5977dec674ad81f739813f16e454249159ed1cbad0e10528276e415121aad665705fdc6698f6ad7b7fc87bb4736d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bad8ef8bd77fe1cd0cb0e092659b3387 |
| SHA1 | 099acc8a4b1c2d4a6a50a3ee6ad7bbb2d8000ddc |
| SHA256 | a3ba7786c8ad62b245ebfbc5da72c72cd5c33a3aa6de51d85dc56a62e6523819 |
| SHA512 | 888d8ebadf1086ac93fa79803a6ad6d6d29ead3e0ea9c743fa4828b9ff82f96176ca6b070df52a56425e9d0d5302198bf4c5f87803643190ac786bc3ff8ce484 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 156a2a44ca1bde23db0367fa8050bb78 |
| SHA1 | ed7b968f8ee2929dd202da353f0eb17d5f23ebf9 |
| SHA256 | 5efb4947e34aed4a2579a701e86c5ade04dce072b8e4ca55610f32d254a353a2 |
| SHA512 | 0413014ff94ef1eb08ca81e5100996925c6d85a0a97339efea448fb29985970c0903ea85afec58c734628e54faf7574ae7264d0d617e41a10f502fc7b93244c2 |
memory/2884-13669-0x0000000000400000-0x0000000000442000-memory.dmp
memory/2884-13671-0x0000000000400000-0x0000000000442000-memory.dmp
memory/4940-13674-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/4940-13681-0x0000000003240000-0x00000000032B7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Autorun1.jpg
| MD5 | 5bad9e83f49a33e93412c4cf050343a8 |
| SHA1 | 3d4f208d9c09bb00d05d4a5912f9f3a5c31accff |
| SHA256 | 1a279c613d0f75799034773002895ddf9eadc15c22996ae36664679759266ac8 |
| SHA512 | fe4392332bec8e2d8c2860f268ea208522082186d63ac6dc650c508131028773d73f93c23a328c7d60f93edcb4607de54f64e4a030134862bbd96343632d2638 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Dark.png
| MD5 | 185d31c702a861fd7026c693513eb3fb |
| SHA1 | 4857cba77bce860ee34df70d2ed06ac51958b53f |
| SHA256 | 56e1b926b344ef760fea6a4fd862e066ea5295f7e5671fc7c0d1f1bc148e2009 |
| SHA512 | 9cabac5d73a9dada0d809fdfbbb552c105d0de975a545fef70322b8c86b001691af6e2dc58e980343342a953bed12d91553dc253928cd6357836b6aaf5efb8e4 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Install.png
| MD5 | 3a104b9ff4b59bba6dc3b30114c5b31b |
| SHA1 | 3a03ebe2b3ff5d4bac88355c82a86da3bb30cfde |
| SHA256 | 1a72008c2393b330c3a9e05bcba070e538d9d5078767adc49a86a05473226ced |
| SHA512 | 8d4d985d5003b2b7739c9f5549b8ea143adcfa78188fea45de49a73f82dd1e88709ef35a62bdcfdf360a1d3face0cb40fb8ff782d15f5081127dd6121a7e0289 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Uninstall.png
| MD5 | 1dbec7e15bb3fe912ea362c7f5305cb8 |
| SHA1 | 8ee2dca3f834cd7809dd50681bb432fa17f982f6 |
| SHA256 | 43bfe50a575e87237abe4f65eee18b23e667c0a6c9fa1fd6fc2176948edfa527 |
| SHA512 | dc46536df17a17410a4aa2b6afaee9a620612e23498d009e766411bf2d17c87da0ac3b3f5a950375c34f4355f6b2924dfdc99c52102e1e702fd55f29333fc55f |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Exit.png
| MD5 | 91f97aa4b051e7b2991e5456d2c8655b |
| SHA1 | 901dd406613f3e97d8d6141bb061b242a3b5fb4f |
| SHA256 | 0ff3fbfbb177d5ffc8b577f821a91f9d39f13f5f548f9570c12cb85ccef526e3 |
| SHA512 | b664f7aff75308d416c9e479bbd9a9b840816d41fb1dc218187c01636e443c4c7976a635459f626f971961c89d0b8e3c91bb0d61940e487a36179437fb0aa296 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Tile1_Icon1.png
| MD5 | bb562c499c7bebaf0c0b0869f3833538 |
| SHA1 | 4de593260cc4833ee3f903e122b39cd346bb1439 |
| SHA256 | 5a497b1f9789ff32c31c033d660e45bf0a2f543a5a7b5e96e3cf4cbedbdbcf4f |
| SHA512 | 648fe2673dfcb1c679a7f0d9b2c39c5c1166efffdfa473d8bb517d2a7b12733297f8ac30e3b4bb1d6c3bac9d45eebe2199d8db1529dbfaf3f4640c42a60808a2 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Tile1_Background.jpg
| MD5 | 5e25fc73867c51bb749fa958b7c04fdf |
| SHA1 | 7c670bca631e94b46b33f50f1b8ec9d9d203898e |
| SHA256 | 36cf201c5171646a151b7ff5518078d6068f5437b52557784e4163a8e87a13a1 |
| SHA512 | e49b15ca8c190eb45a3920f87d652ef9ede95c1b68d48d99e8445373f875d5991fd1320106d2d2130d51484852ade59348b343296be285e127a2d18c3bbbaab4 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Lockscreen.jpg
| MD5 | 5802eb61062a24708cd8604246b35b34 |
| SHA1 | 596700a486cda97f1d9f2cb02d68b5e982fbe014 |
| SHA256 | 022c65cd46557602ad1fb1f4a0cf7fa3a0f8c8883c79c6a1b39a18d8fad27cf5 |
| SHA512 | 07b1c77739b9450a90dc03f071e960d29bf085d3951369a9af1aa05fa5d4678db726d2baab1e2f7a9eba3c2709de358b4cf910acbef4bc24e0a831947bf956f7 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\logo.png
| MD5 | a8c0b36fd2754dec770bb5de8abba77b |
| SHA1 | e7fb461044217186053ad089f5ba42811be96dd5 |
| SHA256 | 425db45e29d376d84c1b35035e841ab706d69b6a03848dc9a221c6bd53d58f37 |
| SHA512 | b94abaf615c7aecd37d20b218f35f7314e3357513474d7944ad8043a9d26508ae6e1e98cb497f7bfb4e5ca8c8b53a4f1a1b0b8310aedeb7b3dcb434924149b3d |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Lockscreen_overlay.png
| MD5 | f5f4fe2b811e5a07ae1184579cf36557 |
| SHA1 | 9ae1594e259f1aa06734c8653796596113f2d08b |
| SHA256 | d66bbf3a8d5f5890c3dbc95e77068abb10f3db4ebd0c71ae5dbf15d99174889c |
| SHA512 | eded97ed79f84916e5727f83e170f3999478df537bebe39767c49a3bedf4c86cd5bc3dcfd5d767559b9333ce9e06bddeceb96469e5a70eaae47145a838438f56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4b5ca8380dfae3d7a150e704b9bba4c1 |
| SHA1 | 2aa9c57a7280e34c9f6a2e6628b34686bc7f28cb |
| SHA256 | 79a4000d25db821f10e39468a990544952cfd69b6edda603e35f82740efa65e1 |
| SHA512 | 7c47709191fdfa58b855a29a4795e195e2032603aac09a0093e267cc94c42d5390cf96006ce38f421781db29494fce8ab504b8e11f163a53943e2632a3fc2cca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7afe93b419cee3b0a2659489dd529858 |
| SHA1 | 020fc868866dfde78c48050bbb2ab18ec479abe7 |
| SHA256 | beee79485c892ed54f601fe6dfd783489fd6885dcc2153e7a6383dff67e6a270 |
| SHA512 | a8749bbfb8785dcc640e5e916eaa676392ea7c4c5c9662563e0ac56f5fd94a4b9ca4e8c48b8010033062b1e9e8d89e2b1f82c2d2368e91ab0a8f7495f2baa925 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Setup1.jpg
| MD5 | 68a1281e48b64b5b03a0681dedbe299b |
| SHA1 | 5517bf03ce935c1f99413ea129ab2607a8211cbe |
| SHA256 | 0df7427241bbc3a55906173a510e1c6ffe4d78201310ed8e20c7951ca2b5a967 |
| SHA512 | 4e3cde544c06f6c3c22419ef1807f8251f49c35787a8028ae78c821b37addfabf4274b9154ca794833f3fd01fde50fc634485949270f1684a886bf3bc42d6273 |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\botva2.dll
| MD5 | 619bf9ddcb5fe39ee9e5b0167e7f4f0d |
| SHA1 | 6da8c0d2407d5221172765b00452efa0f361902f |
| SHA256 | 609661a14733f6e9c2c2f2ff9c274f8a4cbedaff4dd32049aa5161f8d7083d6a |
| SHA512 | a89fc731805e83f889f408fe3fea769d0e44faf1e1dd37d3569bbf57a6086b1ffc8783778e0be8236447c7661c44051b2d4b1d3a643f7ebc35f6ef0625c6897a |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\cls-srep.dll
| MD5 | 9e1e200472d66356a4ae5d597b01dabc |
| SHA1 | 8d93246907a422d2333697cfe999cd9aeaea764c |
| SHA256 | 87df573ac240e09ea4941e169fb2d15d5316a1b0e053446b8144e04b1154f061 |
| SHA512 | dd16e9c0831e72d19b1bf1431a2c8c74bcc183cfa16f494b5f11f56168209948744e0add7f2afe62db7f34adddf940fd570e28d60bebf636e07f57a0bf0346cc |
memory/4940-13830-0x0000000073D80000-0x0000000073D87000-memory.dmp
memory/4940-13831-0x0000000073D70000-0x0000000073D77000-memory.dmp
memory/3240-13834-0x0000000140000000-0x0000000140057000-memory.dmp
memory/2884-13835-0x0000000000400000-0x0000000000442000-memory.dmp
memory/4940-13841-0x00000000021F0000-0x00000000021F1000-memory.dmp
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Binaries\XNA\Localization.dll
| MD5 | e8b656130fa9dce610b1eae202fe9e27 |
| SHA1 | 13417fc0970cae646d4f87eb799005e078029dd0 |
| SHA256 | 6bd60d0d782dc20a2382bb46ee3bcf6208e39d3e10aafabd4cdaa6cdf6b060f9 |
| SHA512 | 72e703c86f76d68b4bbbc68f42b0e284be99f53ac0ac87cc83960b8c8316d2eb546691610694dbd2043612213fd9c60d79844ed9726e2f5c6f272013c44d273b |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\gamemd.exe.manifest
| MD5 | 6a953af579e6a4841876c9fa8646a703 |
| SHA1 | b94e303187f91c88242b0613f5ffd9b695b42479 |
| SHA256 | 96e4face378b27559eddcbacaff6953c9a21ac6498bccaabd510c7973b4c6dbf |
| SHA512 | 53cfe06aff54dcdf5c692c5d410fb49810d9674097e062932d04f7ad2f318f5f06ca50418b715d3b59cf483499d9a14a2ce9623fd3bd49593fb14e80243b2c01 |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Allied Theme\scoreviewerpanelbg.png
| MD5 | 465ea8b30414ce8ed4efea2f594c7c4b |
| SHA1 | fbb28071dacfc08b39648a0f16b62d7464155239 |
| SHA256 | cfad749fbcec2fadedc6f47289e9679defacfac386125bc88643ed1275518eaa |
| SHA512 | 2f50a6e32ef06f72e520bcd0f55ce5f4db759eae5bddfb8f6089ba2733e0c2a3399397f4a18ca6f0b9bab2e459276d8306e09603ad1128d83ee3552b5fd557ce |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\50percenttransparent.png
| MD5 | cfa3dcc306163d917639a5736b1301d5 |
| SHA1 | 76aa04711ee2bfe28a7734e9e852e9837ea3a4b5 |
| SHA256 | 26fa0ac644a37cbcf0e9f1b422db23938f721bad6b7aa5d12b1b4db955956773 |
| SHA512 | 87994429c7458ee818f0a860cc89286ab529a2d176534be63a3d5be8f7ee7a07d9c470d90a94a75e88b439075994b887ee8927df43fa4e3254c20e86e32c1491 |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\missionselectorbg.png
| MD5 | 2cb7c0ba9ccad51f8530b4bcd8779c14 |
| SHA1 | 596a1e21c9a8b1dd113d9b4eb725db765235058f |
| SHA256 | 492ebce231800b1f856e6a8aa72410c7b9395f7aa448048075e914e899c158dd |
| SHA512 | fe9182ceb5176aa8e25aeaf301bd654616307f42d1c6c6948b7744070f3dea63125b658e629c7e0851502b5bc58d3ac28cbd0f37d6d6c09f9f3b0bd090aa987f |
memory/3240-16661-0x0000000140000000-0x0000000140057000-memory.dmp
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\racbl.png
| MD5 | 48de5f08c53051c75efdef99284f2cb9 |
| SHA1 | f99010dc9c225e8e7adf36bb6f205276bbd56d31 |
| SHA256 | 3980b11eeb1d5243cef031b446dadf7083209b4e3750932a55d1af1700c79fc5 |
| SHA512 | ea02dc65bcae906032a46fe87875f6d0540e0af4df489a36768a19b267df6dd48a4ecc583a2e8f789c31300eaf86974b878e6f4d727d86d7114b28938ad37f18 |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\racbr.png
| MD5 | d8ebfd67f4dc32c22b2f653265dde147 |
| SHA1 | 10c3e7106a4d9ae83def7842ce763265bccdbc65 |
| SHA256 | d9cd2d383b3105411b673e2d199bc69605f8703b903f181cfd42e310634b2f9c |
| SHA512 | a7a21d75436f086d149ee037720973681587b8985dee048aef4babbc8919dfce4819b2c1cd56e2a2bf19f22121514980dc2e1b8ac9bfe4b7163d91d2a2e03efd |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\Resources\Yuri Theme\sbBackground.png
| MD5 | 203dc203345c2e54568175f3ba429a29 |
| SHA1 | 0e0f8665425375dc57ac1de92e9459933cd37731 |
| SHA256 | 7454675ded65a1008e4afef24e386fa8685b544935516003e7412d4e43bd950f |
| SHA512 | f9ad976c722a1f6a2dd83c968618d98225f598dacbdd06ef3def9639456a720e05e7266aa0d1a8469ab55327fd6eb18a5f4ce65835e72c47ee0e4e40f6f01b0a |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Uninstall\unins000.exe
| MD5 | 81d15eaf6db69ed0fc7f7db22b66bb31 |
| SHA1 | 36280044dbd6377871409486c4d8e97f8602d766 |
| SHA256 | e69b8b6c725d5c540d2b3d9327029d4ba74b53f2f3a538c32692aad8317d811d |
| SHA512 | ba38265b645672486bf912632aad1b54676eb7e015ce543bd3d33ef7d2cfc6e2569e1469d4302f2f91dc8e06c6a5f99fcc0a12b486ee3c4f5427144433e5207a |
C:\Users\Admin\AppData\Local\Temp\is-V0MM7.tmp\Light.png
| MD5 | 5036fbdd45fec2ad2f18c0fa51a584be |
| SHA1 | 83c012dd5808248e27b611ad921d729e230cfaf7 |
| SHA256 | 9813c13b925ca95d4038c827e5efa1bf6c00aed41c65b7e7d5907ddf68866847 |
| SHA512 | 7c554d62e09410c4ae9a6cc02102ec618a35e93c2c74cb59b26e9c5d0bc4eee68a12c051c30cbef1c7c6ea5730e67ec551a3548834f1251e01bbb4bd561e7736 |
memory/2884-17115-0x0000000000400000-0x0000000000442000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | ff0b6fc73358bd0eaecd4a123a6d3367 |
| SHA1 | 720ac34756ab8f053b8b286bd0ac2d9dac9e96d4 |
| SHA256 | 65f8e74664f855f037de0332d100cf2b7edbaa298f7b6f0dc833d46fde8bb7fa |
| SHA512 | d8a00b2585183c1c4ac03dbed04b652808a3431637490fa56b9767c3b4826223e82d8478a98c1fcabea8d265773e7ca4659bbe43f30e7c8a058d85d391839053 |
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\Icons\Icon.ico
| MD5 | 70b70c2dc30119140c6e62ff0e6d2545 |
| SHA1 | f766049ac3452231aeac17ea868032424bea2100 |
| SHA256 | 11e6c8e0aded95a7a794bc2374ead6fc7431cc567c406795655bbfea54c9cfe1 |
| SHA512 | 3696057f8c4258b7c461ab607ec5b7f171ec78f55b61a3941515d29a8b722c8f23990e87a38fe191d88b6bd12c490f3a5f6a4b886e9e25351439fcfc29c82f48 |
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\Images\CnCRA2_R2PLauncher_ENG.jpg
| MD5 | d3900a5460133249b28cb50f865d6dc5 |
| SHA1 | 989986e9f5cb796a17004f4abfe5d2ecbcac8c1d |
| SHA256 | 332854594368c63650be9883f56e7b3c27e806c53ed2bc7454b1c1cb0e7e3d70 |
| SHA512 | b44a67c52e9f2b8e7331b6c3253f4d7a7d7cf5c1f0a7ee6d1b373b04d24c296ec0fb39fed667e3cebc2aa3fabf8a6bd0a32c010921a83b2c51c1ccfc8f6e4249 |
memory/1208-17183-0x0000000010000000-0x000000001001E000-memory.dmp
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\ra2md.ini
| MD5 | 214eb8b00e14945f98395225afcd228d |
| SHA1 | 594def95eb9aa66785533ae71b785d51047dcfa9 |
| SHA256 | 6c53a8d60318873c192d4726a06983f3b8c5b4aee0c4c5cc2ba740149ab22f84 |
| SHA512 | 2de9e08700580881f7c5246294cdc3ec05255cc360f347b318d860cf5b03670b0606cc0c5699298cf27c14b5cc60cbf0526c07fe6a0995ab4be13979bc26357c |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\ra2.ini
| MD5 | 8b9439fbf019766c209f2b74ec386828 |
| SHA1 | 2feab77fa0ed0ab8a8d4c7e1c2fd5544f99636b9 |
| SHA256 | 7a768c38c53d4ed54a72f61a4a5ebba2dcc534371d100fdaf3d9cd54c0a376a3 |
| SHA512 | 145d3ebe2debf1ff68cb6b02e4a62862a8f60a395dca60c0446dffd8443bc37f222f76db764a772d40e89f97714295dee64d9ad6a61063415e996450efdfa51f |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\ddraw.ini
| MD5 | 47b96beb9c7b85a42291d35f4847dcd1 |
| SHA1 | 2d31b004218de51619ec92a86f458d19dcc9c64f |
| SHA256 | 392716ffd528120a4992a3b593b0651ff9649da44f2ae888b0cf6205761d90ff |
| SHA512 | f91715e356361c4311ae3263cc9e9ddd0d761a3c4b5863a445755608c2dc8e1eae40475281b5157405cd117d269433db736897e7fd16ad0ec64639904fa89198 |
C:\Program Files (x86)\DODI-Repacks\Red Alert 2\Game\R2PVersion.ini
| MD5 | e949c05c12afffbf08ac25949e74f125 |
| SHA1 | cd09149534b214045b1198561071e17d4cde015c |
| SHA256 | bd06f41b50394123758aca3642d8d5e1552f8846d703d70e22cbd68fe9778a5f |
| SHA512 | c0225d9ec520824f0df529a30d68c5b373ef7ec202fe43d39c9500e5bd4d5b815dee6a7bb19539bdb94aa63a475b72d905f87f161df4a15d9de44642332f32ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 128adca544977d8ca600d831d184821a |
| SHA1 | 70b8eae85f4b7c6f994cd838cf78593c16c36cba |
| SHA256 | ee3ac097502509411276e9f4e92c62f3a1a745265af7f6ddeb466b30b1f85522 |
| SHA512 | 90af49733e9bff7746b445f603be033a8e83595a248b08a9502cdb6894b6942bbd0a99b0e929a8bcd48dd1918e1d62577af61e150d913d291b95a8ac8347ce12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 99f7e160e31aabef08c8a6ea2b54b0ff |
| SHA1 | 14e540c522a6e9c80bdc84c95d6560aaa0889f97 |
| SHA256 | 9189cf1f0abd369c30b9fb92e291984f2dde49c89f2917eb18c6d47011cf1cd3 |
| SHA512 | d66c54d8bce964443e5a93fa132041d76633dc3163738f4311558ab3a10153f13c532a3b80333cffebdd289799ac5830a8e4165fa17aff0f03a1a056449db0e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 871e85dde2921559a2ce2eb9fe8be01e |
| SHA1 | aedc37b5d076ad9e82c68a3190f56691b257b705 |
| SHA256 | ade88084ee248e662cac201fdd2fa8dfd5ab49e76f19f656dce52f69ee37f67b |
| SHA512 | 969961765008eb26f817838e694332b0f9c76abcc21137f757c4fae586608386b715bd79bf9638f6ba479b11891a3e8e3bad6f144d6aea45f88c58edbd13c858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 21f345266115edd80b8e1d2acb6cec57 |
| SHA1 | f558c62e8fb9874b588aef3a3f1c8f634cc34579 |
| SHA256 | 96d7edc8b059e36915feb26ff5310e18834d064a7c2d2d6107f55572cc3b1c9a |
| SHA512 | 5cf7d94fcc237c74531c2e06ef03db16fcd77b1b6535da93fb0a5b58dd612be6f1a687dab84db1d8091ceab75d5c447179b2cf919b22e8ad5ddc3626ccca01a4 |