Malware Analysis Report

2025-03-15 00:49

Sample ID 240626-nhkmwasdmc
Target https://store.steampowered.com/about/
Tags
defense_evasion discovery persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://store.steampowered.com/about/ was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery persistence privilege_escalation

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Drops desktop.ini file(s)

Checks installed software on the system

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Program Files directory

Enumerates physical storage devices

Access Token Manipulation: Create Process with Token

Suspicious use of SetWindowsHookEx

NTFS ADS

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies system certificate store

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 11:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 11:23

Reported

2024-06-26 11:34

Platform

win10v2004-20240611-en

Max time kernel

600s

Max time network

607s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/about/

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\osu!\osu!.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\osu!install.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Steam\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{5395C4F6-4CBA-4844-A4A2-9E478951585C}\.cr\VC_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{2162D712-D866-4E46-84B4-CE73E8428EEF}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\x64launcher.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\x64launcher.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\x64launcher.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\x64launcher.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\osu!\osu!.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\osu!\osu!.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\osu!\osu!.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_lg.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_triangle_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_up.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_r_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\kn.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\1289310_icon.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\bump_paper_w.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lb_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_norwegian-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2_half_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_x_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\4k\Editor\note-hitobject-1.png C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_sc_schinese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_rb_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rb_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_button_options_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\api-ms-win-core-handle-l1-1-0.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\dumps\metadata C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber12.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_swipe_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_y_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\DialogCheckForUpdates.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_9999.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_touch_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\1580130_icon.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0030.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_l2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_polish.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\downloading\980610\System.Threading.Channels.dll C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0403.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_plus.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lt_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_up_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_ring_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_xbox360_gamepad_joystick.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_edge_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_x_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\steamapps\common\Quaver\Logs\network.log C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_danish.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0130.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\osx_max_down_new.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\downloading\980610\System.Console.dll C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_touch_doubletap_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\ssa\eula_french_bigpicture.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\1070910_library_hero.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\7k\Editor\note-holdend-3.png C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_swipe_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOffRight.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_triangle_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_l2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_r_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\228980_library_hero_blur.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\c4.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_button_view_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\70_header.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0323.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0318.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p4.svg_ C:\Program Files (x86)\Steam\steam.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Steam\steamservice.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\ = "URL:Quaver" C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\shell\open\command\ = "\"C:\\Program Files (x86)\\Steam\\steamapps\\common\\Quaver\\Quaver.exe\" \"%1\"" C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\URL Protocol C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\URL Protocol C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\DefaultIcon\ = "C:\\Program Files (x86)\\Steam\\steamapps\\common\\Quaver\\Quaver.exe,1" C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\ = "URL:Quaver" C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\URL Protocol C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{BDBA87BD-6EB5-42E6-873B-B6D002B5B9C5} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{18D7A1C3-10C2-4ABE-A1B6-ADA55A1895F3} C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{320E5FDC-737F-4481-AFF9-8BF3C86C0C28} C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\shell\open C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{8BC29288-5B91-44CA-B146-395577753713} C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\DefaultIcon\ = "C:\\Program Files (x86)\\Steam\\steamapps\\common\\Quaver\\Quaver.exe,1" C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\shell C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\URL Protocol C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\quaver\ = "URL:Quaver" C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 C:\Users\Admin\AppData\Local\osu!\osu!.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\Downloads\osu!install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\Downloads\osu!install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\Downloads\osu!install.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B C:\Users\Admin\AppData\Local\osu!\osu!.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 232226.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 142967.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Steam\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{5395C4F6-4CBA-4844-A4A2-9E478951585C}\.cr\VC_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{2162D712-D866-4E46-84B4-CE73E8428EEF}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1912 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 5536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/about/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb53f46f8,0x7ffbb53f4708,0x7ffbb53f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=14004" "-buildid=1718904662" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffba3faee38,0x7ffba3faee48,0x7ffba3faee58

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1672 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2188 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ac 0x4fc

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2552 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3676 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4344 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4280 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4716 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4292 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4024 --field-trial-handle=1732,i,17872694798025548766,8555059668648326500,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=14004" "-buildid=1718904662" "-steamid=76561198934396786" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffba3faee38,0x7ffba3faee48,0x7ffba3faee58

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1676 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2244 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2528 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3636 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3208 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3216 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3136 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4460 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3924 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3860 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1808 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4700 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4820 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4816 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4376 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4956 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Common Files\Steam\steamservice.exe

"C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /installscript "C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\runasadmin.vdf" 980610

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\Microsoft Visual C++ 2015 x86.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\\vc_redist.x86" /q /norestart

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe" /q /norestart -burn.unelevated BurnPipe.{CF71A155-E5BD-4554-B679-EE71BD5159A2} {4F8AED9E-8242-4DB9-A504-B211B17EBDA3} 11488

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\Microsoft Visual C++ 2015 x64.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\\vc_redist.x64.exe" /q /norestart

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe" /q /norestart -burn.unelevated BurnPipe.{624BDC6F-7890-4418-A95C-512F94B77744} {0F5F00EA-F859-4353-81BC-C05E1D64306A} 13976

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\Microsoft Visual C++ 2017 x86.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\\vc_redist.x86" /q /norestart

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe" /q /norestart -burn.unelevated BurnPipe.{23F1F322-9FF3-4297-9301-872E2F4F166D} {27B71693-1859-484B-BD08-796FA72A415A} 13468

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\Microsoft Visual C++ 2017 x64.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\\vc_redist.x64.exe" /q /norestart

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe" /q /norestart -burn.unelevated BurnPipe.{19CEAFC1-42C8-4E1D-96E7-9E9FCE9BB9C7} {A8CC8F87-0616-4638-93C4-56D890447CF8} 7220

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x86.exe" /q /norestart

C:\Windows\Temp\{5395C4F6-4CBA-4844-A4A2-9E478951585C}\.cr\VC_redist.x86.exe

"C:\Windows\Temp\{5395C4F6-4CBA-4844-A4A2-9E478951585C}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe" -burn.filehandle.attached=728 -burn.filehandle.self=732 /q /norestart

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd" "

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe

"C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\\VC_redist.x64.exe" /q /norestart

C:\Windows\Temp\{2162D712-D866-4E46-84B4-CE73E8428EEF}\.cr\VC_redist.x64.exe

"C:\Windows\Temp\{2162D712-D866-4E46-84B4-CE73E8428EEF}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe" -burn.filehandle.attached=584 -burn.filehandle.self=572 /q /norestart

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=5064 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe

"C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe"

C:\Program Files (x86)\Steam\bin\x64launcher.exe

"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 11c8 -hthread 1270 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll

C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe

"C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe"

C:\Program Files (x86)\Steam\bin\x64launcher.exe

"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 1528 -hthread 1564 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll

C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe

"C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe"

C:\Program Files (x86)\Steam\bin\x64launcher.exe

"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 15bc -hthread 1158 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll

C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe

"C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe"

C:\Program Files (x86)\Steam\bin\x64launcher.exe

"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 1080 -hthread 1304 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2116 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=76561198934396786 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1668 --field-trial-handle=1736,i,18095914785336336353,7590287729885509121,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6360" "-buildid=1718904662" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718904662 --initial-client-data=0x35c,0x360,0x364,0x338,0x368,0x7ffba41aee38,0x7ffba41aee48,0x7ffba41aee58

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1676 --field-trial-handle=1732,i,13735632023384721772,1474290065258274137,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2240 --field-trial-handle=1732,i,13735632023384721772,1474290065258274137,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2552 --field-trial-handle=1732,i,13735632023384721772,1474290065258274137,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718904662 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1732,i,13735632023384721772,1474290065258274137,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,15325310554548205950,9727382194542371407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8

C:\Users\Admin\Downloads\osu!install.exe

"C:\Users\Admin\Downloads\osu!install.exe"

C:\Users\Admin\AppData\Local\osu!\osu!.exe

"C:\Users\Admin\AppData\Local\osu!\osu!.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Users\Admin\AppData\Local\osu!\osu!.exe

"C:\Users\Admin\AppData\Local\osu!\osu!.exe"

C:\Users\Admin\AppData\Local\osu!\osu!.exe

"C:\Users\Admin\AppData\Local\osu!\osu!.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 store.steampowered.com udp
US 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 136.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.97:443 shared.akamai.steamstatic.com tcp
BE 23.14.90.97:443 shared.akamai.steamstatic.com tcp
BE 23.14.90.97:443 shared.akamai.steamstatic.com tcp
BE 23.14.90.97:443 shared.akamai.steamstatic.com tcp
BE 23.14.90.97:443 shared.akamai.steamstatic.com tcp
BE 23.14.90.97:443 shared.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 96.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 90.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
BE 104.68.92.92:443 steamcommunity.com tcp
BE 104.68.92.92:443 steamcommunity.com tcp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
BE 23.14.90.74:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 23.63.101.170:80 r11.o.lencr.org tcp
BE 23.14.90.74:443 cdn.steamstatic.com tcp
BE 23.14.90.74:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
GB 88.221.88.8:80 test.steampowered.com tcp
US 8.8.8.8:53 8.88.221.88.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
N/A 127.0.0.1:53941 tcp
N/A 127.0.0.1:53940 tcp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-maa2.steamserver.net udp
US 155.133.225.21:27034 ext2-maa2.steamserver.net tcp
US 8.8.8.8:53 ext1-maa2.steamserver.net udp
US 155.133.225.20:27020 ext1-maa2.steamserver.net tcp
US 8.8.8.8:53 ext2-bom2.steamserver.net udp
IN 155.133.224.23:27020 ext2-bom2.steamserver.net tcp
IN 155.133.224.23:27033 ext2-bom2.steamserver.net tcp
IN 155.133.224.23:443 ext2-bom2.steamserver.net tcp
US 155.133.225.20:443 ext1-maa2.steamserver.net tcp
US 8.8.8.8:53 ext2-sgp1.steamserver.net udp
SG 103.10.124.123:27034 ext2-sgp1.steamserver.net tcp
US 8.8.8.8:53 ext1-sgp1.steamserver.net udp
SG 103.10.124.122:27032 ext1-sgp1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 21.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 23.224.133.155.in-addr.arpa udp
SG 103.10.124.122:443 ext1-sgp1.steamserver.net tcp
US 8.8.8.8:53 ext7-hkg1.steamserver.net udp
HK 103.28.54.173:27037 ext7-hkg1.steamserver.net tcp
US 8.8.8.8:53 122.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 123.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 173.54.28.103.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 142.250.187.206:443 tcp
NL 209.85.226.10:443 udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.226.85.209.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 216.58.204.67:443 tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
N/A 10.127.255.255:27036 udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 199.252.19.2.in-addr.arpa udp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
GB 88.221.88.34:443 cdn.steamstatic.com tcp
GB 88.221.87.176:443 steamstore-a.akamaihd.net tcp
GB 88.221.88.34:443 cdn.steamstatic.com tcp
GB 88.221.88.34:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 avatars.steamstatic.com udp
GB 88.221.87.176:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.176:443 steamstore-a.akamaihd.net tcp
GB 88.221.88.56:80 avatars.steamstatic.com tcp
GB 88.221.88.56:80 avatars.steamstatic.com tcp
GB 88.221.88.56:80 avatars.steamstatic.com tcp
US 8.8.4.4:443 dns.google udp
US 184.25.193.136:443 store.steampowered.com tcp
US 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 34.88.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.87.221.88.in-addr.arpa udp
US 8.8.8.8:53 56.88.221.88.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 184.25.193.136:443 store.steampowered.com tcp
BE 104.68.92.92:443 steamcommunity.com tcp
BE 104.68.92.92:443 steamcommunity.com tcp
BE 104.68.92.92:443 steamcommunity.com tcp
BE 104.68.92.92:443 steamcommunity.com tcp
GB 88.221.88.49:443 tcp
GB 88.221.88.56:443 avatars.steamstatic.com tcp
US 8.8.8.8:53 49.88.221.88.in-addr.arpa udp
US 8.8.8.8:53 crash.steampowered.com udp
US 208.64.203.140:443 crash.steampowered.com tcp
GB 88.221.87.176:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.176:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.176:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 140.203.64.208.in-addr.arpa udp
N/A 127.0.0.1:27060 tcp
N/A 127.0.0.1:53941 tcp
N/A 127.0.0.1:53940 tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 steamcommunity.com udp
BE 104.68.92.92:443 steamcommunity.com tcp
US 208.64.203.140:443 crash.steampowered.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
N/A 127.0.0.1:53941 tcp
N/A 127.0.0.1:53940 tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 171.87.221.88.in-addr.arpa udp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
BE 104.68.92.92:443 steamcommunity.com tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.88.41:443 tcp
GB 88.221.88.41:443 tcp
GB 88.221.88.41:443 tcp
GB 88.221.88.41:443 tcp
GB 88.221.88.42:443 tcp
GB 88.221.88.41:443 tcp
GB 88.221.88.41:443 tcp
GB 88.221.88.34:443 cdn.steamstatic.com tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.88.33:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 41.88.221.88.in-addr.arpa udp
US 8.8.8.8:53 42.88.221.88.in-addr.arpa udp
US 8.8.8.8:53 33.88.221.88.in-addr.arpa udp
US 184.25.193.136:443 store.steampowered.com tcp
US 184.25.193.136:443 store.steampowered.com tcp
US 184.25.193.136:443 store.steampowered.com tcp
GB 88.221.88.56:443 avatars.steamstatic.com tcp
GB 88.221.88.34:443 cdn.steamstatic.com tcp
GB 88.221.88.34:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
GB 88.221.87.171:443 steamstore-a.akamaihd.net tcp
US 184.25.193.136:443 store.steampowered.com tcp
GB 88.221.88.56:443 avatars.steamstatic.com tcp
US 184.25.193.136:443 store.steampowered.com tcp
GB 88.221.88.56:443 avatars.steamstatic.com tcp
GB 88.221.88.56:443 avatars.steamstatic.com tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:53 cache15-lhr1.steamcontent.com udp
GB 162.254.196.25:443 cache15-lhr1.steamcontent.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 88.221.87.81:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cache7-lhr1.steamcontent.com udp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
US 8.8.8.8:53 81.87.221.88.in-addr.arpa udp
US 8.8.8.8:53 6.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 25.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 cache11-lhr1.steamcontent.com udp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 88.221.87.81:80 e6.o.lencr.org tcp
US 8.8.8.8:53 18.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 cache1-lhr1.steamcontent.com udp
GB 162.254.196.3:443 cache1-lhr1.steamcontent.com tcp
US 8.8.8.8:53 3.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 88.221.88.33:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 steamcloud-london.storage.googleapis.com udp
GB 142.250.187.219:443 steamcloud-london.storage.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 219.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:443 dns.google udp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 udp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.4.4:443 dns.google udp
GB 88.221.87.194:443 tcp
GB 88.221.87.194:443 tcp
US 8.8.8.8:53 194.87.221.88.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 88.221.88.8:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
N/A 127.0.0.1:62192 tcp
N/A 127.0.0.1:62191 tcp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
GB 162.254.196.67:27017 udp
GB 162.254.196.67:27018 udp
GB 162.254.196.68:27017 udp
US 8.8.8.8:53 67.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 68.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
NL 23.62.61.171:443 www.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.138:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 osu.ppy.sh udp
US 104.22.74.180:443 osu.ppy.sh tcp
US 104.22.74.180:443 osu.ppy.sh tcp
US 8.8.8.8:53 180.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 platform.enchant.com udp
US 54.197.182.42:443 platform.enchant.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 enchantwidgets-1358.kxcdn.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 184.2.17.104.in-addr.arpa udp
US 8.8.8.8:53 42.182.197.54.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 www.google.com udp
NL 185.172.149.104:443 enchantwidgets-1358.kxcdn.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.201.97:443 yt3.ggpht.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 104.22.74.180:443 osu.ppy.sh tcp
US 8.8.8.8:53 104.149.172.185.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 m1.ppy.sh udp
US 162.243.70.14:443 m1.ppy.sh tcp
US 162.243.70.14:443 m1.ppy.sh tcp
US 8.8.8.8:53 14.70.243.162.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 osu.ppy.sh udp
US 104.22.74.180:443 osu.ppy.sh tcp
US 8.8.8.8:53 m3.ppy.sh udp
US 8.8.8.8:53 m1.ppy.sh udp
US 8.8.8.8:53 m2.ppy.sh udp
US 162.243.70.14:443 m1.ppy.sh tcp
US 162.243.70.14:443 m1.ppy.sh tcp
US 162.243.70.14:443 m1.ppy.sh tcp
US 162.243.70.14:443 m1.ppy.sh tcp
US 162.243.70.14:443 m1.ppy.sh tcp
NL 37.139.15.128:443 m3.ppy.sh tcp
NL 37.139.15.128:443 m3.ppy.sh tcp
NL 37.139.15.128:443 m3.ppy.sh tcp
NL 37.139.15.128:443 m3.ppy.sh tcp
NL 37.139.15.128:443 m3.ppy.sh tcp
NL 37.139.15.128:443 m3.ppy.sh tcp
NL 37.139.3.23:443 m2.ppy.sh tcp
NL 37.139.3.23:443 m2.ppy.sh tcp
NL 37.139.3.23:443 m2.ppy.sh tcp
NL 37.139.3.23:443 m2.ppy.sh tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 128.15.139.37.in-addr.arpa udp
US 8.8.8.8:53 23.3.139.37.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.19.252.134:443 aefd.nelreports.net tcp
US 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 104.22.74.180:443 osu.ppy.sh tcp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_1912_CWEXFINHZCQAXGVL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b39ed0290decf0d5fdf3e39240ac82a
SHA1 3568897bf7e0d240fd31c2a50f7b5325ff765311
SHA256 190041b89af4dd9627807d31b4f6932ce824085e3bfbb136393c0c8237a4ecbc
SHA512 05091afd8d02dbb3b454c063be3e9e46c9e0417ec0addbaa48c0f58f953dbbc6728f41de8460e0eac12464cf5ddbdb22f1d41abd1145c9c521088f223325ca9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d42c85c4ad9c0fdf81c8e140d35a73b5
SHA1 52f4c0c1f84d0841c1b5da2707c35aaf8f68cf66
SHA256 bcd5f4ea32148439fb50e9d086fdb67d889ecf3058bfdcddfebaad152f294ca4
SHA512 ad3648574e3426f86c4ddb716030b23fdd6f2326805af53433b3d3e473ca2aca6d3ee3e190df4f6fb3c9b023de4ad2ed92f808c83b3506ac25c3d9c12fca5a1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c5c1868f5ed646b910b050362f5abfd
SHA1 3cb6a2381a546c7454af98a8a6099963e21249c4
SHA256 8ddfa3a52aa1e7a7029273885397421a1f7ea43c941e11fccc5cac19da6b609e
SHA512 64d5e19f9b9ec86d16d842d126ae237dcbab3b1581943c36cb14f8304001dd6fe92aa21c691c0faa61f4d860e0119839891f8ed34b9b9c3c4cd3a66e27120b84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2a0c14f6407cd5a45994ceffb258c1d6
SHA1 0181490920c7350823ab9d9133e88618cd9e427d
SHA256 a72dbd861369fd30e07b1f362afd235af76aa459174c2ba30ea8ef165ab797ab
SHA512 bed844afb6a92437b748a5ce5fb3e9e520d906c1e23b7482eaf272e444b4fcd4e08da0959845219aff5c02b6aea52c22335145d3105086938a8a9212c5317972

C:\Users\Admin\Downloads\Unconfirmed 232226.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e17e8af47c08462841cde9e3f28f78dd
SHA1 58dac6bb09b27bc66958db89458cbffa3ec2ba0b
SHA256 c1cbf960287e0af04d5f6b48d9fec091953c03a1c1e2b17517e93263a7a4c333
SHA512 07f94e92b4f5119206d18fb773d9952820101e77a29a37bd7279b9fb8de17e87d39f5c1ce37ac33ef7dee5cd87800eeb31aa8b1b312114cb8ae05d00171d14e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5798b6.TMP

MD5 2cdac1a72e3145b65dab9fe5c1049b58
SHA1 3067878365fb239026488472d25282562bd87227
SHA256 d7e2915ed8fde8b0111ec879600d445a4f7844e79e7a7472b2343e3df73b768d
SHA512 9b9586aeecc32aa10a41f0510fd42694a64f541357c06fd0eb5351f738bf942040d3c09163c2f440d928478ad638e429907d8363cc709ffe9332ce6d75548fc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9c8d59502d6bfdba85958d6432f00f2
SHA1 476630965229c7b4bafedfb1362aca76dde634cf
SHA256 4d9eb7d5ea5dfa5420225cbcc8a80c9abb68847fed40e244760bf0d99daad14b
SHA512 c1698d91f3a217cfc3ea32b5363eb3a18c11947fc2a64630823746add0f8d4e140c14c212d068650d06e4024ecfcce1fad5cfdfdb7c0186960c1dfb592dc8e99

C:\Users\Admin\AppData\Local\Temp\nszD16B.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nszD16B.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f616ebd1c0e24daef9f689720a04c52
SHA1 258c7fe2b21c2ab724f616e9242cc918933bd62a
SHA256 3bcbb58a7626f3cec577cb77e79d87f88719696159fe491720d5ca52af6e4265
SHA512 49651826854c72bd885cff2ececb3260d8e629b3b1034b82a281502104565a7ac5174c28ff6b28dc9afefce5cbee7f4a56649adb47c26a269ad4e2d461b8121e

C:\Users\Admin\AppData\Local\Temp\nszD16B.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nszD16B.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

MD5 f350c8747d77777f456037184af9212c
SHA1 753d8c260b852a299df76c4f215b0d2215f6a723
SHA256 15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185
SHA512 efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

MD5 cadd7a2f359b22580bdd6281ea23744d
SHA1 e82e790a7561d0908aee8e3b1af97823e147f88b
SHA256 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99
SHA512 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

MD5 29f9a5ab4adfae371bf980b82de2cb57
SHA1 6f7ef52a09b99868dd7230f513630ffe473eddf8
SHA256 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f
SHA512 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 53f7e8ac1affb04bf132c2ca818eb01e
SHA1 bffc3e111761e4dc514c6398a07ffce8555697f6
SHA256 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83
SHA512 c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 194a73f900a3283da4caa6c09fefcb08
SHA1 a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA256 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA512 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Users\Admin\AppData\Local\Temp\nszD16B.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9dfa179fc28f694c945772441752064a
SHA1 9e4337965a4fe744541f5d168eebf4423e92d2d0
SHA256 8883bee5f425087a7dcdbdaba7a769ade3a69b10a567f2c6351f79b80b97cfae
SHA512 45cf193f05ccabd4d198f3b7140eaa594f2e02ec62a238f5a1de8701baa12ef41d68b7bddab6a7ff5780f03d1b738390c5d633ee2320e156134820748e4432fe

C:\Users\Admin\AppData\Local\Temp\nszD16B.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Program Files (x86)\Steam\steam.exe

MD5 ce0a74211f43c9aa7e5a1f50d14e893a
SHA1 c3419ef0a20d1afe1d000d5bf35cb640fd3b3430
SHA256 f693a45a4597490203a89534d6fa64da4e886fbdde68911783476aaf543fa796
SHA512 2a5bddd02f5a39138f27a5a68061ae16f99e29c4707279f4e78fff797613580e08347ad18f6b6bbae70b3b208eb475d7f3522663760542ad142c95b63290d3d1

C:\Program Files (x86)\Steam\package\steam_client_win32.manifest

MD5 c1b0eb2527f93eb50c9307c7992a6892
SHA1 2b208a9af9e0de3537bef137a7f2bed01c9d814b
SHA256 919e50219d0d8fcff77805d4029a77b8e71912ab05684dca287545de3835a288
SHA512 1c60d3a523d764a74ab35c5e9c4874291288c5570410f8c6e1c4ca8ed9149b001008ee0c361be4160f057bc725447aa94f9e3100ef7ebac9e29152d102190b37

C:\Program Files (x86)\Steam\logs\bootstrap_log.txt

MD5 2758a4466d89e40e51a9517c51b144d2
SHA1 8ed933418346bcfbd12709c0991f6d884db06654
SHA256 3e9878b3d3449951d5cdd09f46d59bc05d7073dccaa37321623481eb645734dd
SHA512 c6220233dcf2a0f9faa58a251a4e76ed862ae6f4e68fdf437419dc4708deb5c500ea6da7449c786071b9f33738c568cd556ad442008f36350181363be2a1fa7e

memory/4912-12802-0x00000000006F0000-0x0000000000BA2000-memory.dmp

memory/13348-12826-0x00007FFBC2860000-0x00007FFBC2861000-memory.dmp

memory/13348-12825-0x00007FFBC2B30000-0x00007FFBC2B31000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/13944-12885-0x000002AD9D960000-0x000002AD9D968000-memory.dmp

memory/14004-12884-0x000000006FC80000-0x0000000070FF9000-memory.dmp

memory/13700-12890-0x000001BCFC120000-0x000001BCFC128000-memory.dmp

memory/13348-12891-0x0000020728320000-0x0000020728675000-memory.dmp

memory/6916-12892-0x000002DD621E0000-0x000002DD62535000-memory.dmp

memory/14004-12904-0x000000006FC80000-0x0000000070FF9000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe598a83.TMP

MD5 6b3c6aee3b466685230fe93bbe401a1a
SHA1 34abb39b11e1cc99a673204bbea15b37bae34be5
SHA256 ceef59256e95ab469a0d6d4b4fe54a6b8f8ab1acb8e4da234dbe2f4ab3eb4bda
SHA512 c4b687cecba1b21312ff9b5cc73aa497b581704ffe8cb1ca57f3b6d732aede09ff9e73a9ce6c97a19552b18d56e736db286b760b4b490ff047733f74b0d53ea0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 dda916d854f247b1c9a0b32270aae804
SHA1 98814dc01d1f97a4d75c4d2b5dd1aecfd3cb2800
SHA256 8b5e254dd7701c43762a426f954bb024cdb46a76a2bed78587072218ade0980f
SHA512 be54a1af14fdf73fdba9fe7cf91253bb8a27df2ee0942119fd768a41d047ff3da3eb199e310525a23b7efebcb42fc612b7cd21fe2a4deb36261f7d8664f3d00b

memory/14004-12922-0x000000006FC80000-0x0000000070FF9000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 7d793ec3059fa32521da168adca8c25c
SHA1 92c5e890020068f513d342963ea142a1d1c18e67
SHA256 1e87281bb0b35ab7996f1fab5dde0419b0fcbda330b39c01ae59d174827970d6
SHA512 f8404fb47809d0c953ba86b673e7f5d2e9b948778d6e05e42c19a9a79f7ae0b0813a95a80fc858a6c25b1398877459b7a58b08c30d46101348cc32f698ff0288

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe59a994.TMP

MD5 5c1e67134e5b6d0c27e4c323b7df5617
SHA1 06cc51945c2a66d36268a5fe2046731c09a5fa39
SHA256 a4af8a99758a66602f4201fd17f1a4cb86f9e066f6efb55876978e4355387eb7
SHA512 3514f90b27cc1fc928a13c6db94c149f8e473ea9570392e0659bc093324471d206e4f8a9381b622c4565877c41317bcedc7ea913bb47ecfc5877e2af2fc22c3e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe59a9e2.TMP

MD5 813c23a14774d5a1735be76f24b227a1
SHA1 c82f00d61b4f0a9545af675a014c23a4e50ff4dc
SHA256 0d67cc5f593f6740db3adaf6e098ab10cfea6ebaf21617a610dfb777e540b959
SHA512 74e4b34df8205b6dcf6d46cda6a47ca52b5563cdfde1f63f4ed9aa6c210896b550b96bbb9c49d46a2757d46d9d1c52808bda2b9a37ca5fad96c44294a420979f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\ca921aa5-e1e8-43a1-8437-3556f73bf515.tmp

MD5 78d4b9d111498894596c98d59f7133eb
SHA1 fa09c6c97fc214272918c056f5c18c630c5cb990
SHA256 832dc53a6df5fb464fc0afdc3efca25e267518d1a3374f1c610e4d3a8fac81f9
SHA512 b1572927ec5d7dd93b2dcdae90245d9732b883c1c5f0c893f1e6ba5639873aaaaffa7d8f4e103dd40066ca326660f3e8300dcf9e1a68c92a651093fe7f1642d2

memory/14004-12945-0x000000006FC80000-0x0000000070FF9000-memory.dmp

memory/14004-12950-0x000000006FC80000-0x0000000070FF9000-memory.dmp

memory/14004-12955-0x000000006FC80000-0x0000000070FF9000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 701bed905dc41666b8d0d3211d30ee30
SHA1 13cc39cf7fce2eabc3f233b61a69fa0fdf7b00f0
SHA256 4cf6145668a2a404b69bb102c54c4e7eec3a08f36ad08b284e1d73f29f7c97e0
SHA512 8bb7ba8588b99e6d61de68f5960d078df38dcb6370837ab1ac571f6c7344eda8314ef2d1290174a51498323a85c3f3b01b24ad69cadaf6871c20f7b0b1898f77

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 fcd2724efe11cff644a3534c6ead8644
SHA1 939d1b2da6d9e99ca1fddb380b81590ff4b0becb
SHA256 37688fed4574c67cba5642a0b7c6882c082b73a36526e8da109437a418d6ad16
SHA512 9f1e749dcfb756df7722ff3801d31a59bdc3aa9fee659a42a22a301378c683ee388933d99ffee8ec8f776f8ecad412946d72f69580bd696e5ec568f224800a95

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 cf053f66375696e6cefa17360519c5f6
SHA1 01950962a27da5ef11e5960dc29062c30de66bc5
SHA256 4d88a92288bf10b776c850b495fb8ec91370337be150d0df356385c21dd7b4df
SHA512 e351865004ce88fe4d87418013394285196e2dfef923d07f38c8e816ef3369d8b10a5a320da3670a51c19fc854f1ad52099c072ee7ce5f65e078a45cc956210a

C:\Program Files (x86)\Steam\userdata\974131058\7\remote\sharedconfig.vdf

MD5 32524dee5455b73654f5de815b60bf4d
SHA1 161d54888e020dc3b9a8498c2fec89cc1f114b67
SHA256 dc78c9321e6381ab5e4c93b4f8b020a676197a669df1f394cfe37d4d7cb5b57c
SHA512 9860e94314cda2ab131ed2b4d066df1750a86a6ecafb3ce3142866aeb4460b82f70273d0bce3a68701c7d1d56fe019069fcce2f59684001b8b15c5cdf81d746f

memory/14004-13007-0x000000006FC80000-0x0000000070FF9000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 1c93e4b7bf94ee95972303a8ddd19e31
SHA1 4e5a98fbcaeef9b7fc56b77f55c5688851cdc0b4
SHA256 f2de3f1509592e91e35711a3cd63709be8e062775029340a5a3e06124421cc76
SHA512 783c7ec3774e55e389d7dac7cc00b6c3eb4e8ae4f36ea819030a45a1cb72b66b2bd3f9bfe01f44b1239bb52299ffdae8d11e349c1da079da0892559c6edef705

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 21fab4c266ecb42414d0ce28dd0f7219
SHA1 5f6f6e194d019be6db96845439dd477e135f3bec
SHA256 23131ffb9f148112cc448c625263525373ec2051e5dbcaf9d1a1f12b994395a5
SHA512 e9ef1ffd15e7ecaed4f0fd79ec47b5d853b6b45422fada6b01040715c90a9b5cfacc2b391ab041c4e3ec86cbaad44c8e7ad370fc6ed0b02564b91e8ba1367b46

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 315a7bb6dd7bd68e45365ef3ef4e1036
SHA1 892cbca711607aab94c36dc2b6e9601b2086cd01
SHA256 17dd8d4b83af03d62eb5c30c526322e0c386eb0dfa085c8ace5ec3be2e0bf62e
SHA512 0b86294815eb4f433a02f3d25a50b1e6017a670420e3585d593de3d2c2ccf70cf44afac080b501a4f1cc9e38d5a7c1ef0e17a1c1839647892420238be64306e4

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5a4538.TMP

MD5 7062b5d5fc7e66cf0ddefacfe275d45f
SHA1 4b77c873a2cc5a5d6d3281faaa22fa08bd70371c
SHA256 9fde417c60bae05b3dffbe201f47a106353d0cc8a4e34d0eb31d39e9df4ddba7
SHA512 9cda86fefca37c560cb4f7409a6bc14142e15635352558560806f8bdeb49703422f6217ef93e5a834eff7b6f1cfa2d19fc390636828bfafa003e65efbd4c03bd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6a14c20780e53acf9a5521453dba572c
SHA1 2a648c9c8760c7d576f0d9c2c19f52e4abf3507f
SHA256 62b1bc55b3e746b663fc93843dc00fff9cfd5d46c47c6e49d8c9065cab8ca6e2
SHA512 16dfee776f0aebfec1f8d6e9240b200acdf52f8e7f698c1b1da66a739e870762cb85ce44f68d93f2ea079fcb6ade25541a996fd2d41a9f1036724bc9d8016fcd

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

MD5 01764467db166e845c085e795701731f
SHA1 478aaa4b4e329af3b8f04536819b3bbc2466abef
SHA256 99babe73d9cfb196d47de4a24239257366eec3e93b218e28b9465c6cc6fe19f8
SHA512 06ed45105c3a76519b58c20e7998ebaa442575805f0f8a4e25606cbd76679781d4435ce268d4c6277d3dfe4ea618ea87afec72b1c022d48ae48513f555f106d7

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

MD5 009ca439b8e68dbdb83850d51b07c736
SHA1 b8dd1986d15aef3dcba09c954577c780b549c582
SHA256 4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43
SHA512 25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

MD5 61d18907a85f6f263431e335d6ef5504
SHA1 24b135bf8a2e8fed724e0738f823051f87769f54
SHA256 a99f8dae7d1acac74fb32d07cfe0915f38f5bb3bae8b6d8161c3a515c6484070
SHA512 76e327b6cc6e70a8bc3b95e9bfb649eac89616592a8e9f473b574a0584853769f2ad99595de5e9fa85a324d03a5c0f00450a32efc84c5eca0fddff1f079b5ef2

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

MD5 2bd50b0dacbad05eac22b6c6b6b6e407
SHA1 a12677089868c402764e849f7918d8f9459de833
SHA256 a89799daf30a80d4b1096592818707c242feedfe8328ae3fc93039372261146d
SHA512 1f069f71be00279f4aa68f26356c0ff43604265966909f9b845c252fbbb1b19bc2eb785667862fbb07d04e20f13adab9724284d6d3ac32c8587d67d8eccb83ec

C:\Program Files (x86)\Steam\userdata\974131058\config\localconfig.vdf.async14004.tmp

MD5 20fc4f7743483056c56f6ffba6e1b572
SHA1 922e3148804fdc2f885dbea6cbbcd8b1cf3d89ae
SHA256 edfd439bf9eb6757105f8cada2443fd964fee0d17339784ceed5a8a66da6633a
SHA512 a4b1494269bb3ad75fc6260f797694740c15bcfff89c75b7ce2656183fef3dae0989f1823e57a034bb7ebe89e9ac13de0fe19b9128208282e3fc5d008a6fc95e

C:\Program Files (x86)\Steam\appcache\librarycache\1887720_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnCache\data_1

MD5 c7f4cfec278cf34816d92daa122b5be6
SHA1 4308f2caf1284baf5a84f903a9ac6df568b34255
SHA256 0da425b7c3f13b6289f4f3360705cf679bec61b3c81a43ab4a9c446f84f7811e
SHA512 87564a4c9c28ccd9ce51715f576665412c4ac53df2f6917b4c6e8058ad3c6c0023318bce7ec63a44f0081037111baaf1d4152a9007bf81bd54d6454d32a07fca

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Program Files (x86)\Steam\dumps\reports\59d4412f-3424-443b-99ae-2b2b808b7dd2.dmp

MD5 e5a34476f5d58890e2ce9c1231d4a46c
SHA1 365d58197f921ee50cd7fa56cbbbe48e4d5dba45
SHA256 1e5b8890003ff6aa8bd35c5bb29a5d5720e34dd4a7b00395748ec77bdd2824be
SHA512 7fe2b390649ed1475c7d5f0668e7a3779bd09e40de4cb0e0295810f133d83fc38e0807b9d84d03c2f6692b5de6fba367bbc6ba9bd2b96245fafe061024ed4366

C:\Program Files (x86)\Steam\dumps\reports\0522f1a5-324f-4158-bb66-3863bad73d27.dmp

MD5 b0f202f7a255935b696ee6d9f1e1a303
SHA1 c1d9f44151c36a6e272504701c71b52310f5ee2a
SHA256 6099317c10f033bcfd1ac48f450ac7b5b90544605047848745e975593dcc75ed
SHA512 81cc6baca4b589ab4d0ecfda13193d0c702efcf7b652831f53d0712c0759089845eb5411feeb692a873317d5b81507c5ededb18f5370f93e6988480ba4bc8ae7

C:\Program Files (x86)\Steam\dumps\settings.dat

MD5 48c06328fde84a152457edf215f252aa
SHA1 8dbd3cbdda027518026dd171c8a7ac0ec3f6f595
SHA256 ac4ce9cc1384687ecfeb10ce1ef237ca79fa295e4873b95bbf94ea35e1f06363
SHA512 fe4a93d7c08280a7790137fc81596e41c6bac88f51583bbae04a6d71ae18bb22b1cceefba471a4fb99835b53d34a6c68646fc81ffb5e904e80ded0abcc2dbcb3

memory/13904-13354-0x00000291BBD10000-0x00000291BBD18000-memory.dmp

C:\Program Files (x86)\Steam\dumps\reports\26af9a6b-73cf-4a90-92e0-45700feaec47.dmp

MD5 1cd9ee29ae5f0e87731c8edda5906045
SHA1 8fb4322e348a58d589a212d75f983661c38dab17
SHA256 2ba4a7b885b8e3a6c7f389a859b27545ad89e6de5c2c8d20937d5055e8d72733
SHA512 b84d144339b0e2b95f13fb7cac009db763c973faedee2a2a7de031980a1ffb682a56fbb7666711faaf7781a108adbfa992085ce022f91589880143c0f74e74a5

C:\Program Files (x86)\Steam\dumps\metadata

MD5 a15a9b91b2bee3392ec77921bcd927ad
SHA1 8ccd526034a98199f0ae7f186def38d001fd19a5
SHA256 f343507a6a6afa77d5a3b16cb6f84a371889bdd00ecd5ae6bf71fb4596d593cc
SHA512 b412167197e344c3a5fc7a23442a72f6a0fe784b4217136fc632e88035927dd02548de760817dea1c20507e40a5ce591c88829f0c513d4418901b6155c841050

memory/8688-13372-0x00000219FB5F0000-0x00000219FB945000-memory.dmp

memory/7888-13432-0x000001A540A40000-0x000001A540D95000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 ecde1fa1797eb9775191b047ffa254c2
SHA1 40fc84ce220336eac221fc669a67c2b45ccb4d84
SHA256 e9e53fc29597e2c1ce54f5d1d917962e49d1724bd27fde3c3961a0364244ecff
SHA512 639912a6e517224a94d8b80809fc75f49b3c3ceca57c229e80c3719381d145d296c56c390c2882ab7ba4be478ad71b0c91e1c12b996e10a45e79c6b211cb4123

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5a593d.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/2360-13452-0x0000016E88A70000-0x0000016E88DC5000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 bec35aff95ff0fa07398ca157a96bedb
SHA1 1215379ab00b5d346554fabf7c7158874209a76a
SHA256 1fee76b110e11ddda81368d3d5fe65fbefa555aaf4012ac1d71b161ff23d6adf
SHA512 f4069c9de369f837899673774d34c16f07f7d2e34f7b2df2b4591e271c5388fec69f2776f38bfba52f9f3db12bd4d92f80eb927690208be53201786bfcf1512d

C:\Users\Admin\AppData\Local\Steam\cefdata\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

memory/13700-13511-0x000001BCFC120000-0x000001BCFC128000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 b45dc22ac721611de0b58e0d1e68833e
SHA1 193b55d78e859f90b1b6a24a72bf2d2102297381
SHA256 59c436086da66e270dd3fc5edffddb9cba190a8f5971f02e3a92d4a76623fc2d
SHA512 36cdb040735692b2ec497310e2b7b6de8ad8016340d6c454ab7455f62ff47124c97c4fa47debf5345be75f6aa96e02232d47c7e773ce135eca771a91396eb347

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 e19032d5a224ef85d85ad21c6ff5fd86
SHA1 82f3a942304b5aa3732817fabd1eb72739af03d3
SHA256 89f8106249beda98a8ad638542e642bef0f0cc459774532eca836cbe17657925
SHA512 99a3dc74071f219922e9275c795f9eec518eca1349e189797122d0be5ca2705f9200c83d1da54668368949057bd48d2ff39b75f9aed6d78fb013a1e7bce3c41d

memory/13944-13526-0x000002AD9D960000-0x000002AD9D968000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 29db43442b02598fd3cb8be6f9db17dc
SHA1 118f86fc9e810832403f9990467cd8083d830631
SHA256 758ad939a3fe8f8638f7b6c678f5160e6e39dfcc5f9c514b43cbddc28b510150
SHA512 9f5f4f66b97fad6637f8131de925f495948ad4d8dc11c9fb1995780d0785f409d322805f19d74e51bf179e1b05748489c24bb7b7dde42c67c33df3ef5e48f072

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 4de3dfe13f52e55d01ae9f93471c14ad
SHA1 a85d85056514a003e4eb730a449bc6d78c4ad558
SHA256 c5e1823300b10ebc5afc0897f4adaaea65a4703f6c7dcd258e03c4d5b5282862
SHA512 98b4d9b9fc5be5340fb4efb0f76ae124b8b03b0c326d1d0b5937f4ba4e37d2532c7ac48495b9939f19fa384ec5cef4ba9fce704f0c6bfa8b99d93659bc2234a5

C:\Program Files (x86)\Steam\dumps\reports\64131498-1a65-4d4a-9a56-db3c1e33e417.dmp

MD5 4c8141e1e85c3e3d8d78ee15b99a1bd6
SHA1 2158067f0e85b1cc4fca473911f699cdd6507eb9
SHA256 6f5794e44cd00bf1be3db4b572576aae53e0ea07706ca18ada7ab1cb96700187
SHA512 467ccd3c7a65ee96d115781414277cd23852d97feec1584be3d24576925464df7bddd08b3f9f1dd3bbe8f512d9638b549f79695dfd580491a1033efbe2cf857d

memory/14004-13639-0x000000006FC80000-0x0000000070FF9000-memory.dmp

C:\Program Files (x86)\Steam\dumps\reports\4d1272bc-cfa3-4362-90f9-2ff504e43bd9.dmp

MD5 a328a8687e7b09ec36a6675340b99c7c
SHA1 fd4f7556a755208d167398d7a4ef699b9a3066e1
SHA256 0ce8cf10fe34190b80b14b8945964f5ba1a7a687f30fbcf8947cf6ba468ce4d5
SHA512 bc67d85b9c757294d69da64a941562021d6a9f34da14b4333881c289cd73ae661220ff53826a3fff0ba729410e13ea3f62a5831cee8988f648dad9066e147c2b

C:\Program Files (x86)\Steam\dumps\settings.dat

MD5 ffc3d9bfd8d538e74ea58d5e94f84f24
SHA1 4153cdff29604dd58cc8571c3cb9db422aace033
SHA256 d8730b79eb000775da9bb980aa5163cab5772dccd9e364a384b9edd00345680b
SHA512 27ef1972267391e6997d7c88f20eedf3cd9aa56307d7d55bae36be494ea0caa9c120932f2c4dc0ce43b9693781574ad5dbcdaaeecb0181812b068ba7b86939f7

C:\Program Files (x86)\Steam\dumps\metadata

MD5 2ea7f63ed582a6a4aecce971366876f0
SHA1 feeed272d5bbc37d2c2aac07977c4425dd17cebc
SHA256 e51fa67dd642bf7edba01880346fa6c71850c6c12f7630277b3818c008585ebf
SHA512 69826d52c5a49d7399f085a6cfad6fbf6ca10085e6a03e76d14dcf018e27d4222022238a6901b8d00228ed4feb476a6dab15b4d0e2cee75e15def6c4676d6517

C:\Program Files (x86)\Steam\dumps\settings.dat

MD5 7f8aee14be484efa0b595ef06181c3d4
SHA1 904842d53bf33897de4cdef06b5d929b910de39e
SHA256 911d6e63581123507f55745aacfd615ec5621f05a15053948528c756cf8593d7
SHA512 68078db111ea1f88178dd486d8ea8b83c38b23fbac754059013583edbb4fb3413e8fe2a7be060da2036d579b496fed4055dead4135279f1cf08cdded0129c4d0

C:\Program Files (x86)\Steam\dumps\reports\4df2ba2a-93df-4ef6-ab42-10c49b98fb1c.dmp

MD5 1756a2f0147d339ee5617dc24296ad2e
SHA1 834f683d262c188a6a0fc6e02f099a6ce13bce68
SHA256 2d811b4eee975cfc8fb98183212b35d0806fc6d7884d780892de89ed52ae53e1
SHA512 5e520938eb9a5a64acdf25e72e15d27900b66a0815038dc386fce17b74312d17425f90351cf6a8a2b94ffbe61b621d3bb2e736c0dcc86313bb47cf307787b8c8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 fbe0a1967dbbd92da6c6fa71b471973c
SHA1 a954174041b41270a19f2277027facadfb00ba15
SHA256 099e52cff9030c81cb6f09c85282e0cccb7a5e60e941a252de25dc25d15ffc96
SHA512 6b0d6d3c8e5da28ed2a763da0408fa8aab68a69a0a7757bae6c117329d81dce0416b749dee5bd5f1b5a1d3968a570a749958ad434ed6a116add1a43ce01211c8

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

MD5 02c4cc6d759709eba3f82adc2fac19dd
SHA1 769074f793e9913f2921582368b86f0b32269d89
SHA256 1109318670f3f0ed4881ef4d85ec2fbb9fec253df4e67259064af2dec0b97e1e
SHA512 cc73116fcf0f6671458a0cf46577f6c6acfdb53ab01db09fccc04df6196d78551e4b03593cfd034ad0950d0abc587173e74bb734ae62f9dac726eaf959b8e919

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 4960fff8313ef8b410a8a1d58d42d060
SHA1 700bfa9bb5863f031533adaa2fa945a0f24f5909
SHA256 739147b9a1d8a571e941186897dcbebca1f2b8449c5777b7c07c276d9e771a69
SHA512 0980be50b149fa7b990da1999761c32a800967319475ca35ab9a8a5fbec64122e5f38121c705fdb93f095ca7991d3b099da2d94e5ed1f88eec7aae30d6a490fe

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

MD5 029f7cc33ae75fc214f920e50ec8e1ed
SHA1 a9944bb45acaa6ff7481e33d1dae8720e660a0dc
SHA256 7afcb7387ce3e780abf62bbe0fb5746a01f4778d2f05ead46cf1b0380ce7d445
SHA512 e98ca79dc7fe5f16542f5e7d191b87e1081941dc94b39336eb36b5451d8573fb7dd243412af1eb3722c2a7b9147129b9ba2c1487449c27b78f3ce4895eb5c622

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

MD5 6f882cfc18469731fd8ebeca69365f7f
SHA1 78ad386807dbc130b1fbe5e1a97389e1e0e2981a
SHA256 b81ddb468e5604f1b5ddce3c1e15e0298432841752cd6be0c497b05fae7cc346
SHA512 75855a2b09abfab3476fc16b18d996e4a705980a1dc2c4f84688c9b8c7b4c1a6ed0a4dd7f6c57eb28838ba1999012a96253a1288f9445056bb2f7386b2315128

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

MD5 5e756b82b50dec219e8269a4c52929fd
SHA1 c062976413e16d96cdf768fec38b3d6429da3c7a
SHA256 cc436e1a7c6e1b8bce148cac1cd1fc4f0bce0719777ad5e89296d61380630797
SHA512 2bcbc62ccccc4f8fd7143077ed1b6ab3a0891125c6bf99784c1faf7f91ed1d4ba86d480b8a7ae6e24bb82ddeccac6f689860698b5cf1bd42d0bbf24869d88d7f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

MD5 e94d10c66485a94778cb75674f55fe56
SHA1 dcf9b62a7f2b8570a2a7f046c74683c7f91d48c4
SHA256 e4381ebfdafb31c96a5673e6cfce86d1a4adf02c673b763d1b406efb63281dc4
SHA512 adce80b3bcda7b3eca47aec2030da43df89ccb9e2243352cde6948dfbe865ee44a8c28cc72d14b7510fdf6d5150a29894b2e09720af9c2847f78432404d62484

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001c

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001e

MD5 2d64caa5ecbf5e42cbb766ca4d85e90e
SHA1 147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256 045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512 c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000d

MD5 e6e15f63a20a10ba6a821621af2e5da4
SHA1 24c54049f5e069516a99cf59accedd0852bc4731
SHA256 c0258f150582f1e7fef221f62a58053ab3dd01d8b9bc76f2e0a7480fc9155cbc
SHA512 5c28cb5e9119663f5375ddd2c5f6550bc4abeec36d85c0c6c8abceca57eabe4fe0674cef18791bdc23eee26d3ca857dfc93f1ae237c4cec634f9d98e3771ada5

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e

MD5 1a298f0b8f255a50104b69b62ffe77fb
SHA1 6f3fdb1ffd47a5c614b86e85c1422cd30b737d13
SHA256 2e7658fc43d9bc1002bc9413c6436b9d22bc9fcd4871c41e09ac39ec99bfe068
SHA512 a7ad12e72d110514d0950cb70ef74b855a92d636d2d1df7f7fe580e6c0aa3f535b8df7dfb4cd8943cd5df7c1714ab4d0beac202d6736563797bbc8e890ef6c3b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000c

MD5 733b6d1e2c1e70404bbc61e29ab8e04e
SHA1 9c69d4649bea75a9428c1c59bf4f3cc28414e76b
SHA256 5131d2bfe9513a26c1fead6fb2d67ffe56d1be637bd712865e11ba71757f8624
SHA512 7bc7905cd4c68e36539a411a945e1f0f58e6ad61886389316064342e28685bd95f57e2951812c123330954d7d772ffd3827a7bc7fd439445a8a49e5135c9b835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 109b030c345e2764be6993fb367e3dd7
SHA1 574c44bb275024ddf3f1f661989323f5a7360281
SHA256 5e00bac1a08a67d6dd80196bf2559344bbb36547b8b7dcfeea81fa6eb856d00f
SHA512 803593576e6877144840c297dbd7cde993b85cef7dce69ff75bef1452b0f032be0e02d6b22a4fded65873fb518af31a5f16e240048dbe9389001d0750a8f1697

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 61668e338a62890107c6b903e32c310b
SHA1 bc90795ad693ee0aebc5888e1929189052cccf88
SHA256 672d0f4c7aa01b61a2df3d379ce7e6a1b0374ba074d8282d8d8c1ac69b80eb13
SHA512 a1fdb0c529a381ed9080cd73fbcc9799666c4599a9bec8fcf155686c1ff9dc43553eb6e6763f2f8a002e7abcf51430f5cfd125df21f8bfb4d32764c8391c5fe6

C:\Program Files (x86)\Steam\userdata\974131058\config\librarycache\980610.json

MD5 ba84fdea5021692195e7a688554b97ce
SHA1 5a371b094d35f0d4eecc2d7ef3e18ce4ccf2136c
SHA256 28ff642433958fea5e333b0c967ac02f4e6d0f19f05f366456806ccffc61e1c4
SHA512 85637f0548481e7a0b93344e4a8e29958e4f5365f47cc58274c2eb9e926853cd1ec876ac0eb95a7c6208835546095ef0ae0306b7a0b42501dd13b34584e4f905

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 0db0f20b9214e425823272b333b61a24
SHA1 12caef3826ac20a09aeae46e7337f768c6a8c399
SHA256 229a1de05a5cecd90d8dfb430bf5c8382f5fdfaf027fb0d75bdb67d6303c0b40
SHA512 9ae5ad21e050eefd82d3984ca92e955f7f73dfad37e195669eea73c2107c724d6ff8d2ddc89521bfdae75ea89f2ce6ffd8a85ec7f90c8b50c8fe3378c1501c98

C:\Users\Admin\Desktop\Quaver.url

MD5 ecb28f68d58d9c76ff62a7358de238ae
SHA1 afe7c5593255b2cce12951c1b73c33933bf05a0f
SHA256 c351c0814de2db9ba43b084efcf988926ac67a1855e4b19719b5c7369c9a76b6
SHA512 f5aabe98cea976efc4f9156600cdb83b04e592460fa7b68fb1f2a8b79478bb30a7dd1e5921fcccc6aa4832e41db6837759b77e03937ade6660c2aa434a4b9303

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 111fe5fd539155440c215d6efc31c13f
SHA1 f5e38428a73c4bd70daf6dd043ba513debc93f56
SHA256 cc7beb44ad2f4b752392d3885f0566b81d24ac5db376b8a8190594e9ad04322d
SHA512 926bb4058eef9a4a82955df58cf907da982f927fe615c69905bcd0ab352ab31a9a728c075819a33e2e67b9f535ba424312c6a258f48c115a38c3359655bee0dc

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 299d07858ff21c5037c97f76706fd605
SHA1 d677f54e7878a2570575973e7dc1168827ffff3b
SHA256 ff795f5714fa6ca5340738e5db7b9b84f6d145f95411df3afd1f7c00b723e2a5
SHA512 f1965d8c4ed875b0b08e6bb60e52e0d0c169864f823e4ee86f06ca64e514010910ad782c5c9e644ef65bd6577b14108e76ec0f42e291e3d37a9ce7093476af72

C:\Program Files (x86)\Steam\userdata\974131058\7\remote\sharedconfig.vdf

MD5 3820d591fba65dc3612ef1186e019b2e
SHA1 0e6edf43e043a9b77e418f600ef9845ae2aeec2e
SHA256 19de421c349efc580eef7837b2d237835613e6ccf5e6484390135ed5f49e923b
SHA512 1221efebc0cefe5d3e46751168c00b66ed5a3508a0a3fec91c610504dfe9dc49fcdf01646a59d85d861d90d65c311d063bf922a1e7e260f49cb6261d4831598d

C:\Program Files (x86)\Steam\steamapps\downloading\228980\_CommonRedist\vcredist\2017\Microsoft Visual C++ 2017 x64.cmd

MD5 3cde15371c494433085dc96fbb0063ed
SHA1 0f6b62993850a8595ceb5cd7afde99af594b67d7
SHA256 d415588298e6809ca71c29b7ccfc2816917ae890b0c75aa0d9c4358bf47600ad
SHA512 72a218a1b82a6e4437458fea47a1c3583a322b538b4554505db3845210e4c9397e5b3def420a65e11dd2b83eef7e28e14a77827a745bee9ba9671f2b495d0f51

C:\Program Files (x86)\Steam\steamapps\downloading\228980\_CommonRedist\vcredist\2017\Microsoft Visual C++ 2017 x86.cmd

MD5 8ba10e6aae12696b0efba1fd05346337
SHA1 e0231580fac5c64f1ae3eccc13aa5f9a24331f8c
SHA256 5aa0c1ca1739ab5b8e85a0ca63c8a1ef024ee96ada2715b926f5791f2082755b
SHA512 41229a129ae5cdc38af70c44e3cb1f8c89bd98c7316ba4828086fd756f669f0278cfd3b7f7fe145a36a53b24152a018efb83436a5cca24c02ec4d6bc0bb50f50

C:\Program Files (x86)\Steam\steamapps\downloading\980610\mscordaccore.dll

MD5 3143ffcfcc9818e0cd47cb9a980d2169
SHA1 72f1932fda377d3d71cb10f314fd946fab2ea77a
SHA256 b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7
SHA512 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\installscript.vdf

MD5 e0a76beb3ccb3d21c845063a1a81f8c4
SHA1 428eb49a3d20509af4b642f739ceb76695b3c596
SHA256 ba90dc3f1b2928c102675a54c89022c7e84497243532945145e784ee3a043942
SHA512 17908b7aa6b5169188e58ad251f042c577b402a486878d67ac649177ecf39a5578e664d79b05b066168de3358b4e7fc4507ee14f0695bbc15a8bb1863b92edaa

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\installscript.vdf

MD5 694f8b0b8b20547d4af535951021e82a
SHA1 398db427a34a04738b8215202cb6ad24f54336e3
SHA256 331dcc846361ec44f1c7d1c0c080a5e7abddfcae454e5c1a3d779a89adb13446
SHA512 a43366eddfbcbfbffefd34cc7eec4f1d4a17bd441f45574275bc26154cef7023eec0c47f09847674c9cbbd1354bf7920f0635bd8936e55ae2da1ca928597a05a

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\installscript.vdf

MD5 57edb86ff4b1f3beefe3e6de2f35a880
SHA1 de5139ccf249a26cd60b801ab4746747422262d9
SHA256 a064bf92b8e699a40ef2dd35077cc766f2b0cc41a0ebc24bd4856a1c7d98e8ab
SHA512 416f573453cac3dbca2f13b965621d8b02a6fb297f5a7bc18a95197ed0224b4804c78af38aa722e0c4e351b32fff5cc30457b7f22871bf44933806683e00e20a

C:\Program Files (x86)\Steam\steamapps\common\Quaver\System.Private.Xml.dll

MD5 f6ddf16c51b5f08b437cda25a76763f1
SHA1 3a09521a65f1165897cfd2c47ab314654aa3bf70
SHA256 699f56b15b411faa139683cee0f8cc2097f5c806769495f30f5a7657b6efb814
SHA512 3476cce8478293db395f2a7f6dd1a568312b15970e1843411ce32c6b3454ba8adb00186fba55e8eb614d1abaae98385753fd08af99c69365783f8d2ba2dee8b5

C:\Program Files (x86)\Steam\steamapps\common\Quaver\Quaver.exe

MD5 6573252057e0999b7cdae65f38cea8cc
SHA1 d3c8e7253a14c4d01b886efe256209749f929c4a
SHA256 a95c10bd75d97b7f3ff11c8cdeef1000415b4385409b5a7c1229bc69715bfcbe
SHA512 29212d842ab4097f170f2d5ba7acc3d93d8b6f27a459d327b260c85567b4dc80ecb7d488162396b159625640b19b5c2801fde1481c2f37595f6de51497554a83

C:\Program Files (x86)\Steam\userdata\974131058\config\librarycache\228980.json

MD5 5216ef382c2d09e344ae46f2c073acab
SHA1 91040770b2b51d00e6b7c32a37315eef249a55bd
SHA256 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617
SHA512 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\4k\HitObjects\note-hitobject-3.png

MD5 9316f027684545d18a82b0b862c3e592
SHA1 e4160afe119959f5dcb26de7f5367e703808ba97
SHA256 75d26e60e509131daa9592c73151bf1d501982236acf6b3398bba38ef83178f5
SHA512 81149b13aa25671178c61bf038ca60a406d4ec3b04e4ad89d6958dcf5825b7d0431dbb13b4eeac72fb630c838fc22b4584e7712bf5df48031a6ce7ba9935bf6d

C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\7k\HitObjects\note-holdbody-1.png

MD5 9123dbef21f41782e39187c0abe85f11
SHA1 b311c372c98314c22ac8adc8cd46ba814101bc12
SHA256 612dd61b2201617214fccfffd7e2428e99e88651af36b6c1ed10587e0729d6d8
SHA512 9355b18473b77254a3662c394acfabc21d44e9567632c393c0a385e1fd0b75cb75acaa152c4caf6ddb89e7bd36045e7f43de089d01d56b56768e233c8c6588a4

C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\7k\HitObjects\note-holdhitobject-3.png

MD5 548981dde3e04c519d176a9ad05dfd52
SHA1 f7aaa31270b990937d6794f2ca6c6d3b636c26a9
SHA256 bc8aaecfb76c4aff86755699bfea7cc708a61a1d18e3f83410345294b8a8bad7
SHA512 7d3377b35f7e8ce535721ba81c314a00bcb3db116f59582589d965004991a377dcb0cd8e1281e5115d694cfe575fc46bc3f5eb7f874a7288c519e0316426e64b

C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\4k\HitObjects\note-holdend-1.png

MD5 7ab6b396986c9ba907d1d8231750944c
SHA1 2d1d7e5fe3b70798fdffee91be933abfe3969e90
SHA256 c1964ebf5fed9fa8e27415363a62549ae14e4ba2009c793856484b7b9425f84f
SHA512 4bb544e171aaf0bc684bf83e058f39a6d869ed0d8fe05618753469cb852bd615fca2b49f3a99990c4d94bbfb36b852f9dc923fcbe2f81fce8859b4fb347b1b81

C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\7k\Receptors\receptor-down-3.png

MD5 f16d03b79b3cddd5a285f2f1f9303fb4
SHA1 a733dcd8310e9e8d2319a0d4a667e62d99cac0f9
SHA256 881426f8424f37c89e807f8714a190e8c30aa6b95eb29c952ced9d5a9095e1c6
SHA512 a257e8bb361c86ca25a99018ccd6849cfb5b68a53700027201c499fa89b358fd9ba5a0dae91a89e052ac8c5461cc11668dd96d7b8914ef30d912356493d39515

C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\4k\Receptors\receptor-up-3.png

MD5 191b97fe1d475d34187b2d82bb40624e
SHA1 5127bf61bea4d6eb877e056de34e90d3c902829d
SHA256 b63bf4b62217c3bdf51b0fd06f2370b835be5457c374b8bc6447e2a16eeadba6
SHA512 b239a75968efcd14f19b06159cdc6e82c268d7c6be0194a06893b874ca8f9d370f462cb3f5f13f1e7f129f377619b6f8d7b3bfa2c99b5d67acb95a9a471c1bc9

C:\Program Files (x86)\Steam\steamapps\workshop\downloads\980610\2163546266\Judgements\[email protected]

MD5 e6ed9b970692ae97f55d99bb6a4a7874
SHA1 7dcd9be265371bbe05c57410338938703cda41a8
SHA256 215b3ed85993c87f9723a8cb9a2fefb3ff1f9925e34d091e1ee15179642b7c23
SHA512 2bdc081896a26abe9421944ea76b9d95df3df704cf192af3588ce13e13931366dabd08ba1827065c4c3e5a2d4d05672595d883e73ec0116a6f7b36f776611444

C:\Program Files (x86)\Steam\steamapps\workshop\content\980610\2163546266\4k\Receptors\receptor-down-2.png

MD5 81cb86df2f4ff0289b489793eb7620ed
SHA1 cf7e79e797ebaf72309267c8845d43c08fc4d78d
SHA256 26efd2ab3417e2886b883c91942a8b1d4930aa9ffd6b6637ee191ac69f3aa283
SHA512 abc2aef0ff21fe4bde2c7ef65569a9e8a12c716cec9022a15d177225b8c8f447b5accf34596731619147f398b8e71312ddd0044557831eff3e62b720b919dab6

C:\Program Files (x86)\Steam\steamapps\workshop\content\980610\2163546266\4k\Lighting\[email protected]

MD5 7f4d9bbe842f040aa3740e4b68c337c1
SHA1 bf94e0e5bb03b58de5599c7f75ea85aa5a7de642
SHA256 1bb3dd20059ba8e34537a5c3e459749316f17a5c267182241d88b00fc5b29272
SHA512 df6089018018ab36ba9e00a7689cf6a33eb71f195fc95294bf569425dc9c575fb0531ea2edd8418a7c48f92349532579ea3dc5ecd3e69c06d4b7cd8682b3f8bd

C:\Program Files (x86)\Steam\steamapps\workshop\content\980610\2163546266\4k\HitObjects\note-holdend-2.png

MD5 53bf8fbabc686df474bbba05e882c12e
SHA1 43744cd0c05f5c96c99631d56bc7b4ee0a14ffb2
SHA256 39b1c3aea3e0f9ce3e0a268c54b82098e947ec062fe4031979a4fdb720d7b929
SHA512 5065b8f2fe67123625591bbfd6e09d90a2402b8b2fe025bd4cb8a6ea2f3c0394bd15b4c72559bb858b91821dba95faf0dd28d397f7841dd63b011a35f5fd5945

C:\Program Files (x86)\Steam\steamapps\workshop\content\980610\2163546266\4k\HitObjects\note-holdbody-2.png

MD5 a9ce343b9e09dcfc3fbc0e15a4df6180
SHA1 24627ccaf00abf162917e799b0942af568241902
SHA256 795564db0b21b02ec824a55f1485304560819a08663816d7e65b7e9287fcfbb5
SHA512 a3c26ffe0e6cec0bfa05f8217b7aa3380347d60413460fdbeed38aa95fe824df8596578074e27db051a06089beed1d862b977774c431c0f89906d02e1a6d4744

C:\Program Files (x86)\Steam\steamapps\appmanifest_228980.acf.126265156.tmp

MD5 e39aa2bd8902ddf7748a9782cba3e65a
SHA1 e13d4f357de02ee95104ce4d5f0164bf7a4bde65
SHA256 8ce57ff3e92a1999bf503d2ab3ecb0a75e8b8b500d6c1eeb0953e8b23891f0f4
SHA512 00fa949280e325d65f99b2267bc45771f5f782ca4eed4da770b815ea1d275e991c7633ccda83705899f38343420060b909ff2d92f3c5ec670b522b67238ded23

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x86.exe

MD5 a3cb49daa1347ffe34b517f1a12f40ab
SHA1 72211bd2e7dfc91ea7c8fac549c49c0543ba791b
SHA256 12a69af8623d70026690ba14139bf3793cc76c865759cad301b207c1793063ed
SHA512 e3d96cc4c822793893fc3831cbe40d7a53ee8eca3a73021aea2193bbf5c5a05ef5fa4a9fc314c29ad5392f980997a25507caa9cf3a1e3362674ac913fbaebb17

C:\Users\Admin\AppData\Local\Temp\{e2803110-78b3-4664-a479-3611a381656a}\.ba1\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2015\vc_redist.x64.exe

MD5 45b47f4214ddc9f4782363a38504c9d2
SHA1 10b1683ea3ff5f36f225769244bf7e7813d54ad0
SHA256 da66717784c192f1004e856bbcf7b3e13b7bf3ea45932c48e4c9b9a50ca80965
SHA512 c87955c5542e39fbb44c6edf9ea0c6671693e7cd93b2bbb3988bd51c4e0bfc4c46fbd968ba9bc6327b21f2e52dd1dfe8d0d077aa27a8619bcf61edc3f58b246a

C:\Users\Admin\AppData\Local\Temp\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\.ba1\wixstdba.dll

MD5 4d20a950a3571d11236482754b4a8e76
SHA1 e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c
SHA256 a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b
SHA512 8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x86.exe

MD5 4c34a474900344483aab8c0db7ed884f
SHA1 ba1f7e7cace62f7c55ab948cd3b29acc4e8e2329
SHA256 4eedd7d12c83165620653a892066ad0eb53e021a0665ac54c6a8f438f73a660b
SHA512 383160a5a7bfd1a9e05081245752eceadf662f504b24cac037834a2241ba374d39e20b5ec57e15e940c731b886c2e1beb46a076993f13a9d941f47a58299f3e8

C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\.ba1\1055\license.rtf

MD5 f1a281f74d3e91d16dd26d1f313cd8a9
SHA1 ddb2ca9032c5a9c091eac53b679f6ba428077b00
SHA256 f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25
SHA512 484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625

C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\.ba1\thm.wxl

MD5 fbfcbc4dacc566a3c426f43ce10907b6
SHA1 63c45f9a771161740e100faf710f30eed017d723
SHA256 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce
SHA512 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\.ba1\thm.xml

MD5 0056f10a42638ea8b4befc614741ddd6
SHA1 61d488cfbea063e028a947cb1610ee372d873c9f
SHA256 6b1ba0dea830e556a58c883290faa5d49c064e546cbfcd0451596a10cc693f87
SHA512 5764ec92f65acc4ebe4de1e2b58b8817e81e0a6bc2f6e451317347e28d66e1e6a3773d7f18be067bbb2cb52ef1fa267754ad2bf2529286cf53730a03409d398e

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2017\vc_redist.x64.exe

MD5 6b83b62d7fd5354074bdffc2dd7dd6c2
SHA1 007064d974a55940838f19cd0b0e3aaf27ca06a7
SHA256 b7aa971227e2d68a82186c2c55bdca3ba5293f01528fda98925cdc0d6516062a
SHA512 4a188d78211c43c02c37053f2509a0e269a4d97d92f13f41cc90f0a25557a149874bbab55cc86554d01e269fb65460c2ad1df4164f41f565ce9ed77d4c310796

C:\Users\Admin\AppData\Local\Temp\{f1e7e313-06df-4c56-96a9-99fdfd149c51}\.ba1\wixstdba.dll

MD5 a973cfa4951d519e032f42dc98a198b0
SHA1 2ba0f1e1570bc2d84f9824d58e77b9192ea5dd94
SHA256 25ee85c14c9be619b4f0bf783963ace1dc0af0e802014728c2a2ca8da213d31d
SHA512 b4a8c4f08a51bdd9ce7708fe8e2477182a52f1d853954eb5af0430c2df99839b6076a7d93b00391a73d446a6ad9da3ed77ef79c8b23353d32c72fc540415b8ef

C:\Users\Admin\AppData\Local\Temp\{f1e7e313-06df-4c56-96a9-99fdfd149c51}\.ba1\1036\license.rtf

MD5 1da77b492870266e67626ce000528425
SHA1 bbde5f2e5c744bf7eb4931ad0be883bd8a89cee2
SHA256 84cfc67f98d7553ab6af43e9b8d89138a9f46d0fd9291a441d7fe73f5c1a9dc6
SHA512 1efbf899fd722d5ebe2b885deb37da601c4291000761ba1825b4a76c2b51d5b69e1e03106ef0e29a108cc6b8ba8ec69ee7c7af641fabdcb1154a35d3dcb263b1

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x86.cmd

MD5 a8d147a22093c77cdf20d663748877c6
SHA1 7fe518339330ec20fc78352beb841e7a7b070b87
SHA256 8098ebcc001ca152aec47352e9b7d8f086512519cc430a8ec9c82f67fa9c29a5
SHA512 642676197b92ea837d475ccf2754217d1ed0bba7985cbd72202eb9b27541b08093c37dd3217b8946182bfd6b8a7f4f54357f294fc32d1449279390aa65a169d2

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x86.exe

MD5 fedc87470a950d6c723e6538c5f27817
SHA1 17674fcc6cf3a2ffdc391bdcde082aa936e37a89
SHA256 5c7dfa4fd52809813cf9350c4e5807434d78a0bb1fd0d61c85e02b41646a5780
SHA512 17d286311f8aee8866fb7dfbb12fc28fe98e57a460c086fd30bce421c1cd8c0549d92ba5a90c4557eb263ad29a0655da9022603979079022a414c0c5805cf9a1

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1029\thm.wxl

MD5 16343005d29ec431891b02f048c7f581
SHA1 85a14c40c482d9351271f6119d272d19407c3ce9
SHA256 07fb3ec174f25dfbe532d9d739234d9dfda8e9d34f01fe660c5b4d56989fa779
SHA512 ff1ae9c21dcfb018dd4ec82a6d43362cb8c591e21f45dd1c25955d83d328b57c8d454bbe33fbc73a70dadf1dfb3ae27502c9b3a8a3ff2da97085ca0d9a68ab03

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1028\thm.wxl

MD5 472abbedcbad24dba5b5f5e8d02c340f
SHA1 974f62b5c2e149c3879dd16e5a9dbb9406c3db85
SHA256 8e2e660dfb66cb453e17f1b6991799678b1c8b350a55f9ebe2ba0028018a15ad
SHA512 676e29378aaed25de6008d213efa10d1f5aad107833e218d71f697e728b7b5b57de42e7a910f121948d7b1b47ab4f7ae63f71196c747e8ae2b4827f754fc2699

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1031\thm.wxl

MD5 561f3f32db2453647d1992d4d932e872
SHA1 109548642fb7c5cc0159beddbcf7752b12b264c0
SHA256 8e0dca6e085744bfcbff46f7dcbcfa6fbd722dfa52013ee8ceeaf682d7509581
SHA512 cef8c80bef8f88208e0751305df519c3d2f1c84351a71098dc73392ec06cb61a4aca35182a0822cf6934e8ee42196e2bcfe810cc859965a9f6f393858a1242df

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1036\thm.wxl

MD5 7b46ae8698459830a0f9116bc27de7df
SHA1 d9bb14d483b88996a591392ae03e245cae19c6c3
SHA256 704ddf2e60c1f292be95c7c79ee48fe8ba8534ceb7ccf9a9ea68b1ad788ae9d4
SHA512 fc536dfadbcd81b42f611ac996059a6264e36ecf72a4aee7d1e37b87aefed290cc5251c09b68ed0c8719f655b163ad0782acd8ce6332ed4ab4046c12d8e6dbf6

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1040\thm.wxl

MD5 d90bc60fa15299925986a52861b8e5d5
SHA1 fadfca9ab91b1ab4bd7f76132f712357bd6db760
SHA256 0c57f40cc2091554307aa8a7c35dd38e4596e9513e9efae00ac30498ef4e9bc2
SHA512 11764d0e9f286b5aa7b1a9601170833e462a93a1e569a032fcba9879174305582bd42794d4131b83fbcfbf1cf868a8d5382b11a4bd21f0f7d9b2e87e3c708c3f

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1045\thm.wxl

MD5 15172eaf5c2c2e2b008de04a250a62a1
SHA1 ed60f870c473ee87df39d1584880d964796e6888
SHA256 440b309fcdf61ffc03b269fe3815c60cb52c6ae3fc6acad14eac04d057b6d6ea
SHA512 48aa89cf4a0b64ff4dcb82e372a01dff423c12111d35a4d27b6d8dd793ffde130e0037ab5e4477818a0939f61f7db25295e4271b8b03f209d8f498169b1f9bae

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1046\thm.wxl

MD5 be27b98e086d2b8068b16dbf43e18d50
SHA1 6faf34a36c8d9de55650d0466563852552927603
SHA256 f52b54a0e0d0e8f12cba9823d88e9fd6822b669074dd1dc69dad6553f7cb8913
SHA512 3b7c773ef72d40a8b123fdb8fc11c4f354a3b152cf6d247f02e494b0770c28483392c76f3c222e3719cf500fe98f535014192acddd2ed9ef971718ea3ec0a73e

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1042\thm.wxl

MD5 b3399648c2f30930487f20b50378cec1
SHA1 ca7bdab3bfef89f6fa3c4aaf39a165d14069fc3d
SHA256 ad7608b87a7135f408abf54a897a0f0920080f76013314b00d301d6264ae90b2
SHA512 c5b0ecf11f6dadf2e68bc3aa29cc8b24c0158dae61fe488042d1105341773166c9ebabe43b2af691ad4d4b458bf4a4bf9689c5722c536439ca3cdc84c0825965

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1041\thm.wxl

MD5 dc81ed54fd28fc6db6f139c8da1bded6
SHA1 9c719c32844f78aae523adb8ee42a54d019c2b05
SHA256 6b9bbf90d75cfa7d943f036c01602945fe2fa786c6173e22acb7afe18375c7ea
SHA512 fd759c42c7740ee9b42ea910d66b0fa3f813600fd29d074bb592e5e12f5ec09db6b529680e54f7943821cefe84ce155a151b89a355d99c25a920bf8f254aa008

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1049\thm.wxl

MD5 17c652452e5ee930a7f1e5e312c17324
SHA1 59f3308b87143d8ea0ea319a1f1a1f5da5759dd3
SHA256 7333bc8e52548821d82b53dbd7d7c4aa1703c85155480cb83cefd78380c95661
SHA512 53fd207b96d6bcf0a442e2d90b92e26cbb3ecc6ed71b753a416730e8067e831e9eb32981a9e9368c4cca16afbcb2051483fdcfc474ea8f0d652fca934634fbe8

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\1055\thm.wxl

MD5 defbea001dc4eb66553630ac7ce47cca
SHA1 90ced64ec7c861f03484b5d5616fdbcda8f64788
SHA256 e5abe3cb3bf84207dac4e6f5bba1e693341d01aea076dd2d91eaa21c6a6cb925
SHA512 b3b7a22d0cdada21a977f1dceaf2d73212a4cddbd298532b1ac97575f36113d45e8d71c60a6d8f8cc2e9dbf18ee1000167cfbf0b2e7ed6f05462d77e0bca0e90

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\3082\thm.wxl

MD5 47f9f8d342c9c22d0c9636bc7362fa8f
SHA1 3922d1589e284ce76ab39800e2b064f71123c1c5
SHA256 9cbb2b312c100b309a1b1495e84e2228b937612885f7a642fbbd67969b632c3a
SHA512 e458df875e9b0622aebe3c1449868aa6a2826a1f851db71165a872b2897cf870ccf85046944ff51ffc13bb15e54e9d9424ec36caf5a2f38ce8b7d6dc0e9b2363

C:\Windows\Temp\{64ADBFD6-D46A-4134-A374-B0DA44F075DA}\.ba\2052\thm.wxl

MD5 3d1e15deeace801322e222969a574f17
SHA1 58074c83775e1a884fed6679acf9ac78abb8a169
SHA256 2ac8b7c19a5189662de36a0581c90dbad96df259ec00a28f609b644c3f39f9ca
SHA512 10797919845c57c5831234e866d730ebd13255e5bf8ba8087d53f1d0fc5d72dc6d5f6945dbebee69acc6a2e20378750c4b78083ae0390632743c184532358e10

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\Microsoft Visual C++ 2019 x64.cmd

MD5 1c39b0799c57e7d2e97ba432faefc85f
SHA1 8b5029489d50b8b93ef9864dd056bd035d98d591
SHA256 c39c8d1d2065c790e39ec9dbd242d64340774e12db6ef90dbe2933106b46864a
SHA512 ddfe19d501bdc713d85dc1ba96bfb2a14ea01661b5115e1374fc80c83d5d6ab6fffb2375ca5e0121725a3f6d853fe7ba72cf6791cdab699a3171bdd288d05948

C:\Program Files (x86)\Steam\steamapps\common\Steamworks Shared\_CommonRedist\vcredist\2019\VC_redist.x64.exe

MD5 ba584d9886d6eaee8daa852a0605dd00
SHA1 1effe7db3f42d670a1352c5c9b451c4db3e57ab5
SHA256 c2d74d9b85d0030eaa134679a2392268baa773185c5a21657390e43f8b518f69
SHA512 3076aa5583c2ee719f9755fb6aefc1f01f37a33491a7d336c39f9ad303e671574498a0dc16b64e3744098c86ac43ccb916557a4866caf1a5f4b1f5ec68446d47

C:\Windows\Temp\{A5CB0E72-E50E-4C53-8451-9BDC9EA9C13D}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping5116_2074448640\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping5116_2074448640\manifest.json

MD5 2648d437c53db54b3ebd00e64852687e
SHA1 66cfe157f4c8e17bfda15325abfef40ec6d49608
SHA256 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA512 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 e88ae7610882623de33e9c5ceee9ffc8
SHA1 8e7fde4f5ccf887dbe6c34bce0ea38a8716c0a83
SHA256 c0e608183dfd1533b421d763bdfbec4f3188eca8b011d0853717b4e142282be3
SHA512 c79a01d169005c4e9394fb0e5e5918ef80d97f1a81d12e67b9d4d387cdb9b691cc406f2dc2059074096254d02a27ddd9622d6c3cce980df45db4c2e1f4d95250

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 1cc55ea0d5e3c6187f98a9090e2b5197
SHA1 12c9733e1769e17b69a0f785146acaae6ba102f3
SHA256 2c20b6352af62f1b0cf10fc0946c994f11077a32da34d0efe1d10e0aea9eaba8
SHA512 46000daa6fab7ee05d8c5018747e3281655e213bfef5b483661bc8137731d97430f5e4d29450f9f1e0910c4daf37d150790e47108743f862cf8446345f3597f5

C:\Program Files (x86)\Steam\steamapps\common\Quaver\libbass_fx.so

MD5 be0a6626917a591743a5ce2e982024fe
SHA1 37edd8da5a8b68bd2085585e49a6316fa58dfc52
SHA256 50f77991363ed5483ea62dc49df8f6647fcc5b7474aa2b3510ba2fa05814a863
SHA512 76a441d33d72ca6614801c4b65044669fb4fe036ff527c0b8c1c64f2ed8dcd9debef823e61a1b1bab5c71ed065f683dd39322284a8bf7b1eaaee362dcd6a07a8

C:\Program Files (x86)\Steam\steamapps\common\Quaver\libbass.so

MD5 decdaad9142df6af1cbc668fdffcc770
SHA1 2de14cb5c00ed35c8e75cfc488e60a592acc3f5a
SHA256 e6123bb9d0614b7d1244cc56f314ec864950b315a0b2ee88208449c1a1047dd9
SHA512 d2b460c441dd73176b7b88cef8a4e640063464834882f367fda60cc225c7f6881dab105d7c34b01f607904c61fe97fc78ce3dda566dd0f60de35b91ce3df78d5

C:\Program Files (x86)\Steam\steamapps\common\Quaver\bass_fx.dll

MD5 c862d6f2ec9beee5178b243a18694721
SHA1 99eace4910905fc6d7ab8fe450d7e59fcc39afc7
SHA256 2bf089ee1b54ef76a23583906d169e94bee6787f25f8e0f50fabb887428c79fa
SHA512 094ee18f325e20f4f8a2bc2e36db80d8d8868851926a6c1716dacdcd541d29742b1a18ab9e4f9dc62b6bdd0f53ebea2fa529067f53347a38269762d729babe22

C:\Program Files (x86)\Steam\steamapps\common\Quaver\bass.dll

MD5 a5dad8ea6787e30c08ae4c7ef4cde8ad
SHA1 a5c6b3d5a5444afb706c9cbeeea06238898adf62
SHA256 2fbaae03b30b08afccefdcff383add6436fc5c89968697ba996f0f8de3ea48af
SHA512 19399f5f9a50dfc2e4b52f4115f7b964bc90dea31e6ebc63f08c0e3b7e6bbdc91cf38ca847a04d1f179bc86bb3e1e7c87b86cff7b91c56feb1fdf68250686de6

C:\Program Files (x86)\Steam\steamapps\common\Quaver\libgdiplus.so

MD5 d97adf85af6349497ac5a0e8c5e86386
SHA1 f65e7290bd5b497cfce4a48a3cf4dd168980bcb7
SHA256 373aa131cc81bdaa30af4aad0d55276b3329127c01b5f3038092614d03ebfdb4
SHA512 132413f6ac935040b068ba3a8888723c8c0acdaf138aabcc56ee5e58b9103fee3ca68f901f75d8a51dc209810a58e1922af8eb19a1179eaaae0eb318d8e4ee9b

C:\Program Files (x86)\Steam\steamapps\common\Quaver\libSDL2-2.0.so.0

MD5 4ccb3a3289b8683c62f87bba6f979db3
SHA1 ec0ff26c27ebcf6f3712442e34e0ba8113eb7805
SHA256 372c9b14e350a03aa8a5082baecbd0fd17b1a5e7b38850bb146e704f3c47b6d3
SHA512 bdaa470cc6b40882fa7378216131d9045398806ace9a8ed6b4cd287f07b9dbc60c8228b6ddd9775d411e043aea82ab7da306dfbc475801a094abad9c1a3a8b98

C:\Program Files (x86)\Steam\steamapps\common\Quaver\libopenal.so.1

MD5 c68d30bdadf08c2181183c9255a7ccc5
SHA1 0e3eeaaaff0818145789ab04bc7a784ae7cf0bf0
SHA256 624e49c04a9f4085bdb1bea49ac23923d4e5b15d5878a9c868e2181a1ff418d3
SHA512 7817cd761d05ac7e02667b243d3581b7a2444b7a4cbdd337185d0c926eb69ed15ab82cdb96c30e746708a79823c6b9a7c36e2018c69f5b3e966ead03542c37cf

C:\Program Files (x86)\Steam\steamapps\common\Quaver\SDL2.dll

MD5 02cc3eef36db9438ed33440354054e41
SHA1 f6a4a0eff2c51e9540a541ed22740e687f4fcf81
SHA256 5d66bd7c48a61ff952475ec3492fcad67a81e626d849f00824d2b6442adf8d2f
SHA512 7450ebb5f9123a524d40760d63bdaf93b9a96d219543821d5231c85428f9959e4353eb1604328dc79152f2ea1610d47bd063861bb434fafb5c15a5a816e327cc

C:\Program Files (x86)\Steam\steamapps\common\Quaver\soft_oal.dll

MD5 79e235b88d879f65482cacfbacdaa61c
SHA1 c721a0dfa308490817a4c7b3941f3038a139d2f8
SHA256 afbd4fd4cdd77ead3f8050b6ea1cd1d509107dbb3cbac1c3efe6687e1f4b9dfe
SHA512 a586ed157a4844e809058b2807062153eca4d9aad90d5dc6b1c2d4c4261eb1222291ef94d05cf509ea98aeea1be3eb1e6fbd2c733af68c1f27f0d388a8984669

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 9a87ec8b2007dd766793321ac5565415
SHA1 c8163d307a03ff5acdbd7f5e8ec903f749758e1b
SHA256 b4499400a10c5f120877b580834396ccc32f6183a17b5e54e52605d48c9d35b3
SHA512 734c4c2386cb53ad33a4fc4d644388a7475210956577c889ac8cfc3aad99f54ee58404f91079169058865135cc1649097637b88f13cfbbfa54df1fc7b16370e2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 c32f1b980732a5da517ad5c0a220c21e
SHA1 fc0085afc1efcf59997ad86c710dbbc811a786c4
SHA256 c41770389724db3463ec453c485d918670f611955e9aa2a5f86e685465dbba43
SHA512 e7b9b3ff15ae9dd1b0107f28e8f8297f037a505f1c67abe7a0906e3c11f1637a336c162222c16314b42aa621d478aeb0c5382b76619e09ba05018122188834d6

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 a837ae146292e3cfd5cb4a9afa66c10c
SHA1 f6aaf806d362a281ffd998741510d039912ab5c8
SHA256 b259560042d6fb779169f12862d12e32b969efb5d9f6049ffa5801961697aa97
SHA512 848845aef8359e158f440f346a11f1fe9ad7b6d669308d250487fc1d328372a7a322d2037ced32e76d8b03c66d06b23cac5755066be0db6f2b6a531f97fc9e8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 21283ef2fb8031b4967207c1c8c042ca
SHA1 2cbd8e116620c4c737738c3d85834d801a14fe66
SHA256 d753a49b7f44cf777aa8dc1d92aad9c8661662768357f04472e0c4e89ec70e13
SHA512 faa59bf83b8cfaa82e7ffa9a755c08f33a6efb07ee16eb3ed0b678e2a65fe2f534d04f403f9f1fc6b3f6463548ec5433a4ec20e694d5929971014e170e20b793

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 618aa605c9a537c836efb648f553c26b
SHA1 06d7d78422ba188a12858f38a2adddde6a9e928f
SHA256 740b3fca8703194614b0d2c9289e6f763bc398f7c3c116f74899a3ae29d66121
SHA512 50ff4809516efa0d3bbfbfd87d5afb91bc167df49ece7c6da2778aefa4dc91cc29acc5c95dc503032f97816fa4ad92f9d229e320a43714c6eb7516ffd9d29f8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 f75c252daf43e4eea609658170e37c13
SHA1 6bae600f7b75843b2a9f2a294cfef3917805fa1c
SHA256 eb9e3b298638985275304ceaad927b0f58767c9f5a1a444f26607881dc9b0443
SHA512 dfc918a0d8068ba1f46e2169d9c020329651daeae30320486d8b3794a66215d7fde95fff8af4a003519ca00d4ebb256a81d9f4bf1c05863a5bc222907e8eb91a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 592d5de16db4e3b57a0cbb6328744987
SHA1 fe935d4113b42cc49801214b3ebc4bbf77d117e9
SHA256 74c5d463e4f3a121ee7f0e2c77768985a9ed0bd72294191e7aa7a5f5e3752e10
SHA512 21dc70903a36d9d4efa284cc3f3ac99f1932fe68728cd14d046ba88611985c4e4a1036614b6a30bffb75cae189e35cf4d50334cdbf2ef2ee5bcc311746f32288

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 32d7c3932849c87e39b3e912307fc61c
SHA1 4beb94c0d9dd235f600038025ed0d90a19462f12
SHA256 362461da2a4f82ab13f5eb0d4b96b16a3265cd9cc434cd6228e6fd411aa90ba3
SHA512 926f5ce65d53853683682925669d5f22e2ce7c6f4b058d9af99052f692c0a26e48923477727be9561e40a67733650d123dd9e5270a79f3699d6ec0ece5f5ce8e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 1715e5c4b6bd942ca68680056dba42ed
SHA1 06573f17da832ea82221e296e774ea9bbd510877
SHA256 007cd11a4dc0dd83b9ca3d82a03d45fd44ce93b36c9438b7739b4ffa692a320d
SHA512 00d43aa9b3aa2e208f78dca06309bc32b5605274328d91a35cd51bd72e65b8546f71f3f2a122ac2e2264e2819af1c7198725c47df23658817c60783e65e3aff2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 45f63a6d0065537b6f3b1c5832e97638
SHA1 8fb4254ee13e3d09cf08f1a03a1343cb1734fb5a
SHA256 6f705ba6322bef4013170b25d4a5047939cf190d8b66634b7daa3efb814e2693
SHA512 898f8b601a68c3716aaa9d557487c9c967718d2c882d2d027f18b194f2f6dd80e4daec8f0de5e18e0717a9b3035f9b53dfb48f6406a7981a54439dbbfd644776

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 ff5879513cc8139b43ce31efa95eb312
SHA1 1588315f350213dd0e274e1916f1ab9ed93e359e
SHA256 c450bc91a172a769a98fcb39349a29afbf11c9a103a9b8f9e8bdf49b46f5b2be
SHA512 756e622733a27d72721547fe5d2868d474aec458608000314078749069269d2757953f25d0e46151bdeb85172a88ca2e1ca788f4b24b60864b4c173df003fbf5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 bc515ec29c035bcf7f6a1c93002104bb
SHA1 6849d74a7b46a75aa6ae16b0068feef9fb2636bb
SHA256 88f8d50effcd42d5e0887675fb120c927f49b8cd1c3cfe802d0f767dcab69821
SHA512 57756d5c38a84293989033d6d7e171f9b084e61ebaea031f09c9b351b24d41b397c1e2613acb035a3152f8ff26c0d509f2be83469580de5ace3575743ffc92f3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 daf454e066047c5b4fb4418e2974a318
SHA1 0d5b83aa8d7ac01980efa4bca92c0113a41c4f68
SHA256 c4ff949736b89108e7d9d172a2097b774b4fcf186de6a3ad6110dc22a365bb51
SHA512 5ad1906c37a7c187406b05fa770a60c461d3c3d322f87417197d09c70cc99b10533910bca90c8014426e21500565cdde15c74e1845cb25365fa88a1757808bc1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 f20c6520f2a411abc8afce4d69f776eb
SHA1 e7f1d12b6e6c9cbcdd485a4b2df56cc07d861710
SHA256 be4041fca4e8e6f64672dce80cd2d83dca10d0a1f5267c7e729e94356309b811
SHA512 9705888e4519df117fc9f55493efc3d3ac37e98441966c23f51cc52b4be62b00185e032add218b73b8ecaa88665bbbab17e30e7e8edd88ec855c2a570fea90f1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 91fe6a9bf49e5b1c8d9d47ed8aadea6a
SHA1 9aecd7a777386779a2012cf15a959623acdc85d7
SHA256 7d8c26546b421b712ea9ea88a500df490cd58aa1d0fa5f12d960866f571960f4
SHA512 fcb01fbf4d603697a8a51f7758224ce2ca09b443efa6e675b720a4c4e920f22258467559a37f5b17c9adcbab68791303056b87dc241b5e58e5708de251695f0e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 62f26a1d76e884558522a8157d5d1e19
SHA1 f86715595d4adfd48ca413b80ffd302d2f905dda
SHA256 b822eddbfa8cf23e4a1300a73175ae78a39d3f205dbbd939d10739ebc5054fef
SHA512 67c725b4a9e79a194ad9a9370862a08b34f89eb0664d76f42af9857c6e45a8132cc3d531c8a466a7371ec67d12dced73e49f7918cd645578166ad71858089543

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 4957b7e1fb84accb35619e089137efd0
SHA1 84c552efadfc1adca6e918f43e89707cd02f3b0e
SHA256 479bb384854de305b22a061511e54ccdfd57ae58da1871e5cae7c3958309b9d5
SHA512 0aac14db851cb31743f8cb4eea2440ab735cad14e7ab846c374e700266883605a69be2aa895255ba8b34a67dbddf93baf94cff20b26dd889da0505205b6ae10c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 c6089d56dc7f441548a1169a25c0d3bb
SHA1 a937e15b9aab19569a32a274b5726d3193a4e0bc
SHA256 7622852e3788b6faddb768195c6cd163c48c867336c325f0c4e13c11ec74e0ed
SHA512 dd99ea58786e2cfe241ac6f3400804fe7759a457040cc3cfc5ee16005df339de45caf9d877f365af8224e3b050aa164c0f19d06db32943b6e6b787967c355fdf

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 474728ee7cca40452bc9a35a0dfe2cfe
SHA1 d699197b37eb6ec465fdec763ccb7e11f7e59090
SHA256 f1a906c35fac2ab43b4485e038f78bc8427070fba8e6e4029d82557a11f1f711
SHA512 7518f97f8f224f7ba92d77f1a4b5b30384d18e26e6b0fcdc1992faedbbcb57bfccad36993a6b09602b69cf566ad0d69f940243d693c8007bccced5d458504aa2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 fa2eb7509a6ac788b862d7da1d01b047
SHA1 1a30c8a59c8cbe12e89009191ddb5fe7e158c862
SHA256 b63ac842188074d63fd14c0fdffcb210189d83d147ec056492e9a89b6c22767f
SHA512 38270fa1430d22705b002351d8ab2b30679329557f9039ace4267c3111bb78bd57e9389b3570cd9aa588041db54b4994826a7254061fcf278873fe1ee40df25e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 8f1e8a09dd42b4c9472f0b274f0535f9
SHA1 ad7abb03e164fd7573cdbd920208216295d5a0ee
SHA256 f09c7ebef036b8535c35f740d51055103939e4bf3ea943f9709e73143efb5a09
SHA512 e4c4022dc8d8face079e92aa4e8ebcc1b717346026f44a29667aeb493cb65b29cce664a94bbfd2bbea1b5fa178b66e0f4ed14baf353906c26b8e55db4f646524

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 fb0c0f2adb1bd0ce20033026f8902f01
SHA1 d044e11881c7477c77f871e4878ce8bc2bd31842
SHA256 43a433ade6f536a037a5d16e63a82cd329ed7965af6fca6973274e9741088dbb
SHA512 2577d4a0fc5ece1e88424d629a394a3aca5f0203b38e1daec51aa34384d63d2ea8d8b6c86e02d997f28400ec80890065e3c0871b1b8af2b64cf306d111bf30bb

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index

MD5 3f4e2d2ca231a3d1f8241658f252e144
SHA1 695617814eda71cd32a6a9dcaf26be13e84f0705
SHA256 691c9f072d3160945d2dd25f237787c152ba6db0c5553986c20b102edd16d832
SHA512 68ddea31936acb968b9ceb32a03fb425529a212979ec5e384c48c4922b54f08d7a4e2f929bc6a6685ba9365749d340ffefa39b3dd6cb3e772bf4081a517a28be

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\c7666f5c-6096-45b2-a866-24d51b8cd761.tmp

MD5 15e17fe687bbfab4bb3f145c5712c401
SHA1 2fbfe299c4ac5702d2ca2bf9f2c3d41aeace51c3
SHA256 dc5f1424a63b2770706fe40f49bfd9aaa507f495b375babba1dc9f6819d171bf
SHA512 490bbec3bf302577f7f9ee62ccc71a4d4b6ceab614130b9428cd470469d6127fb327cd85c1465ffd73c3b09776772c639105333da146ac0a490a123c4d51f04e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 1169880503a84f361dabdef5a211a363
SHA1 b57c49e1a826d216431eddfb145abfacab8a7c47
SHA256 c688374dbede4baded9a90c676e50f4c502c2f98cb73a77390ab62d53a709a34
SHA512 d71520c8be319e0712706095bd4cf35f145e4b6364d6f7b5a5db89eaefbb7d802e30e10b24e3ba1f6e58e37f64a5c56cb80775085b1faf637f6275f2a9551480

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 66b380c7a4ea0df67c527c344312becb
SHA1 db63333c0622090c51e9b8085038bc3eb61fce1b
SHA256 43c606d5e9de3235bc88880f0468523cb38dce5fac8d74779520a59343fe5cf1
SHA512 be6f34eb92d9b66d9b093d6ebd8dcb96339dbeba5c99556eefcae0b2dbddf141479e7448e8f2c2b96561ac413fe4accb06eeeb9e87ddd196e293a5ec5e9e3655

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5925b47e36c7c583529e520f1fd1e18
SHA1 fd128bb80cef03c3b8ab4c36775e2fda3c15ca79
SHA256 09e257c4d17afe64b5b20608a57ff50c57369884e0af544a56c43e357c5b17fe
SHA512 8a1380ef222fdac3346bbf60d45d4facc03ad64b2c92e0be419aff4ddbb9de3b5c36b7b854060d270026b6fb0608d050576d40a7c230f2473401f9a0665730b5

C:\Users\Admin\Downloads\Unconfirmed 142967.crdownload

MD5 fc0734a7348f6e2979d3044a9a75e359
SHA1 ba7ebc472f8a7dae824c13a5e39f11e54d0f83b9
SHA256 a4b1a450cada1b25b74b8decfb92f77c64a04f0b4ec8ddaf1a3c0f962a364c0a
SHA512 9c6e2baa2a291ccd1e2787d10df50f1789f7f8976c707908448eb60fbeacfb00c90d2d390b7ad73c176daf510c3a6bb93f9a960ad61c60f899e74db4963a054f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b480dea7f00a741a5d803998241f574f
SHA1 f44b4b0632609d48e8315539bf4194cbe22b9417
SHA256 162c48d8875ccb891193991e7c9c3112bce7ed2d041f12126126745c2c128abe
SHA512 12db3e575de83336e21178f047a5b91cbb1ed2ddcbb628e912b3fcf3dffa65652847cc5f3b447f2d7525de1c9d776f9d739934f3edd9ae09894e7dce7b4870cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1b7f31da6124807c0682de1e02be736
SHA1 e994fbb60ddbe133d4fc437da5c053f5490ad0d3
SHA256 b79168ce0a40210882483f2e567847dce8c9810a7e3674b7b09ab6c6a3b0aaee
SHA512 6f75087a9f7aa6093a076ee61c3fa491ef9b87630720b9cc96c23c6db53c83342e957a111e1ebdd35ee37105f621849c2b622f66c59afa357ce63bc4289a6aef

memory/13432-18365-0x0000000000EC0000-0x000000000130C000-memory.dmp

memory/13432-18366-0x00000000062F0000-0x0000000006894000-memory.dmp

memory/13432-18367-0x0000000005DE0000-0x0000000005E72000-memory.dmp

memory/13432-18368-0x0000000006B50000-0x0000000006B8C000-memory.dmp

memory/13432-18369-0x0000000007170000-0x000000000717A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fbbd61ef10e52be804119a1319c85c42
SHA1 b0fd2497899ca793fbb51fd9857e8a9b7882a6b7
SHA256 4daf7d9b3b29ebb784cf762a3f4e399c665129ca5a7a7d8a5871da4b003f4693
SHA512 c6e0880cf4028526d945316c3d0e6eb985680c30980df06117e60399820f57242f8922f7d67ab63658661668e74f39cb0736fe0f41ca1f5d0d85610a0831ca2b

C:\Users\Admin\AppData\Local\osu!\Logs\update.log

MD5 5276d4d4b6ccf6c59a8fbe96c98b3836
SHA1 21342cb0521e5b518077319006ac241f913b5324
SHA256 71741e15a431a20ecc41c1ce1323bbc503ab3d3a5de3a877f18ef32592ba6275
SHA512 65e5aaed234cfa27d3fc5b27dac856f5ec6dac3b4332e37c2efc4f6cf8adb4b250ffdd8c22e05e562c7d4e58cb005eca94e2751abacb2583fca94a54851dc99b

memory/14832-18406-0x000000000A5D0000-0x000000000AAFC000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

memory/14832-18421-0x000000000A500000-0x000000000A522000-memory.dmp

memory/14832-18422-0x000000000AB80000-0x000000000AED4000-memory.dmp

C:\Users\Admin\AppData\Local\osu!\Logs\update.log

MD5 c766241a850a51789307052367954527
SHA1 01d4038d659866e4f0d3ce8134c4a2090fc49797
SHA256 5fcd0140c6d85526995bb18541f676ad779fb2ba9c0a0f7a5c21826845451021
SHA512 affef97688cb2233011553125a3760cef9993b60914fd56ea4c97c248e564f2cc987d4e4e80745d17a08c8b787d9e020429450e6d92e44a76032fb59f00ed424

C:\Users\Admin\AppData\Local\osu!\Logs\update.log

MD5 ba7df5874daf3cf932ad27628518b14d
SHA1 d2108a8c85268401f208864860c7d175d56aba51
SHA256 da9494ec48c45be7699aa0651407233fcc3dcebefa51774a63d52e14aa34b680
SHA512 314302d6ee9aa1483946cc95e5ec8aad11afad74285432ceb2e2bc3898319798920a16c3f1f0dc1b2104af236ce21b4a7e61d23efc712c4c40ef356a4de46966

C:\Users\Admin\AppData\Local\osu!\Logs\update.log

MD5 699c48cca3ebcc122cb0894d362b06fc
SHA1 b79ba6f81b5e0d7f16fb23070a7e861fb0929776
SHA256 1693a5dd043c46a3fd5d34ee4158bd115de64a5488eadf2902c9745b7f65c37c
SHA512 1deb0c94efd2afbd0f238963e7dda81febb3d297a823616193a065511630c986a220e58add9c6168d6e9a87dad3e51bc4bbf9a0fdcae01fb88600cf4a5a5da53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1df9dd5b32a2cad80fbe93021989c031
SHA1 586ffaf51bf977bdf94cfaa5559e3c39684fb980
SHA256 c612133e76fbcd2dff8174835a772d203936e78e26c664e8f1343f08d9ac143c
SHA512 40d2474c37f3097c29cacfb95ecfb94f3ea2f48cb9ebae7ef58eea0b3e3add48f4d2148da3d8b96dc4e6274817427a774b988b87ad16f3784ca12144f9789315

C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

MD5 b66478cc0f9ec50810489a039ced642b
SHA1 992ede70f0fee5cb323b4b810cc960bf2531875e
SHA256 e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702
SHA512 ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

MD5 c00b30289cc427caff97af5aa3d43e03
SHA1 8e70885a62b0fe510422c2367b1f6de489b67e6c
SHA256 b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867
SHA512 3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

C:\Users\Admin\AppData\Local\osu!\bass.dll

MD5 7623474a8b9bec1e3ffca813cdf93bc3
SHA1 4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774
SHA256 67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3
SHA512 b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

MD5 47c83b958951331ba409d6b80316250c
SHA1 ce14566676a27a0899079781a41888a2f1303127
SHA256 e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064
SHA512 58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

MD5 3ad3c0fd4dca001a2f9e707b74544919
SHA1 c6176415ecd3e8f38f976e4234325452fe1fd2a0
SHA256 81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04
SHA512 436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

MD5 c5b362bce86bb0ad3149c4540201331d
SHA1 91bc4989345a4e26f06c0c781a21a27d4ee9bacd
SHA256 efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f
SHA512 82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

C:\Users\Admin\AppData\Local\osu!\libEGL.dll

MD5 9f7f22cef980ec272a9b73bf317500e4
SHA1 ae11d7cdfa84a242e31efd6f03b0ef764d5f900c
SHA256 041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072
SHA512 19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

MD5 a4dfddff62d1e917ebb0688cf8d96be7
SHA1 9376bfa069a72da76733cc72cf90386920815142
SHA256 cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f
SHA512 97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

MD5 82d4ee89f4a39c764fa6297a95ebb10e
SHA1 87b1f581ad017bf62604d8071a23fde8b81550e1
SHA256 1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d
SHA512 904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

MD5 b4d949571134fc3ec6c28f1af7a75e49
SHA1 07eb5685ff4f19ff8ed466c68c2426e2ead69241
SHA256 b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511
SHA512 7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

MD5 47183d7843a1af1e856bc2600ca73e5a
SHA1 e715cecf017bfcf670a4d00e94997701f1c694c5
SHA256 2250688fe226f6513caef2bbaf92e7e6831d48b6d53fcc91a863a9928b609ac4
SHA512 1fe603847a5a39a4e610fd09461075c5cc9fa7d424b0867cdf41f03584aa76bdafc23c4abcac5e60995d0490165e5158e1a66e48781a60f6564dbe26238143fa

C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

MD5 4cb98d63f1b2b9dc38e10e9901ec52d8
SHA1 42c0e8b8e5c7a4113e38a977221f845ef8406722
SHA256 ba3467a8db908d81a0729f78fdc5c8f1d1595d3da4e5a9a34be9a16e06da9f87
SHA512 d351b9ff851490187b003c675047b6a20a2519df3818bcd18a674d6edab1d211c9661acc98403b562ff3268576ea203b4e0f10e962467b9849b72431c92735a4

C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

MD5 20082752d6c5fae8d08071aaf242b739
SHA1 70e8c7499507e8275c2ac06c372bde3b84f4c763
SHA256 1fae9cd8610a6d666c9b42d91440b493a257adab2126dd7c77f5d5098d678b8b
SHA512 6d9778f29ab522e45cee8a3d5aad6f4e65606675479cdf782844f5d162e13a8d42837ffe6d7533d8a29c71f10ce648cd2f859db55e7f8d00a4638ebea0b8ba46

C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

MD5 72fd66c4ce090346c113b72990eb7d86
SHA1 038c06b41cee82578f5b6a0b0298570bc8969e8d
SHA256 c382d8319f5ccf7faa6517bfa53a052ebb7d8d16f335d5925ae777270c93e50d
SHA512 9973f0a33aa3e085ff5bdba469859cf5b6df7c8d60927e229c2cea2648e8ce0c7a4ea96f9861735e2bff8d2207dee55fdbc90f3534d50d009559391d9ff7f2ec

C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

MD5 00678eb6be3b52d562b66218c93e21a8
SHA1 ba583d1520da22f3d3b89196c981279ecda58648
SHA256 b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f
SHA512 58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

memory/7480-18679-0x0000000006C50000-0x0000000006CA6000-memory.dmp

C:\Users\Admin\AppData\Local\osu!\Logs\update.log

MD5 86fa10dac695a15a79973cbeaf08ea33
SHA1 a1c2bd712559f001ea64ac36becf645459ef1a4c
SHA256 89f8fc5de6e741213bf1f03c7c90ea07e7dde26b51505843f8be0060830c501a
SHA512 5f218678d2c7d4c91d76d93242d39d6b982516115a1863e470892af34d3d6aa3185ce4452eef3e4a77966ab7ecbb66c4d81cbdf9854b2b2b57525925fed703a1

memory/7480-18689-0x0000000070540000-0x0000000070E49000-memory.dmp

memory/7860-18701-0x0000000070290000-0x0000000070B99000-memory.dmp

memory/7860-18702-0x000000000D6D0000-0x000000000DAFC000-memory.dmp

C:\Users\Admin\AppData\Local\osu!\Logs\update.log

MD5 fad3e749b87a4c0556428622b36f5200
SHA1 2bced3c0b5ae4c45054c5516e85542e27037ac55
SHA256 677c1d203c72d3fa2d8c8c8d01bbb8b8cb2adfa8c8b69d805908f05b6a7f438c
SHA512 049ad9e41e2586f2bf1b2319beba4b0e89407201c50e995c24cbfee9558e9db0781e2275c53474508632848462697dd6cb4989ea0968752a752bdefad1ad522e

memory/7860-18706-0x000000000AE40000-0x000000000AEB4000-memory.dmp

memory/7860-18708-0x000000000AEF0000-0x000000000AEFA000-memory.dmp

memory/7860-18709-0x000000000B280000-0x000000000B5D4000-memory.dmp

memory/7860-18719-0x0000000010000000-0x0000000010013000-memory.dmp

C:\Users\Admin\AppData\Local\osu!\Logs\update.log

MD5 cbdb3d9494b16b45178d71747fa96c01
SHA1 8e016c18cbb64628e06fdaccc80ae4c3cf07b902
SHA256 295dc597ff9d6162e9fdf17320857ef7c1692f928f5ae27b3c4dc9189aa2330e
SHA512 95cc21842dd1ade5a9bd7d2eedec3fa6493a1695ef23c043a29170048f67e77e1022c5b1a06aadefc778e0795696846c54408df49617a5278e17c52c474bfe75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0c4134b3e2cae02bc6548b3e358c575
SHA1 2b6787455995371ffabe83b5cd08cf5104602346
SHA256 06b999e100440ae8eef66b9042f168c06962b138310177df908c02bc26df3e54
SHA512 cb3628ca92b8cc4e7b12447519a78860e77430cbc5903bdd3aaa5f634e03d79e5f7b37c1aa8e58caa3b815937a5aa88a235521b6957d2ffa14db05ab601f1a92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ddc0425c2fe5e0975322735dc7d581b5
SHA1 c287b011ec8fe2ffc0ea87ff21216842d8f508cd
SHA256 4c783bbfb545c08365214d91644dc2d9158b8b87a453b1b210cf18926d2b237c
SHA512 ced9135e493d40aae6ece15de1a11b89bc1b29c21e39b646d2877d4b6b37d7f6f359740356fe17b37e4ad88f970b864754764a76c052a885ae29de245fd7ac66

memory/7860-18770-0x0000000070290000-0x0000000070B99000-memory.dmp

memory/7860-18771-0x0000000010000000-0x0000000010013000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ec18c5b163c9f47fc5f2e3166ad8593e
SHA1 75d2b72029bd8e8d72dfba77ba23c60e4b145aab
SHA256 2e3283401082fc84ff1c0c69c447d38d688cd6b9c9a4cd1b9036310b47ae2a9c
SHA512 ad396d64319bd473bfcafe87d61f01121b2a164b8702bd9c840ef9272ebdd87ecda4e1e0a460a27ea9b336f389397378f78ec86ae452d367c181e49ec2451cc6