Malware Analysis Report

2024-10-19 11:21

Sample ID 240810-wtfr3avglg
Target Superify Setup.exe
SHA256 cf21bed229d61942534a4d963b1fd34714287a3a494536399f5064ac8edfa55b
Tags
steam defense_evasion discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

cf21bed229d61942534a4d963b1fd34714287a3a494536399f5064ac8edfa55b

Threat Level: Likely malicious

The file Superify Setup.exe was found to be: Likely malicious.

Malicious Activity Summary

steam defense_evasion discovery persistence phishing

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Adds Run key to start application

Enumerates connected drives

Detected potential entity reuse from brand steam.

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-10 18:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-10 18:12

Reported

2024-08-10 18:27

Platform

win11-20240802-en

Max time kernel

880s

Max time network

882s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\net70.exe N/A
N/A N/A C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe N/A
N/A N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Superify App\Superify.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Superify Library\Viscera Cleanup Detail\Viscera Cleanup Detail\Binaries\Win64\UDK.exe N/A
N/A N/A C:\Superify Library\Viscera Cleanup Detail\Viscera Cleanup Detail\Binaries\Win64\UDK.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{0305aed7-88ea-4e4d-995e-c09c56c41bd1} = "\"C:\\ProgramData\\Package Cache\\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\\windowsdesktop-runtime-7.0.15-win-x86.exe\" /burn.runonce" C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Detected potential entity reuse from brand steam.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_button_square_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_roll.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0316.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_rfn_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lb_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_swipe_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\vgui_vietnamese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_up_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_half_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_portuguese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_down_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\confirmation_negative.wav_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rb_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_korean.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_touch_doubletap_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\ssa\ssa_russian_bigpicture.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\css\awardicon.css_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0355.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\loop_3.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0416.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_rfn.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_finnish-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\cmnd_keyboard.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_rfn_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\Microsoft.WindowsDesktop.App.deps.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\219_icon.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_right_hover.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0341.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox360_button_start_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_workshop_details.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\zh-Hans\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_gyro_yaw.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_vr_happy_down.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\ssa\eula_sc_schinese_bigpicture.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_right_default.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_dpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r1_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_share.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r2_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_4_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_play_hover.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_020_ammo_0054.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\facebookLogo140.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_circle_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_s.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\msquic.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\~DFB68F7BDBDD28BFD8.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c33.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e581c33.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF1275700D352616C7.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI275B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c37.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF5364EF7064826B08.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e581c2e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2CFD.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF791BB1A0C757F9C7.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e581c38.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF591B509FBAC2DA69.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{961F4E18-EF6F-44DA-A61E-8AFCAA87CB87} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c38.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c3c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c3d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI38B6.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI25B4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI27CA.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF06A84108989767B7.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFD0723676E66F41C1.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0B9631FA58829651.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF1EE69FDFE916E9B3.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2903.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF9FBDDE0FF334FEEC.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFF652482E7279031D.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{565B8608-2758-4BB1-90B8-13C8D5D9A7A3} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e581c3d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF2BDA9C4A58505B2B.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{A8653AB8-2037-4D69-903D-F1D5FA5CACD2} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF5ABC49BBE29EBF4C.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF38BCA87CCE87F5BA.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF39173EBA7C08A510.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF88C42B0B26FA5BC5.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1EBE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c32.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI29B0.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{D96F6B53-FC66-4BEE-91BD-1A4E944FC061} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c41.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581c2e.msi C:\Windows\system32\msiexec.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\net70.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Superify\Update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Superify\Superify App\Superify.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677874076990409" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.60.5674_x86\Version = "56.60.5674" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\35B6F69D66CFEEB419DBA1E449F40C16\Provider C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.60.5778_x86\Dependents\{0305aed7-88ea-4e4d-995e-c09c56c41bd1} C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86 C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.60.5778_x86\ = "{D96F6B53-FC66-4BEE-91BD-1A4E944FC061}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.60.5674_x86\Version = "56.60.5674" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8068B56585721BB4098B318C5D9D7A3A\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\Version = "943461930" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\35B6F69D66CFEEB419DBA1E449F40C16 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8068B56585721BB4098B318C5D9D7A3A\Provider C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\35B6F69D66CFEEB419DBA1E449F40C16\MainFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.15 (x86)" C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{961F4E18-EF6F-44DA-A61E-8AFCAA87CB87}v56.60.5674\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3774C265BB25E195676300FC0E846513\35B6F69D66CFEEB419DBA1E449F40C16 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\81E4F169F6FEAD446AE1A8CFAA78BC78 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x86 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\PackageCode = "4607BD783359EE74C90B337EA71931CB" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\PackageName = "windowsdesktop-runtime-7.0.15-win-x86.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\Dependents\{0305aed7-88ea-4e4d-995e-c09c56c41bd1} C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81E4F169F6FEAD446AE1A8CFAA78BC78\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BA3568A730296D409D31F5DAFC5CA2D\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\Version = "7.0.15.33129" C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\35B6F69D66CFEEB419DBA1E449F40C16\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0305aed7-88ea-4e4d-995e-c09c56c41bd1}\ = "{0305aed7-88ea-4e4d-995e-c09c56c41bd1}" C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_56.60.5778_x86 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\81E4F169F6FEAD446AE1A8CFAA78BC78\MainFeature C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Superify\Update.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe C:\net70.exe
PID 4996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe C:\net70.exe
PID 4996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe C:\net70.exe
PID 2904 wrote to memory of 2480 N/A C:\net70.exe C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe
PID 2904 wrote to memory of 2480 N/A C:\net70.exe C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe
PID 2904 wrote to memory of 2480 N/A C:\net70.exe C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe
PID 2480 wrote to memory of 1556 N/A C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe
PID 2480 wrote to memory of 1556 N/A C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe
PID 2480 wrote to memory of 1556 N/A C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe
PID 1472 wrote to memory of 4500 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 4500 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 4500 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 3580 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 3580 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 3580 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 788 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 2172 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 2172 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1472 wrote to memory of 2172 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4996 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe C:\Superify\Update.exe
PID 4996 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe C:\Superify\Update.exe
PID 4996 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe C:\Superify\Update.exe
PID 4016 wrote to memory of 8 N/A C:\Superify\Update.exe C:\Superify\Superify App\Superify.exe
PID 4016 wrote to memory of 8 N/A C:\Superify\Update.exe C:\Superify\Superify App\Superify.exe
PID 4016 wrote to memory of 8 N/A C:\Superify\Update.exe C:\Superify\Superify App\Superify.exe
PID 3324 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 2328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Superify Setup.exe"

C:\net70.exe

"C:\net70.exe" /q /norestart

C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe

"C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe" -burn.clean.room="C:\net70.exe" -burn.filehandle.attached=564 -burn.filehandle.self=684 /q /norestart

C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe

"C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.be\windowsdesktop-runtime-7.0.15-win-x86.exe" -q -burn.elevated BurnPipe.{380B7CA9-56C9-4BE2-898F-461299CFA8C9} {4405BDAE-5868-4357-8105-5F8D4EC49725} 2480

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 18652CAEBC1E3168F1678025D886A06F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1543EFC4478C7019E3B57AC3835C4B8F

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7649E865ED38FB5D6FF4C948E5C99607

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BBF06DC052BED90DDA8E26975CC2D810

C:\Superify\Update.exe

"C:\Superify\Update.exe"

C:\Superify\Superify App\Superify.exe

"C:\Superify/Superify App/Superify.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa949ecc40,0x7ffa949ecc4c,0x7ffa949ecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3576,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3320,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3400,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3388,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4336,i,3003992622632192166,9850093185189005046,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4672 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13236" "-buildid=1721173382" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1721173382 --initial-client-data=0x344,0x320,0x34c,0x348,0x350,0x7ffa862cee38,0x7ffa862cee48,0x7ffa862cee58

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1580 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2152 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2468 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3500 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4080 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4492 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1868 --field-trial-handle=1712,i,16084916602553680965,12419309298155466813,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13236" "-buildid=1721173382" "-steamid=76561199557676496" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=1" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1721173382 --initial-client-data=0x344,0x348,0x34c,0x320,0x350,0x7ffa862cee38,0x7ffa862cee48,0x7ffa862cee58

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1644 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2152 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2432 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3472 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1744 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3956 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4008 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3124 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1772 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1820 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4508 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4044 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=76561199557676496 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1756 --field-trial-handle=1712,i,4888414023952470670,4235536777750065148,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Superify Library\Viscera Cleanup Detail\Viscera Cleanup Detail\Binaries\Win64\UDK.exe

"C:\Superify Library\Viscera Cleanup Detail//Viscera Cleanup Detail/Binaries/Win64/UDK.exe"

C:\Superify Library\Viscera Cleanup Detail\Viscera Cleanup Detail\Binaries\Win64\UDK.exe

"C:\Superify Library\Viscera Cleanup Detail//Viscera Cleanup Detail/Binaries/Win64/UDK.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 superify.eu udp
RO 193.201.82.113:80 superify.eu tcp
US 8.8.8.8:53 113.82.201.193.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 8.8.8.8:53 steamcdn-a.akamaihd.net udp
FR 162.19.88.68:443 i.postimg.cc tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
RO 193.201.82.113:443 superify.eu tcp
GB 92.123.140.8:443 cdn.akamai.steamstatic.com tcp
GB 92.123.140.8:443 cdn.akamai.steamstatic.com tcp
GB 92.123.140.8:443 cdn.akamai.steamstatic.com tcp
GB 92.123.140.8:443 cdn.akamai.steamstatic.com tcp
GB 92.123.140.8:443 cdn.akamai.steamstatic.com tcp
GB 92.123.140.8:443 cdn.akamai.steamstatic.com tcp
GB 92.123.140.8:443 cdn.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
US 8.8.8.8:53 203.142.123.92.in-addr.arpa udp
FR 162.19.88.68:443 i.postimg.cc tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
GB 2.16.170.40:443 steamcdn-a.akamaihd.net tcp
FR 162.19.88.68:443 i.postimg.cc tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.18.9.10:443 cdn.cloudflare.steamstatic.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.170.40:443 cdnb.artstation.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 162.125.64.18:443 www.dropbox.com tcp
GB 162.125.64.15:443 uc50cd08cffaceb79e150870edda.dl.dropboxusercontent.com tcp
RO 193.201.82.113:443 superify.eu tcp
GB 162.125.64.18:443 www.dropbox.com tcp
GB 162.125.64.15:443 uc50cd08cffaceb79e150870edda.dl.dropboxusercontent.com tcp
GB 162.125.64.15:443 uc50cd08cffaceb79e150870edda.dl.dropboxusercontent.com tcp
RO 193.201.82.113:443 superify.eu tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 23.206.75.79:443 steampowered.com tcp
GB 23.206.75.79:443 steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 79.75.206.23.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 136.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.142.203:443 shared.akamai.steamstatic.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
GB 92.123.143.249:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 help.steampowered.com udp
GB 2.22.99.85:443 help.steampowered.com tcp
GB 2.22.99.85:443 help.steampowered.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 2.16.170.57:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 57.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 95.101.129.26:80 r11.o.lencr.org tcp
GB 2.16.170.57:443 cdn.steamstatic.com tcp
GB 2.16.170.57:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 26.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 2.16.170.57:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
GB 2.16.170.114:80 test.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 2.22.99.85:443 api.steampowered.com tcp
N/A 127.0.0.1:63584 tcp
N/A 127.0.0.1:63583 tcp
US 8.8.8.8:53 114.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 ext3-fra1.steamserver.net udp
DE 155.133.226.76:27028 ext4-fra2.steamserver.net tcp
US 8.8.8.8:53 ext2-fra1.steamserver.net udp
DE 155.133.226.76:27029 ext4-fra2.steamserver.net tcp
DE 162.254.197.38:27034 ext3-fra1.steamserver.net tcp
DE 162.254.197.54:27038 ext2-fra1.steamserver.net tcp
US 8.8.8.8:53 76.226.133.155.in-addr.arpa udp
US 8.8.8.8:53 54.197.254.162.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.174:443 tcp
DE 74.125.162.73:443 udp
US 8.8.8.8:53 ext3-fra2.steamserver.net udp
US 8.8.8.8:53 ext3-sto1.steamserver.net udp
US 8.8.8.8:53 ext2-sto2.steamserver.net udp
DE 155.133.226.74:443 ext3-fra2.steamserver.net tcp
DE 162.254.197.38:443 ext3-fra1.steamserver.net tcp
SE 162.254.198.46:27030 ext3-sto1.steamserver.net tcp
SE 155.133.252.54:27021 ext2-sto2.steamserver.net tcp
SE 162.254.198.46:443 ext3-sto1.steamserver.net tcp
SE 155.133.252.54:27037 ext2-sto2.steamserver.net tcp
N/A 10.127.255.255:27036 udp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 122.170.16.2.in-addr.arpa udp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.122:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.42:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.42:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.42:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 42.170.16.2.in-addr.arpa udp
NL 142.251.36.3:443 tcp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
GB 2.22.99.85:443 steamcommunity.com tcp
GB 2.22.99.85:443 steamcommunity.com tcp
US 8.8.8.8:443 dns.google udp
GB 95.100.245.51:443 tcp
GB 95.100.245.51:443 tcp
US 8.8.8.8:53 avatars.steamstatic.com udp
GB 95.100.245.51:443 tcp
GB 95.100.245.51:443 tcp
GB 2.16.170.123:80 avatars.steamstatic.com tcp
GB 2.16.170.123:80 avatars.steamstatic.com tcp
GB 2.16.170.123:80 avatars.steamstatic.com tcp
GB 2.22.99.85:443 steamcommunity.com tcp
GB 2.16.170.115:443 tcp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.16.170.48:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.48:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.48:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.48:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.48:80 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.42:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.42:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.42:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 115.170.16.2.in-addr.arpa udp
GB 2.16.170.42:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 48.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 crash.steampowered.com udp
US 208.64.203.173:443 crash.steampowered.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
GB 2.22.99.85:443 steamcommunity.com tcp
GB 2.16.170.49:443 avatars.steamstatic.com tcp
GB 2.16.170.49:443 avatars.steamstatic.com tcp
GB 2.16.170.49:443 avatars.steamstatic.com tcp
GB 2.22.99.85:443 steamcommunity.com tcp
US 208.64.203.173:443 crash.steampowered.com tcp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 2.16.170.49:443 avatars.steamstatic.com tcp
GB 2.22.99.85:443 steamcommunity.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 2.22.99.85:443 steamcommunity.com tcp
GB 2.22.99.85:443 steamcommunity.com tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.122:443 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.122:443 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.51:443 tcp
GB 2.16.170.113:443 tcp
GB 2.16.170.113:443 tcp
GB 2.16.170.113:443 tcp
GB 2.16.170.113:443 tcp
GB 2.16.170.113:443 tcp
GB 2.16.170.113:443 tcp
GB 2.16.170.122:443 clientconfig.akamai.steamstatic.com tcp
GB 2.16.170.51:443 tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 113.170.16.2.in-addr.arpa udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 2.16.170.122:443 clientconfig.akamai.steamstatic.com tcp
GB 2.22.99.85:443 steamcommunity.com tcp
N/A 127.0.0.1:63584 tcp
N/A 127.0.0.1:63583 tcp
N/A 127.0.0.1:63584 tcp
N/A 127.0.0.1:63583 tcp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
GB 2.16.170.57:443 steamstore-a.akamaihd.net tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.36.3:443 tcp
NL 142.251.36.3:80 tcp
NL 142.251.36.3:80 update.googleapis.com tcp
NL 142.251.36.3:443 tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.18.8.10:443 cdn.cloudflare.steamstatic.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp
US 8.8.8.8:53 40.169.19.104.in-addr.arpa udp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 184.28.176.16:443 tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp
GB 95.101.129.233:443 r.bing.com tcp
GB 95.101.129.233:443 r.bing.com tcp
GB 95.101.129.233:443 r.bing.com tcp
GB 95.101.129.233:443 r.bing.com tcp
GB 95.101.129.233:443 r.bing.com tcp
GB 95.101.129.233:443 r.bing.com tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 20.189.173.4:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 233.129.101.95.in-addr.arpa udp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 2.16.170.113:443 shared.akamai.steamstatic.com tcp
GB 2.16.170.113:443 shared.akamai.steamstatic.com tcp
GB 2.16.170.113:443 shared.akamai.steamstatic.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 2.16.170.113:443 shared.akamai.steamstatic.com tcp
GB 2.16.170.113:443 shared.akamai.steamstatic.com tcp
GB 2.16.170.113:443 shared.akamai.steamstatic.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
GB 2.16.170.122:443 cdn.akamai.steamstatic.com tcp
GB 2.16.170.122:443 cdn.akamai.steamstatic.com tcp
GB 2.16.170.122:443 cdn.akamai.steamstatic.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
RO 193.201.82.113:443 superify.eu tcp
US 104.19.169.40:443 cdnb.artstation.com tcp

Files

memory/4996-0-0x000000007478E000-0x000000007478F000-memory.dmp

memory/4996-1-0x0000000000140000-0x00000000037D6000-memory.dmp

memory/4996-2-0x0000000074780000-0x0000000074F31000-memory.dmp

memory/4996-3-0x0000000074780000-0x0000000074F31000-memory.dmp

memory/4996-4-0x000000000AF60000-0x000000000AF68000-memory.dmp

memory/4996-5-0x000000000BAD0000-0x000000000BB08000-memory.dmp

memory/4996-6-0x000000000BAA0000-0x000000000BAAE000-memory.dmp

memory/4996-7-0x000000007478E000-0x000000007478F000-memory.dmp

memory/4996-8-0x0000000074780000-0x0000000074F31000-memory.dmp

memory/4996-9-0x000000000BB10000-0x000000000BBC2000-memory.dmp

memory/4996-10-0x000000000BEC0000-0x000000000BEE2000-memory.dmp

memory/4996-11-0x000000000BEF0000-0x000000000C247000-memory.dmp

C:\Windows\Temp\{4E150EAE-8D07-451A-A078-4E323A4AF764}\.cr\net70.exe

MD5 fb39099fa5e536604ec91e44e7fffc1f
SHA1 64a54139f47405fe7b8ebd3a9ce148caac147d43
SHA256 6c7187ac2d63598d846792e1ce77f1db3ce438f39d8cd4589d61ffdfea6a83c3
SHA512 0c76fd68ebc7a923f1e8c48b1391a5158ced2dc4bd6423d491ad9389060dbca6f9e67f26c9f55519e96111791f6e75b0cfcb3b88bb58ad2f7f32ba9f1bed1707

C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.ba\wixstdba.dll

MD5 4356ee50f0b1a878e270614780ddf095
SHA1 b5c0915f023b2e4ed3e122322abc40c4437909af
SHA256 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512 b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\dotnet_runtime_7.0.15_win_x86.msi

MD5 b6b9d8c4ff319052ca611a58d78ae1e3
SHA1 653586e12e23bc7b7d7209116682a0a0377dde5d
SHA256 7cffcc6d90fe68b86feef763310a409fb17cbba979a685a7ab53924f60d99738
SHA512 e7cc75766e1426cb73f304e529077209e9411864c2326840ed7015ae2b4329c111e5c65fe149329d8c85cdf8e40a51124e3bb0ef455e4d1dcafcbc4c4663b47c

C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\dotnet_hostfxr_7.0.15_win_x86.msi

MD5 59d86bb5383eeac8bba8283a20be0055
SHA1 012b9cfe421ca5556c00b74e642bb9e142fea64e
SHA256 65d6faaaec8a0bde1ca8c8549800196845015b877e3856429d89af43e438d282
SHA512 b64a18689ae80dbb686b66a73e09ca2917b90302ce150b965581a8eec68c59a1732b10759f8ee9e87e67ee2c861b3214314516638f1e08bb26752dbefa070dac

C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\windowsdesktop_runtime_7.0.15_win_x86.msi

MD5 11a0af2caba2216b54e09382d00d0126
SHA1 591d86acf4940f741cf3237c05c24d784dcaa963
SHA256 6965fa26a4ab6057c92516fade20e623b1b1643ced9314328b762135c2d4266c
SHA512 282d8ae7f66993f4d4725b1470cd2bfc3dc9a1770aa44c09c70240fbd6599d3da2b1e6515b2a269e17bc6e9ec4c0ff17a264205c0b9f5c1226585fb688b9884d

C:\Windows\Temp\{C695AE90-1548-4596-9418-7E247FB32843}\dotnet_host_7.0.15_win_x86.msi

MD5 5f79da720542e611e6bc967e03a16b40
SHA1 733541d95c650dad28c5f605c6ec890614b93094
SHA256 38df9ef14f81576400ad966c7ab1fa39323eda2c1a56992b8eb95dda1eff17f0
SHA512 8673811886fa26e0ec05788f9404b9b961269c614cd149aa93370f7066c9da5ce2ab8b68a3792c0924e175ddff0d83033de3ed6928279bb8cd4fe1bbc480a847

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20240810181316_000_dotnet_runtime_7.0.15_win_x86.msi.log

MD5 68134d141477ee0e584ee5a4b8aeee7b
SHA1 0cba30ca1b39e563d776125d9829f86f276cf4e7
SHA256 7e095f75efdb5eaed7cc72452191e89ac1be02e93b4f1070e835ed9872125a58
SHA512 5ee06727a82bacc4bd07ec704cabdece7593e95f6b24552a768033d29e2a66d40c8e186db542c1d682e7f54bbd4113d8f32a053196aff50b3fbcffd2f9eada5f

C:\Config.Msi\e581c31.rbs

MD5 a1c491d918c8d1013003d75c614bb0f4
SHA1 d2c1d0b8c777b769a797b6fba4cd2880b3a0db16
SHA256 06378eac24728a2eb24fd070da090f310ab2cd212718863e4c4ab7fdb1fee7d8
SHA512 81ad065f9438ac2e6e8c6ed2b17b5e44fcafc9755e3481c7324176c7eb33495ab4444dc4db49683070a2016707392c17cbbfed0ac6b25e92a80378727003458d

C:\Windows\Installer\MSI25B4.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20240810181316_001_dotnet_hostfxr_7.0.15_win_x86.msi.log

MD5 94c9b102848cdd7ffd64d0ff1d85448c
SHA1 b9661ec78aae0bcad499b053bde167a833c2c2c0
SHA256 7d4a8e3ce8d74273f26967e04ac90508869cee1b8997153ceccca0bbf1c6316f
SHA512 c65c285e6a42972dd358e142a3c8c0e243d8252289475efe8cd31c2dc6a0af419a7f207fc61169e3fa5aa1e0a30ba09fe3740a8a4814752d9e79af0e7bef0cf6

C:\Config.Msi\e581c36.rbs

MD5 840fd9a9e43963cf46d272ac5b4ecd67
SHA1 799e856bb56871fbda1be283876fd7ceda9030f7
SHA256 b15f400e5b0fdf8436f80171dd5285f19efa5c7738ba06320e65e867cd7c389e
SHA512 e4587779e2522374cb0753d060ce20a00f0a92e6a8a595548dfaca7d89abb100cd269fb268041e793dee11809538fcf8e3ccfbf9c6d904756959318543ca45ea

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20240810181316_002_dotnet_host_7.0.15_win_x86.msi.log

MD5 787c46fdd751d9546aebcf2f217a5e3b
SHA1 30c00d456517c7f8e10b6dea93e38c4e2e559d4b
SHA256 3583a1a9fc5c3bcb3c27021c56af5e79232efc4d84f5e8418fe08e01545398c6
SHA512 d25e82126e933825f08fd416582b002103b07033e76ca803c8bff33160a18cfa36ab570cc5f1ebe139bc419f1e22999208000a181a6f9e341186587ae38123fe

C:\Program Files (x86)\dotnet\ThirdPartyNotices.txt

MD5 5c13a5ea8c8cc3474240981d0ffa88ff
SHA1 1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80
SHA256 4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da
SHA512 32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

C:\Program Files (x86)\dotnet\LICENSE.txt

MD5 31c5a77b3c57c8c2e82b9541b00bcd5a
SHA1 153d4bc14e3a2c1485006f1752e797ca8684d06d
SHA256 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d
SHA512 ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

C:\Config.Msi\e581c3b.rbs

MD5 cb9ee21f5495df0fc688702e49b8a00c
SHA1 0b1e6e7f136c58cba94e66b87202d7ab1b3b0eea
SHA256 547585ec508f76794623dc907d8ccc07f6e426d1799fc1c9481d57b860251d17
SHA512 f0fa61c790a911b1cfe735827949c0174910f3d61f533db5bc5aa27ec44c4f20e0d319b1f5fde917d93f22de98a1689bd575b29c30d9edb1bf7002274343b860

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.15_(x86)_20240810181316_003_windowsdesktop_runtime_7.0.15_win_x86.msi.log

MD5 47303d16724f0136dd4875979365722e
SHA1 278e2b7898885f7d0637ee478110abf8f96765f4
SHA256 95b21a18827c8704364a11305258046818241cc5ed2e24bf3838bc389a38274b
SHA512 9167561ae1f90939f60da66cf7adcbf42475a2734620de87d8406b3fe5ef0731fcff226fa6884e32ab503d55ffbc655345bef882b6a43c66e4b91fc5e16ff53a

C:\Config.Msi\e581c40.rbs

MD5 cb0cee0de302d32618528dbb6b841653
SHA1 b2346b4b798181065cac8b6e3fdfba41417b9680
SHA256 2f93134b1681b2d7066622f6f5eafec92b6e7862b99647313832aeaf1128135b
SHA512 c04d7c55413f5d8d3f2405cd38970daca9d5fe4aab4705e37286ea2664d18651e6908fa54cee78ab4df0029d1d17da541434f6a2cfd4733c0143c3236530c507

memory/4996-711-0x000000000C850000-0x000000000C85A000-memory.dmp

memory/4996-712-0x000000000C880000-0x000000000C892000-memory.dmp

C:\Superify\Update.exe

MD5 c82dcd615f83066aca3864a2674a9aed
SHA1 7b0786812e617646b6c6e7cd4d4e675f84d79793
SHA256 35af48beb9b51f8c7d2e6287be37dbea5763bfa617e3b054db101b18b2e78829
SHA512 ece107f3d059746625d8edcc359a1bd08004f859faab8076f9fc8a27277408c3639c2095f49d632ea9ee85bfd4ff0c8e6a24ff3a7b3f6090d325b7707f2d4c65

memory/4996-736-0x000000000CA20000-0x000000000CA96000-memory.dmp

memory/4996-738-0x000000000C9C0000-0x000000000C9DE000-memory.dmp

C:\Program Files (x86)\dotnet\host\fxr\7.0.15\hostfxr.dll

MD5 3e851ffcbd59508ab31f4da09e088f4d
SHA1 d3627f33379a02e714b059c860881285362ac086
SHA256 1a3ebb8db0e9a867fee33e57081cf50168271f62f7c3b7f8b439c432650a8ffd
SHA512 49ba945817143907e2d38f4c2401784a102b23e7f71303fe335147b0dd214c99572027302231e7b478b7694cecb37205f3724576e6732f9c18ba39f7ee749460

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\Microsoft.NETCore.App.runtimeconfig.json

MD5 01da0d56ab33c0ed0e7ac85e5244190f
SHA1 9e1e4b59e590038f769e5fa01fb326109a7f38e5
SHA256 7133274dc5efab688a6efe2f43ca33e78a2498ef39efcad231b0e07ad2c26d17
SHA512 e11967ba33c719da1681a7f98056d40f450788d9b7c8b2f580d8bc7998fc35a78c53fc970301b097c527fab79fd477adad4eafcd75b4bb376d33c3fece9e8926

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\Microsoft.WindowsDesktop.App.deps.json

MD5 a38804300d6b8c002654c0d7c02ef58c
SHA1 880ce92d7eec771999b124ee1dc6325b6cbb292c
SHA256 db1486a5122409f1cbc013ffa74be60e1917f26029c50e0a86161918fe71a152
SHA512 89ed8e28fb6cdd1a59363921fe581ba389f0a1fb677eb5d21cab6cd7ba02ab379f1dea2b1f9d6be5e8050d1c6f6ee3bb1a5007e847e66edb1dacb3e4a754a44e

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\Microsoft.NETCore.App.deps.json

MD5 0f3f1da3bdd196de8ec1cc2800049d3b
SHA1 bf1910b1a17a12d81d39d66b615a0141d3e2e2ba
SHA256 917f6ef18e3d8f5bec3d2ec3214024ba63d99488cbce6267320d3136e1d9aa4d
SHA512 c168097900ecabc1ed080bce58fac2d0882e9d7e6e14bc2e7bcb55c316913027d928cd2ea53c2a8cc5afbf8a1053548ed630d640e91cf9f4095914dea865f73b

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\Microsoft.WindowsDesktop.App.runtimeconfig.json

MD5 763285ee489811f3def989d2c3583c9a
SHA1 d45a44af18abc8ee24b9e51c895de5aca997b23d
SHA256 3bf0907d4374e967f7da3451c60dc0756ab0bbfa438582523028ca1aa4902dc4
SHA512 472da531529692e7c725051bcf19450a97198f29c3df43632593de644b7a369329ed90ed3cfb456be9ccba4c1f8353c6e59e07f8a448bdb01c688feb301aefdc

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\hostpolicy.dll

MD5 1e6170c62ccd63b9db264f490924a1fd
SHA1 c9a91299380a8fee93ebeab0b36902114832b2c2
SHA256 6c1c30ad225da3f1d422c2e171395ceae8eef94857292ff892aa143b95c34ac4
SHA512 e309e42577ace6ecabc8c9db0fc1d9c8ae9b8204897aca25d5d65b87fe6c6216dbd38b4908b8baaeeb87bf999a02239ca1c6f0ea10247758feabfa3854851920

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\coreclr.dll

MD5 e9575a34fcd412b7ba3f2a7b21a2e78d
SHA1 cb4f186ddfafc513ddf0c5333be681afa127c92e
SHA256 cf0cc58d02ee8e16f226f93634bdc5b7182a6b5202fd69f50e9290a6e2db2baf
SHA512 f3cc5c7c93031523efdef3b0d2c2204731c18bb4657042a3d2890977aa38ee7fede8f44293a048dc8d24c808cb05c7f88b9ec5f70647691dca48add098749ba9

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Private.CoreLib.dll

MD5 44478ad765801c27b7dbcc72093517f0
SHA1 91629ead297456a1238458cbe0a2753d67da17f2
SHA256 39ae57f90af4eb87a6ddb0bdd5f1f4756923cd47e06f7191ae9457b3bdcd1548
SHA512 077a003e0330dae8047f95116d6093eb8224a9b4988d5f89c2436d231a696bc2197d957251113b193ccda030c02a1864ba08f1f91b36983353b8ec7c5bc9740d

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\PresentationFramework.dll

MD5 33a51e894c2fb8131a2d3c982b9f994b
SHA1 e4c4d092d7241627ac0a0fb80eab750875777c69
SHA256 2506616dfe0e3ecfa628032c1a3865133be3dc6a93ac13c69f74d4e919d90e07
SHA512 7f26088122688ec52fa07b8a398bf024f26c78f1cb7400c4ec7b8948a79a266707e5a2660816996e17a3908b96b48da66d3bf3953532109961dafcbbc9e08fa1

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\clrjit.dll

MD5 a47ff88ae97b0e63cd5b2d508d617d72
SHA1 aaeb4dfc8b9f468b0259f666b080b7ebd3e2f657
SHA256 5eb32f8a9c05b5a36f0ee9d8018d80b1f54f6ab693d8e2f3a53f17db3e368410
SHA512 ccc85dbc3e45ae87e460ec78ada0a4a92f6ea46aa0fa533488eff8eab4c62feedadb3ea8170555e244c9b87692c176fdd025d384480abc6e1b4b1ac9c7ccd705

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\System.Xaml.dll

MD5 a5e60b072955c32caffb247a6c41a363
SHA1 695b04cbe0f91c19dc9d123de4346b8ac7816958
SHA256 78996ceb78775f1c60a25d06c23b3965f17aca4411d7e6b8bd8ada0b409142d2
SHA512 7626c9987b384cf7dff793e76e020bf231966294cf61f5e984d40509e770f698ed68b88815dc7bfbe412d5d86f06f71cbbc07ef41b99a0ba55a639f6523c3e1f

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Private.Uri.dll

MD5 dec8c4ab60a7a682217735446dfc3ce6
SHA1 9a9aa6cf242a3aa860217cbfba1284d12bea0917
SHA256 f7112403faaca314b42efc5933134bf0dd93a691db3f99a630540214b895dfd9
SHA512 4c3e200230ca8523022dc3a9db270e99ed72f4d2aedc5307daa36b3e075b9854190f13f66366991e6648510f6ca1f1027ebfe47f70f67a1b7af740f237d5889e

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\PresentationCore.dll

MD5 4314a7ea40ff18c2045d6684e6d6a38b
SHA1 86f72dad39118c7e1db27172507a481b5f3cf79e
SHA256 65f5dde24a4209768ced840418bafd6b54d3d1fa41289b98a1f9425831a37e89
SHA512 c1f11cd0db06ea7b92684def991c4099f43fe40c293964902ab7fd0077acee53436ed4149b11c2a590571b5790b06d8e2588baafa0a70996835ea8cf0b34d71b

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Diagnostics.Debug.dll

MD5 89be67fe21afae582ccab5f931efe3d6
SHA1 ae9fbba823b5e8f2cbf1baf25bbb10bf93e23d22
SHA256 f9d17352e8c8a03499dc67c53ae75882179c8b40122e3050a1d59f5909a7bc9c
SHA512 e1192c1d32ab302c81e090becc6861d680fd260cc93304928f8759b970f2262d6c13b202391a2e11b6840a6e9c197925e8dd7d9e9079c1def35187bc6f6d6994

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Runtime.InteropServices.dll

MD5 7367b388695c01377a20e3382bb3e7b2
SHA1 417ad1c0b8502ff77f30716a2d4bd301b5635f0c
SHA256 b105c49ee6a6d871a645a6e0188d73efd7c75cf8163f44ac38eeea199971afec
SHA512 a08eff165132484e76db0fd81a7c306e8ee97e17fd250047647f09a42f75f3d9412879f54c7f5575232bf3ff4a44a23e3fb7c609f641b3399e7e99ec58c157bc

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Runtime.Extensions.dll

MD5 e1d33d70d801fc5cced5eb48f9ca850f
SHA1 5270d9ec9f3cbf3e26fef1aa2ff6cc1bd7cd4935
SHA256 b8ddce00cb7e1adf0fa3a24dbebe1b02b19152440c51ab1b46c87c3acd7ade36
SHA512 26f7ef5e9b42c93f7561f00f931c49c865d6cd8e72ad06381ad8c9a5f1a551460f33dd709e1aa8eedd9d6e10ef11d7ad0d6c4a85e1c7592f236fafcff2b6349a

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\DirectWriteForwarder.dll

MD5 54f34b1a78513fde5d329b9896659607
SHA1 7b4798ebb9bae9de806699920a818070b2d98b8b
SHA256 26a5e6f938e82fed1abb0f339cd942ae360df6833d81c1c2141e1e5fca11a6ec
SHA512 b2cb5491bdb06f0248709b976e7575d9639e1dfdfc237524efe1f49d6c394bdf8cc006d16bda68801cfffae892d2a34bbd60cdf83293d59bc70ff3c4a373748e

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\System.IO.Packaging.dll

MD5 c7ce85d75ec90dbe6b8733e1118bb09b
SHA1 a6ac1e16ad5772f389886dd561ab0c27e7f02a10
SHA256 a253c7457b0b8b7296f314cb6abf1666382b8e54daefa6518b12e0fbd9814a5e
SHA512 30c72689c277d77f5d2af6da85d72387b4b18f0134e6982671a4df91c6fe23e76811ce517c923a23f3a84f3bea3c08fcd999f842bc284f3d5867441cddcd4015

C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.15\System.Runtime.dll

MD5 6185164c10012f495240cad07bbb5c81
SHA1 028e773bfa65315a800d34ce4b1221ec3d76a083
SHA256 6fef03a2e51c508cd82d8613f854346f29c33d767a73298bff6c7b54f34a8bc5
SHA512 12507817f3a7e0ff7a7e0fd50532ec200b15ec244d346180c09256ddbb303b35993f4e0da9d5d96ef565ebac2977cf33c9fb90d7cc89a6e8ecc5d148f3f46eb3

C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.15\WindowsBase.dll

MD5 528a1e5b757e653bb6ad897015cfad73
SHA1 61503035937645456e2d146aca878c8fbe7534b9
SHA256 2615767bfc54fb22da22225744723900432b3ec707c0f526581981ca1d8235b9
SHA512 d868460b104b50d3837bcdfbcb5781af889de722bd3e57f4ba6b1aa3272263a8a5fc44123fec5a50c366f7ee1eb286170ace9c80d32de4f55a987b9fd341d7fe

memory/4996-781-0x0000000074780000-0x0000000074F31000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 dcd8a3a322c5147e91ec69dba4f02817
SHA1 fd8d28dbc012c0c40bf75e51f28c78f91526ec2c
SHA256 3f611132689b0b0230af3f2d0ad9eacc01f333c93de01dcd2b70e26b4aa584dd
SHA512 eb9a11007b571a264e31d5e0068dab34afa469e0ffb4eaf53e30a29185f786dfa05a9bae94f43616d8ae102359542cc7cd879134fa12d285a53a0d148dabd707

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5e2dfa8f944df63fb5ac537ca8e55f81
SHA1 446b633a0469594d31c69038b8d54842ad138537
SHA256 1105511e4cb691c9c2dd5eef6d068d8ec5991ad58a2ac447b84a4b357ccb087e
SHA512 ae8420519ae96e86db8d787fdceb002c80ef23dfe94cd07076dd4a5fc67eac35229467b2f7ee0481d62a871ec168ee2645040aafe3979d16ba068e1a5acb28fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da41e402834a744f817568a84713a3a9
SHA1 9b5d231a2915caeefc623d27081a495c7c847bb1
SHA256 e84b3f4aa75dfe0416743c1472496e1f62dc283030d25977bcccc14aa9b4028a
SHA512 399be789166dfe6d0b5bbb9f5c3ca94457d16e53693e74d631cb3a9012e31d66098667aef56b8381b1ec7937137b2d780f9ffcd572b25ebe8a06294940e540ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e555c4500f2d4e56e0f90d718ea71bb
SHA1 fa8fe49d0235f771a057252b0d34894704f9e847
SHA256 0d318315d8ebbe7aa86b5871513dcb46038646768e1b5a7ac2426405c9ce14af
SHA512 c431b4b2b7add7407842d10bc8bbab9b0059b65e33f26f05a26c166d3d0666907583b585dcbad2b221aabac32eb8ad01410c5711cb1059b2241ee2ab5e844f58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ff8a199e5e6f6e0ad86fdc6b321f9c29
SHA1 062a9ec55c4fa87f8f73e2f5c08b804c6547e62f
SHA256 2913896a211b27886d738e2cb8b7d2eb2a8b5024aea6f08574294381b12e5f9c
SHA512 5509c69162996aa4c5ba335574c4620838dc92aa21df1c1010d9380b9669059d0b81260a4caef31272baa0e519665724e92e75f03369a442a28b0d51145019c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71b4eb31aa220a2dc3c834d3617f42c7
SHA1 53c6790b08c2c879ec7103bc59798e9736c1f7f4
SHA256 cb80c0392522a67cc9acf9ab85d7e273d8ad33a62a955f83f316bc45ebf9cbf2
SHA512 c289532dfdbfc962e6e73fcf958f3fd13a9b031bdbda0e12fcd3a310e1576820815e63d92defdf79f5624a39e4115121059f1f050b2877bf011efd2a712a069a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ccb4f32bb02b1cb45aa649bd6064fdc
SHA1 cef9399cfca2de30014cf22d428bfa9bacec95e5
SHA256 c4cc52e80c5f8ce751fb21d6a8bb8a17e7833402dc137c22528709cc66a65227
SHA512 fae588616b0fd75bd39b4f9a9e687a165b8e256aefb5552abcf124a3f604821bb176d8587cd755ffac4091312d180d7941330125e3bc698f4a42e588e4337932

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 79bae8b9fbe4984012ba32a3248e9fd0
SHA1 bb9151618f9e17dd236dc0afbc7292cddc80bfec
SHA256 0bc3bc3a803d6c4b9cf6b626e510c908553aaa410aec37a2a132372d591c3bcb
SHA512 baa90d09769e3d09b838ff8db0991fce116bd9b4012119bbafa820800977366ae34be5245faab194d0021f108b4fa75e423b05f85ef4bb4c07d394aa16929a41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 266179edc7a276a822bf602ef95a1650
SHA1 5460a1e6bd676f51e7428cbf5a6552af92a03e33
SHA256 d215fe0eeefad8191414339a3f0ac0575b67150d5562f39090418170ee4cf90d
SHA512 e1d2c76fc4384ec9e0cff3ce2dd1666732611797f9754dc5dbc9e07779bc78c0dd941c372dbdc52c033bea2aef2900c841d73e847718f4d13e2a556a73311277

C:\Users\Admin\Downloads\SteamSetup.exe

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6ee0b21f55230535dc7a7c8ac0285d75
SHA1 9aa9e33028245f76dfa8ccc23dc6ac555b644e81
SHA256 753c29ff8e47419686fc8613251780600d2ce4658dceada49a3a9cd7828dd66a
SHA512 7a34443b1bf3ceb9dd511d8e36d13ff2f9d8cedd9e10a88bf13e2ae7a6adb86da7a5023ff9497d5d497dbce849648edb2e27ce59212a4019a3dbb049ec53a6a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ed29b3f58a32bcfd7a039165d7d178c
SHA1 0e8cdde71480d4c7cee499a9cc1055ea8295904a
SHA256 9198484fa15bbcb803459a3523dc06fbff30969a474e358f2c027bebb2d2381b
SHA512 d267e0bebc618d5ac7818a9838fda1f4663ebe6b2fd7518739698fa56b938239439eb87ca41240f95d46da5302842087796fbf4fb4dab0ad6fad288ded17843e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2de0eb27f43a7e6fd82c7b121e74e97e
SHA1 5b4fb0a732faa6fd67e795d607c614f53c0e2e3d
SHA256 924cc08c8cda221f76f97f6be481e7ea5507e0a6e9e012bf2db55e3164dde54d
SHA512 12361b7f0038e7c62a6f45c50848e647e2bc1d5a480ae62f1c9b03aa67d1cdf3ada343086b529afe26deef65977c97655720f821b6641ba9b5f50a33cd9a1c11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3ba07e3dfaeae9960f6d6fd743fd3919
SHA1 a964a65be56c639cebad90d2dde30d11b85e8506
SHA256 5f7af042356c5d3ea1674daae2297111e489658eeab65f412ec30127fa40c688
SHA512 f251912e302af6c0cb44be7b4f52323417544d2414bdb55f3c1bf56a7ac72832894147d05f3954161555d13a9502cc321fe7090e0f10a7da7c4898b296b99fda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d6d491c33b029b1603c26c35b6676437
SHA1 48699cf775200584d6c6855c45ca46bb8e214d3a
SHA256 bee9fcc81fb5727b6e917a07a8c950a0ae10b86c0e2afe1766dc4fd7f5573838
SHA512 a0de2512130df3391ea296d7243f76e2e415b76921c14a2f819836773a68ab4686f33646cae6fda5aacc003b07697374bbaacaae2b482edff19f907201c8ea24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 06bea33805f6899ba1348bb71211407a
SHA1 dd2d87b9e1dac8b58ae3c5812915bab58b1d0a78
SHA256 69677c84d22938773cdd28d0cd4f8ef3ca07e0262fb08585f97f1c4846482a47
SHA512 813a2fff2b63540219bc7b9bfba185f9071a06f4d682afa6dbf5df98493b4a7c08a5dd28b076cbf9d03d75610900c16287c4e25f3f242dcb48809a3f1f375b4d

C:\Users\Admin\AppData\Local\Temp\nsq3E6A.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nsq3E6A.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Users\Admin\AppData\Local\Temp\nsq3E6A.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsq3E6A.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nsq3E6A.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsq3E6A.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Temp\nsoCC78.tmp\modern-header.bmp

MD5 da3486d12bb4c8aec16bd9e0d363d23f
SHA1 863244a4845c9d5dea8dd36e1083f5639e1224e1
SHA256 d93b76d51bd2214fa6e999c1bf70b4aff5165a6542f9b9b2a92b5672601f4624
SHA512 8e40adb65a4ad46f3bc5920d7fd8294397268e754b1eb00d4f7b0883be6468448033d9a46cf3a00fccddb4a7c81e7f984cf5a25731532c1aeface69573dfe59f

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\package\steam_client_win32

MD5 628c58048e8d0dfd0d5a985b359b353f
SHA1 fa1c6b8addaeca7da658894e64b62252f8aacacb
SHA256 290816f20a98ea9b9ab3185c2c59eeb3c4c7b9a861c72d453622e7d1e07653d4
SHA512 be287f2c42927f939997b61052e23fb4c13b7709655fc20c34956c5d131d8820cf90aa67139191f801c1ca118ee71a33b74970e263ed87916203fc0f3e6fdb8e

C:\Program Files (x86)\Steam\package\tmp\public\steambootstrapper_korean.txt_

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/2124-13658-0x0000000000BB0000-0x0000000001062000-memory.dmp

memory/13856-13680-0x00007FFAA5420000-0x00007FFAA5421000-memory.dmp

memory/13856-13679-0x00007FFAA6A10000-0x00007FFAA6A11000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/13236-13728-0x0000000068AC0000-0x0000000069E39000-memory.dmp

memory/13856-13738-0x0000020F2D840000-0x0000020F2D8DE000-memory.dmp

memory/13960-13740-0x00000243784D0000-0x000002437856E000-memory.dmp

memory/13960-13741-0x0000024378570000-0x0000024378646000-memory.dmp

memory/13856-13739-0x0000020F2DAB0000-0x0000020F2DB86000-memory.dmp

memory/13236-13744-0x0000000068AC0000-0x0000000069E39000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 73b6ff380764d10963c77d7f81fd8b11
SHA1 1548acb3f8d820f1514c8c6a8aa31c0a79b6d611
SHA256 7d9e324c6481972d64f3ba471a6fc969731c5d2d97cae93eba58659987ce4036
SHA512 564444e302aa50c8a3e129bfcbd17f8d71584f3fec518c9e2f95a3ecd1a15d6f25e2378116151db3eb08168e97f406ade273c0bdb01316e1ac15d2e5cbc859b4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5f9786.TMP

MD5 c57323588d315ac398b5d33badc16ca8
SHA1 0e87ee6fb651b363ab62e0f84d5910fd260c4e8a
SHA256 62c369b3508e10eeb8d47718f019c490d18150c78ae426ad7889444e37e531c0
SHA512 d0fd8866f20e5aa89242c5d154dce6fda91873b47a15d0c0828c84873306d3c640072156d3a60c08ddaf4ac27bd830f406e6e3b1b7a4cddb64c4e751880e97d5

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 7ef099cec79ffbae21398e576e1ebb97
SHA1 d46fe30d531ff5ec6a31923b38cfcb55b50a6684
SHA256 c4900503b76fe6c1d541a46d114987d045034d1780ecbc16fd4c4a6a75572c8a
SHA512 cd7edfde649bc2cb2108f5608a19b235c4e15dba04fd567a2767faeeeba21ef55eb62a15664bacc7ca9a8388f58aafc5c9cea24624d1c83ce3a838d253b43f59

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5fac95.TMP

MD5 69eea6b60e529879609ec2f783a327a3
SHA1 8c0827727373a0af454455adfcc3083ab1712a50
SHA256 63773b4a5cb81a0c7646863e85169a6d5690295a1a3ed62197fcf483d78d62d4
SHA512 6fe242727ecbf2b73e7095bbbdcac316428bc069553083e511e95ca52611eea36a65fb0a354a712d274e76836d64e1934164b7f8f275a7e5389a1321d48cebeb

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 5e50cb9d57a75fa1d20e55709ef1cb25
SHA1 b017007b636d1e040c5c5dc3eded5f1fc370a3af
SHA256 f3cd21b456b5300daa1eac0b95c829b0db62cc1326f0c8c42af0cd4643f6b61a
SHA512 b3f36a684e0cfef22ae6f1094e3e1042582ab937ebaeb3692e554b07cf46d6c298a5c728ae4ea62d5e7573f1183e5cd9c199fc9d84aa841c71610499ae9318b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5face3.TMP

MD5 75879047dabf13a1a861ccee935db7e1
SHA1 d364919b2b25d7d0973177b274c08fc2db16495d
SHA256 170f0a16376b7bc1055793533122f4b144909b8b7e7667190fe469643d2d38ba
SHA512 96fcd666157f645d3372498dd5bbcdccfb35b368e4122e2a7023c1f09880eee438eb0ffce1eb8199c0caf9bfbe32160c91cd4056628896bcf07b2d8254ecd173

memory/13236-13787-0x0000000068AC0000-0x0000000069E39000-memory.dmp

memory/13236-13794-0x0000000068AC0000-0x0000000069E39000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 9eb415c93f64a744ef33be52b0de4eeb
SHA1 6c95cea83e9ea7098f3350046dbe2b8a2780c1f8
SHA256 adc1ffa72fcf082b23b70c2fe182052a243224218049406d2371648008228aa8
SHA512 b5e105004fe44fbb7ed5be7a9a95bc83b6a9d6edb083f72eea3848a64b911d8f19a32e8f70e33ceec7a0bc0ba4e00fb41d04cf636cd94c82779f677485de7dbf

memory/13236-13832-0x0000000068AC0000-0x0000000069E39000-memory.dmp

C:\Program Files (x86)\Steam\userdata\1597410768\7\remote\sharedconfig.vdf

MD5 12d10a606e060dde77119172a8e8d8eb
SHA1 00c2f996fdc76adcd7bbbf317d5bd7c12fcd97d8
SHA256 7855071ead7a7dc07bc5f97e6301e7199988ddfb057802c016782fc7cd763185
SHA512 7b741ce722d929b7baeb93e849689b716af4687780b58c2ddeefa0b33dfc4be17695fa5dfd55f152a3193ebc5a7653ecbd8814f8f8e8c510a9eb3d895fb2fe1f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 83aed61575bed3506683726116ee7b01
SHA1 cd92ecbc36a00946901154f68cbf56d6f0c68349
SHA256 cbcfaa56652f89b25333fa66a82842e83746e2e23a33bc69774e4144fb3407a5
SHA512 f5dc8e03a842b625c60f1606171605cf5271fffe7cf5f5b37874d5e40b29fd39f0adf38eb7438e434ad8b2066193e573a5afe4b83207291f6f7f422de3349ce4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 dae233ea1427c339f4e6953c3c24c30c
SHA1 3522c8e5b5e9aaf02fc86c8746a86b763836b3ed
SHA256 a19302f04f6face45adbe115bd2e6022ff5fd3ae0c395cc6af4a7c8b0c6487b8
SHA512 46d6e1f0c1d54c2e53f03608e564b5c9652e833efcc6ff9d57706a1b49c08bc134bea4a2d7482c0c67dcb06ccf2457dd432374411c9ae39c904a807c85682667

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 511a7fefd7dee5b0a19505df4e3e9cfd
SHA1 efeea1164f7a0f72f847d82daf3b9a9fe213a1ff
SHA256 b9fd6e80c177f54817f51582505668600155b23345cb901b1b2eff3c78abc600
SHA512 24653faf1033036c174d3aa699b06c3d7a4463f8043b07006a7b92b59739136c58b6dce7383823b5befb477d0dfc23de8813691cc0a8f0ad0b25f497d6c57660

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 8944d84a9d00e7231e315356c0949d9f
SHA1 dbd3b3d79c0d714ff02dd649f971d307dabc634a
SHA256 e1460cda524330a6fb304a7822fdb5f49156b42b2505158117f02a7abd832e04
SHA512 a38a4a2cbaa7e995d9700104872895a2e01346f0d0a0e62d7138c0fa3de31ad6bad7b697a0a220144ca411209aefdd009934bd9a898d2e3a9146439091112d5e

memory/13236-13890-0x0000000068AC0000-0x0000000069E39000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 2e57108cc5baae132629c2eba013d56b
SHA1 63102ae6c9657ff9537525c4aba2c3ac2014256d
SHA256 827d994e700cfcfd6abf21eaa2fea1e7f03777d86575a6e14889d358bbc3737d
SHA512 0eaf2e1065cab2b05d2bb99bdc0b9ebc74a1e69e49055fa07f1ead65f542903bcec13d4abece0ea9dba0369f885a86a7c588dbf08666c4710f0985d8fb22a2e6

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

MD5 0b8f38d6f219adb6af9a46e34c8b55c5
SHA1 abfb7eea3e2073ef536ef4c020b79dce54028174
SHA256 c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8
SHA512 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

MD5 38654b347fdf4acc6886b4ce73bf189f
SHA1 508590279764429312ceb10f250410bda63bbbfd
SHA256 e34a6cc9262f209c2b4b27795a2f2ce8eb4e84a51a2a632bc438e9bec74d72ab
SHA512 3a0dfe4b1409823ee1cc5431e40e029c590c57a233294896e67afeb4676edeeb38960ec040af8aee6294481da46a26dccdf56fc4b314cb07f07d047ad50be334

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

MD5 009ca439b8e68dbdb83850d51b07c736
SHA1 b8dd1986d15aef3dcba09c954577c780b549c582
SHA256 4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43
SHA512 25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

MD5 fdd66cf1aa30770e6fdd364bb78d1c61
SHA1 7aee7771984d3e8441e88511d89299dcf29225e8
SHA256 10e626634cf39f22172077e8cd5b6c7aae84ad85acf20c7cf68ddbcebfc587cd
SHA512 20bef3e14e3f493932b35f1156e930c308f1dae11fa969abd0b80126a70cbaf51bc89bd73ceee3f001bb7836401b9b3a99015bceae13c4bb346fe8419b5a169d

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5JNXYEJIN50AL9HN06SU.temp

MD5 42e989d13d61febf63100ea4c15812a6
SHA1 2febbe555b8b072c5ba95e91250be5c5e66b9bb8
SHA256 64f35a753e5791b099e975cde565e950291753f34fa53318f60e85043e070ca4
SHA512 802ee361f9e600cfeb48f16892aad4dedf63046d8359378ffcff731175b6391c8100228738c50bcfaca74fbd4eaf6c77475b605d9e17c44b8c71b5bbbc4d594c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

MD5 56b913703255a5987243bf1b083b3c39
SHA1 e25f12d9db1649ce7cfc55eed5aa8b7cb2a5539a
SHA256 3d71468bce1f70a7b97618b2d56204dde76749656661408247ba261598ff67e1
SHA512 e5ffea041e8a67eac45c887593efe185a5047558400079bf0ea440089e41b367b579b1623dded7fb3c36b423f74ebd12e4d256750addc64b161b95edf44a3a80

C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

MD5 af1509b250f7e95f2f9cc855c8852002
SHA1 e91a35cb4dc4311a844936f255e68ce4bee50b82
SHA256 2a9fc98490e0f4b9f7c1ce35d8692c6bf1e9bb8c7930dbf4c986032e65460aae
SHA512 89ea04437c9c3b2e171c64335a5da6d5bd70368e7809b82e71ff185ec14b7f277dde9626a12ab71e79a8d395e5c5e5c05f56ecfe20deb462708bade1ea405ac8

memory/13236-14015-0x0000000068AC0000-0x0000000069E39000-memory.dmp

C:\Program Files (x86)\Steam\appcache\librarycache\2180100_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

C:\Program Files (x86)\Steam\userdata\1597410768\config\localconfig.vdf.async13236.tmp

MD5 177258c7e6708704541f20a46729e94f
SHA1 e0f48ef943c880e7514867d377e24ef95e7a5bbd
SHA256 28894ca9b942f8c4d6cd95ba574e299fcb34a65b894c0faa9c0f374f215ee4c1
SHA512 5a463895e50d746192d7265784c8ae2f579d2245914f6030dd92afd40756105adc0d9aac361431835c8ba9dfc558c2a4e9dd480389c1b2f41da64416d5aa63fd

C:\Program Files (x86)\Steam\dumps\reports\f8a5754e-a3c2-49d8-b9ef-c44c1465741b.dmp

MD5 68d0fdb35b7dd5905e7c7e300c2d9975
SHA1 ae21544a57a7be9fe62cfe2af8e18016f6509828
SHA256 d2b9453eae097ca05d385b117c7daa1f6fa244c76d21e2384ff02b0491b54bd2
SHA512 fa2ad3f962e05bf43686e0fe4ca1337b96c5b2039150f7fd4b119f5bc258533a7d962d758c7a9d8a915786dac1fd0cc37b6ae0552004a5e1542ff810e314ad36

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 c3435d27bab1f4d10a7595c6a94f875b
SHA1 667c369df33dbc84cbbc06be0fdad3bba076544c
SHA256 dcca5b447824097819b37954507c32fbe4c0b8835531bfa48b7111978f546b2c
SHA512 7c06ed899d868b7311d18ebfd6296b80cc402870d30641b612be2ade357e7e91ee5723455a3120bece7a726b4ecc24347888b5acf04ad53c57d38ca5b6d9f080

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe605383.TMP

MD5 6045e0fdbadd905ccaf32908281c591e
SHA1 434fe7062db748405a51e6b26bc7ac413f359b10
SHA256 704f4df650a9ceeba2ef86567a27b0a10ad6043edaeeced62fd6e1a6e5c2c967
SHA512 e3b8a6c3600c1c36c6d2b9df0fe4bc9cb57b5f766d41c8ef600cef1347390c542a0e33f30972d7d486102f65b75e998cc831abbbdb01c0e0ae2f83d59a9bdb9b

memory/4840-14085-0x000001C073970000-0x000001C073A0E000-memory.dmp

memory/4840-14086-0x000001C073A10000-0x000001C073AE6000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\cefdata\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

memory/15616-14142-0x000001B657190000-0x000001B657266000-memory.dmp

memory/15616-14141-0x000001B6570F0000-0x000001B65718E000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 4bee8210cce86fd5376d06ca6ca6b108
SHA1 a90b14ffedc6733a578afa1df8006a6c1f9b0474
SHA256 f0398e7ae90032e0b06f8a8b23ffebe1b5da7afb52b530c93f0727c4deb618a6
SHA512 92303ff663b4041b373881e136f5d49c701009d37aa1d6f5d0732655f9ad16d2886b78d79b4a6c193a346262594696ef9e7e17e2882dd299b82fe88b3057df4a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe6057f8.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 db7be84e743688d1d313f79e2a76a774
SHA1 19a0c771c9e594ae5bd223d5a853863a4c3f53bd
SHA256 9e5c0e39b217c515a2419a1be6c83269dc7dffab1596d24597bda24589ec771d
SHA512 f315779e2f28676a7a67034c8644b5521c477256eb12b17cb976f9b3aa820e00655a14bd3a951e4c777c4b9175e0a3e30a46109693cc0ee3d7f32ce960eadb20

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 d24c827cf91da9e249b38260b78b36c2
SHA1 4ee7b27e6dd31c0f804b335aaa5ec548f86d3b27
SHA256 0d1ae1e4718292c0eecacd883c7bde03367b7f9947973326b620d713e5134890
SHA512 4a79fdb5e445033a0927c3b99ce7d1e3236f1198d75c0f623d5332b2dbcb46b7f85aad6f1d020c1eb1ee5b776548e00be980f9c25ce186ce5e0794a8a8340b03

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 d0620390f6c2e34359c66b4ab24fbae0
SHA1 b0f7faca724fa5e36c3ec539abc99db9591ee0f9
SHA256 b9d65fbf4b144019efac5119464be07b5fd61912a6ad587bb40afdb9523a4c0a
SHA512 032ffe8296bf2710d4aef52a5b1d073eb50de1e659143fc6bdcecd09600c7e62427476b375a2c98aaa2e31937e2a688afc987014e01a2599b0fe7c318d161adf

memory/13236-14222-0x0000000068AC0000-0x0000000069E39000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 b0765a4092355ba79b6925406c7cb09a
SHA1 b739eda55d02d894d58dcb1bb6b78f2f3603bda5
SHA256 cb9921ffc0c757bc5212c8e521dd6c10dd7557e1f92a8aa2e444dbaf2a4227b9
SHA512 2744aad52f35a1cff27352148d9a5da126a87a67c24343ea96feb41bff41ba6a9d5ec34b5ed20734988f17b86412db62e8e6c20befb32feede3a49e0a3b11750

memory/5328-14321-0x0000022BE35F0000-0x0000022BE368E000-memory.dmp

memory/5328-14322-0x0000022BE3690000-0x0000022BE3766000-memory.dmp

memory/5164-14336-0x000001D56D0F0000-0x000001D56D18E000-memory.dmp

memory/5772-14338-0x00000239996B0000-0x000002399974E000-memory.dmp

memory/5164-14337-0x000001D56D190000-0x000001D56D266000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 abb3e0dee8f012debf61e6dac7151a71
SHA1 713ff96a008498b2ac750f32af01612f1d9f3b73
SHA256 f813db22ed08d173038339f9eca8fb499568cc325ee2e78d367ba1a072910d26
SHA512 be84713d26f5a009dcf2092ba0fcfdba5115fa843138a17e9e20d3c036a7474757f761f3fda78a11f87eff50e400850d8dde265f0a040a3b8fced0b571b41a5c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

MD5 02c4cc6d759709eba3f82adc2fac19dd
SHA1 769074f793e9913f2921582368b86f0b32269d89
SHA256 1109318670f3f0ed4881ef4d85ec2fbb9fec253df4e67259064af2dec0b97e1e
SHA512 cc73116fcf0f6671458a0cf46577f6c6acfdb53ab01db09fccc04df6196d78551e4b03593cfd034ad0950d0abc587173e74bb734ae62f9dac726eaf959b8e919

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

MD5 6dd7b4f9078fdbee117bfb190531988b
SHA1 7a3d0053826d139662daa0268bf2a76e76bd0966
SHA256 81ca7b2ade361aeaf2a53278fd82b145ae30a11653342bcfc943de6aea8a703d
SHA512 9dddf6729c0502580ee77410ff4d69691316f281fbc9cc140362604407950289a7bcd7c16ccadc5a6d51efd1a941142cad1934357fd3d181651b53f1bd59fd8a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

MD5 029f7cc33ae75fc214f920e50ec8e1ed
SHA1 a9944bb45acaa6ff7481e33d1dae8720e660a0dc
SHA256 7afcb7387ce3e780abf62bbe0fb5746a01f4778d2f05ead46cf1b0380ce7d445
SHA512 e98ca79dc7fe5f16542f5e7d191b87e1081941dc94b39336eb36b5451d8573fb7dd243412af1eb3722c2a7b9147129b9ba2c1487449c27b78f3ce4895eb5c622

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

MD5 6f882cfc18469731fd8ebeca69365f7f
SHA1 78ad386807dbc130b1fbe5e1a97389e1e0e2981a
SHA256 b81ddb468e5604f1b5ddce3c1e15e0298432841752cd6be0c497b05fae7cc346
SHA512 75855a2b09abfab3476fc16b18d996e4a705980a1dc2c4f84688c9b8c7b4c1a6ed0a4dd7f6c57eb28838ba1999012a96253a1288f9445056bb2f7386b2315128

C:\Program Files (x86)\Steam\dumps\reports\661d4f08-d0ff-4ee8-b140-29d6d122326a.dmp

MD5 55b460138a84070346c75a1b24130ad0
SHA1 a5a002aba30384b221d70e3741e2b2c3600aa33d
SHA256 2035ad287e1347a0772159bfee15822263c10dad9072282d9e662361e48a850a
SHA512 047d6618c9ee8074bfb3952df6e67ad5fbcf463b87ea5209a3f3360ede461665189754ce6f8e05dd60d6025e42be499be76bd3060f6c4bdfa858451932cf6611

C:\Program Files (x86)\Steam\dumps\settings.dat

MD5 0e712af6e15eaa38a8aae43394004299
SHA1 6d3e8c334bea5b61799db8bbaf9c054ee9d91427
SHA256 fc78c87c5d0e7a344d57cae074da1e443bdd58b838e0b7595a4d7c3c82fb06e0
SHA512 e40b0a4061a925fdb427e34cf0813e45815f0ad8a19790c3269f6e224b67f3798746690a9ce9d64718841ebcc4e32f9a9d5e7390b246b6e8732eee7b3f8c2317

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 e77eed79ad62c5aca7e4f640fd8e2d83
SHA1 a39c7efafe530b90df816351460ab71eaf6f5912
SHA256 6d5c0bf3f1ca8619b7bd29cf7fc0e162408dc5491150a48fd0f3f082b59d44c7
SHA512 c43f458d2317616d1bc369218b44abb9142ebe49cc205d4f209adda15d80316bd38221f31bbfd94d6db6deae88c2bf14c6cc14225f9561b7caca00d2cc17fa97

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 4370ade8220e7ded0e03ade14fda9a35
SHA1 09211eaeb59b0862520a5cc8c92058a3b73c16b5
SHA256 a0106d1551b5ac267a5cba6eab4dfd4a346793589125d31c5b3c34c9ba6dd5be
SHA512 84456407e2ce9bbb0d396969524f5a03bb14e46c31eb8699450f6eee6dcbcf6e4c59ba84396cf62a188a07a81fc4df8caf48c0a02dff23a0a54e20c1c764b81e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

MD5 18c76886e533c920a94353734f354d18
SHA1 610291e584653973627974d10d57ea3301514c66
SHA256 5dbd4c9ec5486487f89e7dda9d0fa9b35b4c73e7327c393cdc453b3f9d0785c8
SHA512 35ff640836de0ba31f4646e02a26e473fa9773357055ecd56b5a23d389aaee2babbe43c75e9c033ae48940ae0ef38ae355f28ad39c90bdc6d6682d9f9f4756aa

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000014

MD5 23dccd50c1598cf87c321dd0e788e2e4
SHA1 4697f41531098e96b97de4ca6626fd86621efb1e
SHA256 167b5e3d2fc6a069ef986144f71f70ca1ed8c4332846757c8aa4792703420635
SHA512 00174629a41be7b3d69e0ef03041aab41adae416c39209934b8a9c3923350010ddf01ce8d37cedd6bd57769796b41ee3c18c1b393726988039b556416c20f676

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

MD5 24fd993f0cf6cdd2f310db84596d1bbc
SHA1 b9ca724fcb3342c58ae026d266a009a73b1f5e31
SHA256 53db01b6f27963566a58cc3bea3ff2f88abda9c16302b9ebfd3c858d77f2d9c2
SHA512 892280df9bb1daa6e443ed684a48f4221a313e54bf300bea00c896d3a2967eadc6f98717b4545c1c956811b8d5403f132bb2b94a5e9aca91088e0f0203630ae4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00005a

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 8e6705da4d9fc6f5e69233a0c8ae25df
SHA1 f8865b91c6c518cd5106d80962a51519fd6d9008
SHA256 662e5d28d250d1ce6f5365c1aca0948ab37fe7e96021c4c3adaabab864503e1b
SHA512 3e0e65cf33070d202ff10bd88ee22a4ccf6bee2d8b5bc687921058ee30a6a41adc2d86bea7813b597180728477a0f39af17ca6c58b25f2a327c3c15b4bb872fa

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 a38ba612357bd61fac3e51af3f554589
SHA1 7b9ec28003d2cf504b43e4ceafb49b7b5e07bad2
SHA256 61bc9df74aca19810709db06eebd4b2143014fb7dc290326333288aa101d2260
SHA512 115d81161d31165e95a26049d5dab8f943cd70e34c5d5160448ae64d29ca20b600c06b47597543331ff1173e7166616d8661dcd26575fe1e1fb2a38ff0f4d4ff

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 82c526cd7f7fad6493e9b3a3c7f985a6
SHA1 ba77c6e769df43d4bfc1eb0164135d8e4a1fc366
SHA256 2ea26b2c50cab862719cfa57ef2781b1c4320dea2703d688cf54283b41b0b530
SHA512 bc5e84b7d28df88f66e85ec9e695ab4f7afe3b92cdc156ae426d39ea4e866e70e40657a18729155bb765409086d34de657441f7d3fb86a4141fb5f7ea7f89e8f

C:\Program Files (x86)\Steam\dumps\settings.dat

MD5 50efb8bac938bc1409f96cbe80fcd6a7
SHA1 5926270ba9fa7261facedcb41888b2fd2667baaf
SHA256 526f2d27ad248b2dd294f9ccc27a9f677f269d7cbf6127bad156eaa2c8bb342e
SHA512 b67b0b8dc6b70f5506c453e88eb8b595ef9c3940b6d2caa4d84e6a94948eee4c97f57840fb0a3f9e6e334982df6ee7ceedd9f86ae4263063618c22d4a91d7e54

C:\Program Files (x86)\Steam\dumps\reports\09ff0777-764e-4692-9f8c-8e157c4ab469.dmp

MD5 952c79f9c1bd23fb2027c451a7a945c1
SHA1 c16969a12c6329e20192b2e39c8e2e40c668699c
SHA256 7671e876725f3d538e0f8b7ae7154220e962f361e4688049fb3b098e2835469f
SHA512 6653926f04fbbe36b1958ec55a5ce922683a9b402d0f96269879ada7bacf58c2004519421eef02791a10a4fbe9edbdaa6126b6eddbbe1ef573fb2e5c1d0fd9f0

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 cdb79db95bb2fcc95fcb5648e7e88dac
SHA1 6a683856f145b9d1c68f6b972d6ccf7e494f6d63
SHA256 685379c89bb24a409a9fe34bedc970dcbd6137ef9d5a241a934177414101a72c
SHA512 ef33d472892040e3369a249d04526f82d3358edbe2f15e5f038f78f9312c38b61d9abcbee24261aa764666de0acfdd405c780f9490a4d35b4c63525518601db8

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1504_281795161\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping1504_281795161\manifest.json

MD5 2648d437c53db54b3ebd00e64852687e
SHA1 66cfe157f4c8e17bfda15325abfef40ec6d49608
SHA256 68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA512 86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 54dee399add566369970004f02eb65f4
SHA1 611ba69beeb3120d5e41c7e1b0e31fac38d8a08b
SHA256 802d1742d411c74fc633928297c08de0920caac07e5e443d5870b771f9722eaf
SHA512 1e137bcfa2cef07dc9fc25a843060b376c9bdc33f5485c9e3f76a328baf58d8d4cd0db2a4f41df8f2b86a27c1f1998845c5cfa6332c185785c226d940cec0a39

C:\Superify Library\Viscera Cleanup Detail\Viscera Cleanup Detail\Binaries\StatsComparison.exe.config

MD5 3981f15e50599b53c104ee8b0a8dbf90
SHA1 0791de9f2be6c612c5f2a6d7c7917caff99d54cb
SHA256 713ca3d9ea93f51fe9f6e55236ad6db09701c7188f58f10d6c4dacff2c4849aa
SHA512 0b0cff1c00d2630def4a4eb81d269044491bd660ae6249c42253968f59d81f82a5efe49a09016cfe459a6ae56aebd309708d78c5d26f0cfaf8936767a8bc4a7a

C:\Superify Library\Viscera Cleanup Detail\Viscera Cleanup Detail\Engine\EditorResources\wxRes\UI_ShowMultiSelectOutline.bmp

MD5 e0123cb7af6089ba2340229bebedf484
SHA1 ed20754f85bf5521bbd11cb46b5f67b37098c557
SHA256 063cf38a54855d609838db28ec37b451f52a40f7c128978eef62fea95f4508f5
SHA512 ea60866b82f90f4baebe2ed4f8eb29976fcc779ad0ba4f14098b97c005a73e7fa2c2e5b3a728f3d932a324801f3a19a17ebf9ab5e035e1779c1df4b437b74036

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPF89A0.tmp

MD5 5d535055443f7f032cd61a7ff432d5db
SHA1 4c6ca436652a26c855cf2b254eeba14ca7973372
SHA256 c2ae9a03e4db3addd8356852a4d54e59e9d5ab2b800047d07d1274a545c7be0a
SHA512 12ab543a957dc34425257c6305b182276a6cebc7cca8fb5c9d429b2e5ac8339cf0b0589eeef080c96d2f79d31889e389a866dfd69338a3c0d73e6bf1482f82ba

C:\Users\Admin\AppData\Roaming\Superify\Superify Games\Viscera Cleanup Detail\installpath.json

MD5 1782e7ab272d7f3f5149a6a6b2e55343
SHA1 b493395eccaa096c3a3c7f160fe8f359f4798d7c
SHA256 078dbfcb07ae703a2c85050c0cef0978785b6cb7b7adf8fe81b07a815e5e0869
SHA512 5d49ea465011bb91559edd16eeae46d10323fb48c102e7d3138dd287c312febcf9d9029caf12a7fceb08108ba752302ee15b24e818617d354f709d3c992bc6a7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPF4E9B.tmp

MD5 e136da28867481cffebbc8947c0eb660
SHA1 c95b23f7991f3741e75271a0697a1936e25f2025
SHA256 048fbb1ff6e48b897e8861f66c8d7c73282892856812a25610247817d2bb6e19
SHA512 35acfcb38a5c53ef2076dcf47f7912d1fb74d616fce62b80c52c99426743ca68d630c2d57cf487a3f63c53214ebf6dbfb7906527a00413cd4e1bfe1af83b2344