Analysis Overview
Threat Level: Likely malicious
The file http://github.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Adds Run key to start application
Suspicious use of SetThreadContext
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 10:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 10:30
Reported
2024-11-02 11:16
Platform
win10v2004-20241007-en
Max time kernel
2698s
Max time network
2647s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks installed software on the system
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\dll\kernelbase.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\mono-2.0-bdwgc.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\mono-2.0-bdwgc.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\mono-2.0-bdwgc.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\DLL\kernel32.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\DLL\kernel32.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\ntdll.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\kernelbase.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\kernelbase.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\kernel32.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\ntdll.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\ntdll.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4828 set thread context of 5504 | N/A | C:\Program Files (x86)\Steam\bin\x64launcher.exe | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe |
| PID 5504 set thread context of 5692 | N/A | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | C:\Users\Admin\Desktop\Gorilla Tag\UnityCrashHandler64.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_security_fair.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_a_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_down_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0413.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0040.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0426.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0355.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_100_target_0100.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_offlinemessage.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_down_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0415.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\ur.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\vstdlib_s64.dll_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\config\loginusers.vdf | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_right_default.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0150.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rg_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_half_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_down.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\friends\DialogSystemMessage.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\login_dialog.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\el.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0360.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_down.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_l_arrow.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l4.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\appcache\librarycache\18010_library_600x900.jpg | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\appcache\librarycache\1070910_library_600x900.jpg | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0020.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_swipe_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steamvr_action_manifest.json_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_koreana-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_romanian-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\c11.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_r3_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_logo_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_y_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_french.html_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\chromehtml.dll_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_9999.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\ssa\ssa_spanish_bigpicture.html_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\appcache\librarycache\294420_logo.png | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_left.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_r1_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_swipe_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_outlined_button_b_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rt_soft_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r1_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_right_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_nonsteam.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0160.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CDKey_MustOwnOtherApp.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\ingamefpsbanner.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m1_sm-1.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_ring_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_rstick_click_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_click.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steamui_swedish.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_click.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_right.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_lt_soft_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\dll\kernelbase.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\kernelbase.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\dll\mono-2.0-bdwgc.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\symbols\DLL\kernel32.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\ntdll.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\dll\ntdll.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\ntdll.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\kernelbase.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\mono-2.0-bdwgc.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\kernel32.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| File opened for modification | C:\Windows\DLL\kernel32.pdb | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\gldriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000200000001000000ffffffff | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000020000000000000001000000ffffffff | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = ffffffff | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Steam\steam.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\Steam\steam.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 313692.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff409346f8,0x7fff40934708,0x7fff40934718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6396 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x4c0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RevokeSkip.css
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7732 /prefetch:8
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4696" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7fff316eee38,0x7fff316eee48,0x7fff316eee58
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1636 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2180 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2176 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x4c0
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1736 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2492 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2932 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3564 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3852 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4272 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4076 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4044 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,16876972697662669419,10642486851595866362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1580 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1900 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe
"C:\Users\Admin\Desktop\Gorilla Tag\Gorilla Tag.exe"
C:\Program Files (x86)\Steam\bin\x64launcher.exe
"C:\Program Files (x86)\Steam\bin\x64launcher.exe" -hproc 10d0 -hthread 5b4 -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll
C:\Users\Admin\Desktop\Gorilla Tag\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\Gorilla Tag\UnityCrashHandler64.exe" --attach 5504 1550027001856
C:\Program Files (x86)\Steam\steamerrorreporter.exe
C:\Program Files (x86)\Steam\steam
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3204 --field-trial-handle=1724,i,11137735484564940691,18428965358516162555,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steam.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steam.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 187.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.75:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 23.44.65.46:443 | store.steampowered.com | tcp |
| GB | 23.44.65.46:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 46.65.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| GB | 23.44.65.46:443 | store.steampowered.com | tcp |
| GB | 23.44.65.46:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | clan.fastly.steamstatic.com | udp |
| US | 151.101.195.52:443 | clan.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 45.79.115.66:80 | itch.io | tcp |
| US | 45.79.115.66:80 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 8.8.8.8:53 | 66.115.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | 198.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.75:80 | r11.o.lencr.org | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.210.23.2.in-addr.arpa | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 8.8.8.8:53 | 136.11.19.2.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| GB | 2.19.252.71:443 | img.itch.zone | tcp |
| GB | 2.19.252.71:443 | img.itch.zone | tcp |
| GB | 2.19.252.71:443 | img.itch.zone | tcp |
| GB | 2.19.252.71:443 | img.itch.zone | tcp |
| GB | 2.19.252.71:443 | img.itch.zone | tcp |
| US | 8.8.8.8:53 | 71.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | emythehamste.itch.io | udp |
| US | 45.79.115.66:443 | emythehamste.itch.io | tcp |
| US | 45.79.115.66:443 | emythehamste.itch.io | tcp |
| US | 45.79.115.66:443 | emythehamste.itch.io | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | udp |
| US | 172.66.0.236:443 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | tcp |
| US | 172.66.0.236:443 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.0.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.82.234.109:443 | login.steampowered.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkout.steampowered.com | udp |
| US | 8.8.8.8:53 | steam.tv | udp |
| GB | 2.17.5.46:443 | checkout.steampowered.com | tcp |
| GB | 104.83.1.150:443 | steam.tv | tcp |
| US | 8.8.8.8:53 | 46.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.83.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.fastly.steamstatic.com | udp |
| US | 151.101.131.52:443 | avatars.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 45.79.115.66:443 | emythehamste.itch.io | tcp |
| US | 45.79.115.66:443 | emythehamste.itch.io | tcp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| US | 8.8.8.8:53 | raulthatdev.itch.io | udp |
| GB | 2.19.252.71:443 | img.itch.zone | tcp |
| US | 45.79.115.66:443 | raulthatdev.itch.io | tcp |
| US | 45.79.115.66:443 | raulthatdev.itch.io | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 45.79.115.66:443 | raulthatdev.itch.io | tcp |
| US | 45.79.115.66:443 | raulthatdev.itch.io | tcp |
| US | 45.79.115.66:443 | raulthatdev.itch.io | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| GB | 2.19.252.72:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | 72.252.19.2.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:49425 | tcp | |
| N/A | 127.0.0.1:49413 | tcp | |
| US | 8.8.8.8:53 | ext4-tyo3.steamserver.net | udp |
| JP | 45.121.184.23:27030 | ext4-tyo3.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-tyo3.steamserver.net | udp |
| JP | 45.121.184.21:27029 | ext2-tyo3.steamserver.net | tcp |
| JP | 45.121.184.21:443 | ext2-tyo3.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-hkg1.steamserver.net | udp |
| HK | 103.28.54.100:27020 | cmp1-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| GB | 2.23.210.82:80 | e6.o.lencr.org | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | cmp3-hkg1.steamserver.net | udp |
| HK | 103.28.54.102:27018 | cmp3-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-sgp1.steamserver.net | udp |
| HK | 103.28.54.102:443 | cmp3-hkg1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 23.184.121.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.54.28.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.184.121.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| SG | 103.10.124.4:27020 | cmp1-sgp1.steamserver.net | tcp |
| SG | 103.10.124.4:27019 | cmp1-sgp1.steamserver.net | tcp |
| N/A | 127.0.0.1:49425 | tcp | |
| N/A | 127.0.0.1:49413 | tcp | |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 4.124.10.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp2-sgp1.steamserver.net | udp |
| US | 8.8.8.8:53 | cmp2-lax1.steamserver.net | udp |
| SG | 103.10.124.5:443 | cmp2-sgp1.steamserver.net | tcp |
| US | 162.254.195.75:27018 | cmp2-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-seo1.steamserver.net | udp |
| KR | 146.66.152.53:27020 | cmp2-seo1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-sea1.steamserver.net | udp |
| US | 205.196.6.133:27018 | cmp2-sea1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 102.54.28.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.124.10.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.195.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.6.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.152.66.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-sea1.discovery.steamserver.net | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 74.125.105.39:443 | udp | |
| US | 8.8.8.8:53 | 39.105.125.74.in-addr.arpa | udp |
| N/A | 10.127.255.255:27036 | udp | |
| US | 8.8.8.8:53 | clientconfig.akamai.steamstatic.com | udp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 199.252.19.2.in-addr.arpa | udp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 8.8.8.8:53 | steamstore-a.akamaihd.net | udp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| GB | 2.19.252.81:443 | steamstore-a.akamaihd.net | tcp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| GB | 2.19.252.81:443 | steamstore-a.akamaihd.net | tcp |
| GB | 2.19.252.81:443 | steamstore-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 81.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.75:80 | r11.o.lencr.org | tcp |
| GB | 2.19.252.71:443 | img.itch.zone | tcp |
| GB | 2.23.205.133:443 | tcp | |
| GB | 2.23.205.133:443 | tcp | |
| GB | 2.23.205.133:443 | tcp | |
| US | 8.8.8.8:53 | 133.205.23.2.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.201.99:443 | tcp | |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 151.101.3.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| GB | 2.23.205.133:443 | tcp | |
| US | 8.8.8.8:53 | p2p-sea1.discovery.steamserver.net | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| GB | 92.123.128.132:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 132.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamstore-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| GB | 2.19.252.95:443 | steamstore-a.akamaihd.net | tcp |
| GB | 2.19.252.95:443 | steamstore-a.akamaihd.net | tcp |
| GB | 2.19.252.95:443 | steamstore-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 95.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.190:443 | r.bing.com | tcp |
| GB | 92.123.128.132:443 | th.bing.com | tcp |
| GB | 92.123.128.132:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 190.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | testfamilysafety.bing.com | udp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| GB | 216.58.201.99:443 | udp | |
| US | 8.8.8.8:53 | steamcloud-dub.s3.dualstack.eu-west-1.amazonaws.com | udp |
| IE | 52.92.33.234:443 | steamcloud-dub.s3.dualstack.eu-west-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 234.33.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| NL | 18.239.62.218:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 218.62.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.66.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-update.steamstatic.com | udp |
| US | 151.101.195.52:443 | client-update.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | p2p-sea1.discovery.steamserver.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crash.steampowered.com | udp |
| US | 208.64.203.140:443 | crash.steampowered.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 140.203.64.208.in-addr.arpa | udp |
| GB | 92.123.128.190:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| GB | 92.123.128.139:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 139.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_4724_SDTMJQFIKUYYXHTJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d6a325a9c320ed7bbd820a4efb9b496 |
| SHA1 | 525bb4074bafaad483145e53c058a620ad141330 |
| SHA256 | af848f3875e97dd040477f5566f776ab071d2cd57023b145e4fc45732fabeb5a |
| SHA512 | 53e508941af2dd8b7276d98ca6a71fa1e315388a3a96d0dde3b717a1dd170915d6caba22a142098b7794d5dd1094b2c5ab685a5a558a3fc721fce8dff7817f77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1cdbfd549904de8a20a0e175825496ef |
| SHA1 | bef0266b82837e76345d329dfdf2001bcc7515ea |
| SHA256 | 288dd888c27a22965d0238eccb6ff5039fd936567c11d559105af29fe0bd1f9d |
| SHA512 | ffab1769df4893aa9357cc3e9758ac186e3e771ab7cd6e2c8b1835769ff697628e0cd6e9e29202233054b6d59ac56cc4ec344aacd48693c56d3a8de9d9e27f4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2516c411d2189cacc010cd7a1434409 |
| SHA1 | 812ce89371507cb9b7462da6b91437bb07e2b3ab |
| SHA256 | ecccc57620834e85a696c8d9694dd559acda04440e01ee52d0909ae8fd257be6 |
| SHA512 | 1e10f8afcf43e53004309ec21514a26f851a8808b9c67e10c8b39dec2798ff36f24fee469340de37a9f2086d2f08817bcbc901f7b5e2848bbee896813a34011b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 695e65b2f8657e54e1bd6949d83eff46 |
| SHA1 | 29c28b4503c2559beb81d5023e6db312658633df |
| SHA256 | 31668d7ec9fe6b84148a1699be61914408065376a773f324fe888688e7e5e199 |
| SHA512 | 28f4a74d9253fb395d40bd2effca40b60559ecb5b102ddae8a053adf8b5a164adb26a03a43c09ef31f901035361c0ed6c7dedb78b5d690f63bca50151dde0818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1dc70ad9d34206a89fe487d3b0ff0e13 |
| SHA1 | cd12abf101ef7d3ed07e39c4886fc0fb1bb9d1f7 |
| SHA256 | 4464586bae8071505adb3b2db72b14ca3cfcce125fe9a37df705d47896760c30 |
| SHA512 | 62ad6c045bc64f7987aa98f1f7b7d62a49b3f90c5ba618456b93c88baf507823f8df38307c6f4f00c6b97df1658d7e409792a34548e79eb86ec44e74b9afa70d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5889bd.TMP
| MD5 | 7263d447d84d35547afc37d10614bb0a |
| SHA1 | 1476bf6224100b875fb177fd877d5bcc4107c482 |
| SHA256 | 86b9cefa40642b3493c314f059ed784a446543376190669fc49b14bd7ba51e52 |
| SHA512 | 36af7b5d44640ecac66e36ceadb2b2525042f119fe35b2643f4ec15dabaf736c53752bd7f8f0cc76132b258a3c899d080d2c9d521199c6d293583ed8044232de |
C:\Users\Admin\Downloads\Unconfirmed 313692.crdownload
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49000565e57edf5f3016993705a14bd9 |
| SHA1 | b3fdafe61ec7bd0e910d17067524658af13bab54 |
| SHA256 | ec105e49958d77bb0b8a8a2bdd60275b54ffe01040d1e859f0590a5d729accee |
| SHA512 | fe84a8a56057a16aa3e20e2b4850191366796fe46b6ed5e503cbb8d6f24481e48d35d4dd04551073f2d90abeee4e5ed6a4896154ae3d25836cf7e77fb9d8c4b4 |
C:\Users\Admin\AppData\Local\Temp\nspC39B.tmp\System.dll
| MD5 | a36fbe922ffac9cd85a845d7a813f391 |
| SHA1 | f656a613a723cc1b449034d73551b4fcdf0dcf1a |
| SHA256 | fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0 |
| SHA512 | 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b |
C:\Users\Admin\AppData\Local\Temp\nspC39B.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12ce7b6d6f552599cba8ef6e0fe7586d |
| SHA1 | 0071f540304318d18b62937f17d5c61372108fb2 |
| SHA256 | a13d6a1413e824fb3122cf1b04be1b2f3e6885f7ec040a3d396682ba4e9bc344 |
| SHA512 | 4a3e5a201eff634571b56fea6c53ebde2fce070736968915605883ee4d207da476c50f75ad771badf38a43ec217355a6e5ff0f6b1dd9792896b4589676e12ea0 |
C:\Users\Admin\AppData\Local\Temp\nspC39B.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b55cfef8d1bcab4452b41a40ef91d23 |
| SHA1 | accae6a63743eeac10c6469ec6cea0ad2255e0f3 |
| SHA256 | 84a40c3b628c255ca1f6ed73559c9d5f21ca7da305cbf305aa0685df448d6ded |
| SHA512 | d824542ed6b0a5206eb4310b8785d8cd907104f12be9ba2ff08255bfeec26dae42e0852a372cf38ecd0c6adb9cb638293804114873a83186e02388feda930b5d |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nspC39B.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Program Files (x86)\Steam\bin\SteamService.exe
| MD5 | ba0ea9249da4ab8f62432617489ae5a6 |
| SHA1 | d8873c5dcb6e128c39cf0c423b502821343659a7 |
| SHA256 | ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d |
| SHA512 | 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b |
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
| MD5 | eb8926608c5933f05a3f0090e551b15d |
| SHA1 | a1012904d440c0e74dad336eac8793ac110f78f8 |
| SHA256 | 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04 |
| SHA512 | 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a |
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
| MD5 | 9b0b0e82f753cc115d87c7199885ad1b |
| SHA1 | 5743a4ab58684c1f154f84895d87f000b4e98021 |
| SHA256 | 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32 |
| SHA512 | b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df |
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
| MD5 | 58e0fcbee3cca4ef61b97928cfe89535 |
| SHA1 | 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b |
| SHA256 | c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425 |
| SHA512 | 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
| MD5 | 7913f3f33839e3af9e10455df69866c2 |
| SHA1 | 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25 |
| SHA256 | 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c |
| SHA512 | 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804 |
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
| MD5 | 202b825d0ef72096b82db255c4e747fa |
| SHA1 | 3a3265e5bbaa1d1b774195a3858f29cea75c9e75 |
| SHA256 | 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314 |
| SHA512 | e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566 |
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
| MD5 | 7e1d15fc9ba66a868c5c6cb1c2822f83 |
| SHA1 | bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7 |
| SHA256 | fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265 |
| SHA512 | 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406 |
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
| MD5 | 8958371646901eac40807eeb2f346382 |
| SHA1 | 55fb07b48a3e354f7556d7edb75144635a850903 |
| SHA256 | b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585 |
| SHA512 | 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554 |
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt
| MD5 | 1514d082b672b372cdfb8dd85c3437f1 |
| SHA1 | 336a01192edb76ae6501d6974b3b6f0c05ea223a |
| SHA256 | 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4 |
| SHA512 | 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55 |
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
| MD5 | 18aaaf5ffcdd21b1b34291e812d83063 |
| SHA1 | aa9c7ae8d51e947582db493f0fd1d9941880429f |
| SHA256 | 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5 |
| SHA512 | 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154 |
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
| MD5 | 189ba063d1481528cbd6e0c4afc3abaa |
| SHA1 | 40bdd169fcc59928c69eea74fd7e057096b33092 |
| SHA256 | c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695 |
| SHA512 | ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903 |
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
| MD5 | 5c026fd6072a7c5cf31c75818cddedec |
| SHA1 | 341aa1df1d034e6f0a7dff88d37c9f11a716cae6 |
| SHA256 | 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382 |
| SHA512 | f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12 |
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
| MD5 | 10c429eb58b4274af6b6ef08f376d46c |
| SHA1 | af1e049ddb9f875c609b0f9a38651fc1867b50d3 |
| SHA256 | a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13 |
| SHA512 | d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46 |
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
| MD5 | 9e62fc923c65bfc3f40aaf6ec4fd1010 |
| SHA1 | 8f76faff18bd64696683c2a7a04d16aac1ef7e61 |
| SHA256 | 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7 |
| SHA512 | c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035 |
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
| MD5 | da6cd2483ad8a21e8356e63d036df55b |
| SHA1 | 0e808a400facec559e6fbab960a7bdfaab4c6b04 |
| SHA256 | ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6 |
| SHA512 | 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925 |
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
| MD5 | 31a29061e51e245f74bb26d103c666ad |
| SHA1 | 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc |
| SHA256 | 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192 |
| SHA512 | f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8 |
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
| MD5 | 03b664bd98485425c21cdf83bc358703 |
| SHA1 | 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb |
| SHA256 | fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115 |
| SHA512 | 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d |
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
| MD5 | 2158881817b9163bf0fd4724d549aed4 |
| SHA1 | c500f2e8f47a11129114ee4f19524aee8fecc502 |
| SHA256 | 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7 |
| SHA512 | f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28 |
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
| MD5 | 4c81277a127e3d65fb5065f518ffe9c2 |
| SHA1 | 253264b9b56e5bac0714d5be6cade09ae74c2a3a |
| SHA256 | 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9 |
| SHA512 | be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a |
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
| MD5 | 0340d1a0bbdb8f3017d2326f4e351e0a |
| SHA1 | 90d078e9f732794db5b0ffeb781a1f2ed2966139 |
| SHA256 | 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544 |
| SHA512 | 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93 |
C:\Users\Admin\AppData\Local\Temp\nspC39B.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7b86d013291aed6dd5c79594bbf0668 |
| SHA1 | d1f1b1f09c4f5c74dcbad619bcf43d68390c0ce1 |
| SHA256 | d034fbb64ac2c189ce18606fa7515d8d1ad80c7b2af84bca6f89055720d60587 |
| SHA512 | bbbed41686585f531f892c9b97260363f939d7464505aac8a29900da58af6c166e95acf6799fab87ea07d41970ac1b2298b5efc4fef76bf4baeea3a440ffa92d |
C:\Users\Admin\AppData\Local\Temp\nspC39B.tmp\StdUtils.dll
| MD5 | db11ab4828b429a987e7682e495c1810 |
| SHA1 | 29c2c2069c4975c90789dc6d3677b4b650196561 |
| SHA256 | c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376 |
| SHA512 | 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a5756327d226b7a6c2ddead4f242dc43 |
| SHA1 | 03f73538b29a2db555d8888ec3a9c98ed90ab59b |
| SHA256 | b7d0e363b5bcc10bba549d502ac7879f8f7cd1465a479a88e40644b5b1150c1c |
| SHA512 | 9895a93a2c87426a9dbf52ab31e6094bb156391bc5ff883480a3fe871c9a63677bb9a63e86a2d19f1694605e15b1946cf198698f7c75eccaffa8a202fc9228ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2
| MD5 | 3f398756974122a85cfda842b6fccd43 |
| SHA1 | c086ed57892dcc7d522657db5c97fd7650cfe92a |
| SHA256 | da1bafe4c4ec4d9f99e7fa23b1677978b512f7eb1c2d19ed4c08bc44c3ac65d1 |
| SHA512 | 0bf2d3434bd5265919cca51b79c1b61103eb6fba07f5e53838a95cf2071e3394288e5bd1e2f7d596e0a83ab87f4e50bb83e2d02316b7debbc46e69486c131ebf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14c32e8c86bdd5e3dea0ccbc07a1bacc |
| SHA1 | 4bc86f1fe70db6f10072a8ee113f8625c326389e |
| SHA256 | 395240c7cbc43295a8ef99ab44446ea5c340307d520ec6e31c508dd1a5e1ea16 |
| SHA512 | 86097185a18893de90d816df2bd42f2e3b46583b2ed9df41e97622bdbc48becd890543131f4483141ac43badeb26593e65fe2eedc977c4e75cb912c276192da6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9b8a1c8f8dac1b2f161031475346a1dc |
| SHA1 | fb65088f0f1071579e90da61cc168afad5c4f959 |
| SHA256 | bee2788f21081bd2066ed3a9ab1742d4cea18897559a6ee385db71ccb0f3e27a |
| SHA512 | 18139e5baec616f8b9e96cf05fd3fd72c83fd4a27dedfd58525780ef136a800f73fd4847a44c7c0b9b43d9dbaa50495ca56ca77afcef554e868d02328d23b91d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098
| MD5 | 98eaf699f517ff88bb2f595bddb2c5d8 |
| SHA1 | eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca |
| SHA256 | 7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582 |
| SHA512 | 7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89479c92d1a0c6851f118cd9e93a8bb3 |
| SHA1 | 0edbe400ffd89dc176d93903d39ea44b5a135341 |
| SHA256 | 7a84e4a4a4adc58eab1eaee15ec87d51e2352ec18d7d5729a84368131147ee98 |
| SHA512 | 8af171eb21fb23ebd3b5f4cbfaeab9f4f228d9091592cc116d257d0441fbe94ba7150cabb43fa0a29e1c57e32e24e91b95565550fe62bfd44b6be27fcbf555dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f061da99298f1ced655f29fb281f0f0c |
| SHA1 | 114483a15d4b9c60bdb9bbcd35d6cc5c0dfae79c |
| SHA256 | 21c168f496575f41188518859039a71db8b065671553b9cb04d8b2cf06ff1bb3 |
| SHA512 | 29b5144a46c81202d4c003a1b37ddde3644985643f25b45355e8c82cbd63a15337579e1c12634e36714340461bb0141e47a07465d08b7e5778967c79d93160f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d01b2f5aad174013a5b27cceca00ed77 |
| SHA1 | 0b33837ad459e29572b0b444f162073c2771bd5f |
| SHA256 | f2a521ee6f39f5dfd852b4c718e03ca35dcb3e80b63601101db35ee94c3f2901 |
| SHA512 | 9fc7bf283c2eee8711ed866ea0ac94cd71f73b0439abf6f7222b41ca406bee5e0841a4becfc23377e71bc78c175ee5ecc707110ada2290780475520ee498eb68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | faa38bb1a58582156e22bece492bae58 |
| SHA1 | d2aee69ad25c9081d856be8dad9c2b00b1f75a61 |
| SHA256 | 254abbdd640dae50c4b60f50facad5d31fa06e99e85699810f4ebe68853a6dad |
| SHA512 | 7cf6bd3643e9aaef43a690a411c01029e52c576dbac60bda95ce19a5374e99c42797f9166a30de65c32ecf5bb1cc61590e49bd0a7032a1d3830141b440bf8921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | 9fa060a599b0ee1912f2073ed59df3c8 |
| SHA1 | eaaeef616747d09506c6ed1d96901d2c8d1ad4e0 |
| SHA256 | 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c |
| SHA512 | 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 0de1096411b23f842fc5b77e1a8f583b |
| SHA1 | b925a681867ac101b8441bf6a529d6ac1e3c8acb |
| SHA256 | 082e648875ab240bcb7d0120319d7ba61addfa99de84ccfde03d2f81bdda9929 |
| SHA512 | 282e1fa329824a9383601dc81d5ee4301a4e301e7ab3fb129b106eaaac972a68287d12cf691a967c547a2b5111a372d62794482d8895275ed7a5dc216a852e5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | 4432ba6759218c592d12ea3054b8f9f3 |
| SHA1 | 67b1acd1aceb6162e88f2dea0c2fa327c7a6e741 |
| SHA256 | c9297f0ff7cfe9f8a788d5d283a548dcfac9d7ee0c914882e993dd7732b08a80 |
| SHA512 | ecb956ee95847206a9e11db82bed59fedc03ce35e4f75f05539af1c38591fb99a478eedec89ea1364ac3d0a655cf1441de7a6b9c3ad01b86a5d8e7383b811e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | f222656f7796794674f732c474a033ac |
| SHA1 | cea879731968ace9befe205c55679924f033464e |
| SHA256 | 2d9259afe79e20ac65865133ee69f28563201da61bbd8142cd964fd0097170d5 |
| SHA512 | 9a2b31a325d8030a2aa6b5a932a8c56476a7bf995ac61d419e81477a0c7ecf5e92d5d4884a3d3fd9a67bd33dc619665d5e3bc05c3784c3bc51333abe4332b449 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a
| MD5 | 014b64daafac87d3c272ee90cf4c0c91 |
| SHA1 | 024faf708d06a7a19160a4c84e2dfb2c24bf31c7 |
| SHA256 | dbc476098874ee29be20462f7d264acd043d7b8b0f64ecb803727040d87021f2 |
| SHA512 | d4492304f499bfa09acb5704007467f1239e90620ff44d92865d371770ea57b8a9690ffac7ca6325e447ba9598093bd5fe4707130983d3f27283c75b73581728 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
| MD5 | 4d9ecc70dde56858a3451017cd7fd8d9 |
| SHA1 | 88189cff695c454384884888ea46d9c11060c811 |
| SHA256 | e10acc2425b736f904ca0ec762a77b516ce7cea7391354841199e55750eee287 |
| SHA512 | dccdf161353e3fbd904b63f646ebf616e9eb977d23933575a307336aed6bb044902e11dc5990aa217f7b8cc16e190a968fc9077fe74f335c195c72de46c6f60c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
| MD5 | a6eaca3d13b525eec27a4f59c22974b8 |
| SHA1 | c909f597a525aa56814bb4ff588aeb0f524e2a31 |
| SHA256 | 04809f33e8a8a6115c55ac60613373f93cd043a1a18bb708a126f9fd56586430 |
| SHA512 | 6c75c50044b36ad6334b89178524cd8b153d2bb5514d1312cd315a759b32db3154b5b0f6ac75e688dbf7d384de362efc2e825f512f615fdec3d9d3f2401a47d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073
| MD5 | 757750902210ff3c0d12dee4dc5165c6 |
| SHA1 | a3599ca4bd5da9fb9c83e26813ef62327c541566 |
| SHA256 | 72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67 |
| SHA512 | ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c8c2df4f5f135a81755e7b76f28cc5f7 |
| SHA1 | a8984a5f97db658af1178928aba309889c4c6d7b |
| SHA256 | fc084eb8ffcae2b38f7de7540405d958cba7386954ea6ebbbf6e8205c60225fe |
| SHA512 | 1b6c6c50fc0a9d4fb3064b01427dbd7ae049029ad5c103b65d87ac1cff801274ef04c5472bb8e5f216fe13c525d10d81da257869cadbf51877f5f99ee0533152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7de371b1c97558fdb2e66ced89d36d49 |
| SHA1 | 65ec1439e3b4e6972f00a57d8dedd3833b6afee7 |
| SHA256 | f38f59bb01db5202df95cdbb449b5c73fcdf7315ad58564d4634ca0895153772 |
| SHA512 | 5936ccfcc3342ba88397b034b3c1cdd78db7a20ef1bfb58cfd9c768fd4cd2c3732d3e203ee120cf116dd94ddcab99e405e825c867d777535e04ed933b965cf65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | babe6cae965661bbfe2483ac9499a098 |
| SHA1 | 4f811e13f535ad47b68ab6c504c8622f552da5c1 |
| SHA256 | d8f37bcb8cd6d2448947f2115e173263a020b3fc43615046365261c238949cf7 |
| SHA512 | fa5ea82d6da8c10223e06e127b74047913994dd9f723326e233a98226c97785b7f3673d722864a02c4f60b4afa611397656af40a06b534c3cf350ec77a878f81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 27214d1e22758e0b85724e867ffa9667 |
| SHA1 | a121b9d0faaf2f37faa104afea1aa1e1c349e9fc |
| SHA256 | b3a48c815870352da0780cd2a313390a819c243f32d92330c748d54c1d8f78f3 |
| SHA512 | b66ac7547a96e32ff1e16f6784923d6468207559f2fdb5ffdcb4ea3c767cd622af4f6136938acec5b54d942b79f64879ece811e51b24a364813cddb0d4636950 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f1d6399796dd5a1b494d4524ffbec3db |
| SHA1 | 70f2c23d083f9630ad02af35446e4f188b888bd5 |
| SHA256 | 9dfc231d189dde50f19b22a8ed4b8d1a2e36d514b3c32191d12c074398c7a898 |
| SHA512 | 53367d7a0e70ce8c75f23d409055c37ac493fe80bccd8aa488f2d57027e252c497106297f56fa7952b9b80de83f6c7d7aaa41859c57895505c2f3eca05852c87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad1092669e69c7dd45c9f2d8051312d9 |
| SHA1 | c90375868118095fc2dca3b01ee21337cfd14c04 |
| SHA256 | 73f35c94273ed5011889aecf34db9d3ad06c2a6bf98f69c0bfd11e04787ef855 |
| SHA512 | 8259195f1cfda8e1a412e4a4ac84189e21e5d3c401161a8c97c20f48390dab0ddc3fe88e7d98878873ba78bd76a74dc8c1d4865895c5cf3dfe8154b6c123ecb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 93f6baf110b8a833e3ec33ac66862e49 |
| SHA1 | 7fbbb39f6c2969f106a19da94a60e5d68f6b158f |
| SHA256 | 67ddb31b3497123d18edc60a9464724a3c2f5f4ab31427749d3d17fb62937693 |
| SHA512 | dd91baff4bd9994f8fffb2f5c72f6ff8daa028bf7f28b73c1b30c39f29dd9700a1c6e17d8759eacc49bbd465882e55a3945fda582bbf1a485a115f147882171e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e06ffa1dbacf37c9d5920fc37bdfed9b |
| SHA1 | be246c49a0c52749dc6a6f125f78d248f6c8d6ba |
| SHA256 | b98f5483abb4dac3fcdc1a9d1649e9897bd2c6bc23d01e2ff41458c5601bdb8d |
| SHA512 | 13a812413e3700c9764413028d79d09e593b27c46f1af14287bb81a9a0d2ee43e9cf46a4efe49c4f246767d5f215c7ee814b2b85dea24dd68bc45d348df45a44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5217df901e72da1df28b8611cd031033 |
| SHA1 | 570e2a5ae45a7f7f6998525ded736a71617bbc8f |
| SHA256 | a32fcdcf76bc6d762453c9ca1419b85ad4de86ff92fcc146b63b08b4af87fd51 |
| SHA512 | c3238d0be36800cda0329be6992824a4dad7838e27923e71ddad8edfafbadfbb9dfd024bb52eee02e5d19c5439542a99dadec8d2f5fd5f261210179a85e9eb6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 863d317cc4763977604aeb5acfd66f49 |
| SHA1 | b7ba4b932d6f5bf1e8a2638ed5702dc7f4a61d32 |
| SHA256 | 13c50dd2c25b57d15b2d60172e4edfbfead8789a45562a297a137b194ab1df7b |
| SHA512 | ab912687fb5afeddf9e1786f907d245ab9a553f472e705fda614d206fa6face8147c308dd2031f52ee3c5de366a19d130e6c6315bb99e3b8261553b22ad473fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fc8fbc53d99fcd7a1ffaaf2fd48b697c |
| SHA1 | 50d96a82a8fa689baedd2ef31ee85a377a30bdd9 |
| SHA256 | 39e81f1347e6a858867dd16e6211ed5a258419d60a4dfc5c50b644839ffdb367 |
| SHA512 | 04ba02ceb035efcacd6e916d29ca2468b72dcdc54fa2f1c15a2448086fa09ab7ac6e5c694487d7be22accc3c787644a62a6676cbc069a38cd6a49e0340f3130b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3
| MD5 | 22429e0c7c71b071b510ed9a6329331c |
| SHA1 | f0a6336f4bfb5df113a8a3c820d76d55d815b73f |
| SHA256 | 2db439cd553d2e2c0faa7cd6e2f0fac7120de1d52153c0b9ed298498f3dbd3e1 |
| SHA512 | f49ae1bb9c3480a1b6e373caae4a52da2e853cd0ab379d3a50f75f47fa1d84d337003a834015f97bd42dfdab5422ed0e8d2f56e45c76e9bf5601d8c4ea26f81f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b
| MD5 | 790c81db9bf945fc2a3a3912c2a5b6ae |
| SHA1 | bcaeed70f5e969e369dd2303df53da089a81bb8b |
| SHA256 | 5dd15e15b2c3f3537c06e593e5700225dd28f13678e9649866c7d3c477efaba4 |
| SHA512 | 7693db525ca06118bc1907e9962ba691f1973bf5639986cb303c03894440dfb9252a2e9633d5bfff58905f8b0fd9dd63d75b48991412ccc4f0277127a08365d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1
| MD5 | cae0a3bff6c55245d9c41f31ffb59d80 |
| SHA1 | ebd40dab223720af9a3f7f6fd8a1d979a50ffa92 |
| SHA256 | 0373c3d6ccd255a22794c4d134d7072a5eec32cd132571889538389959075abe |
| SHA512 | f0fd812b0c5db1655a224729c1d2f8bca5dbd797f333ddeb4c8779a0c7db7e142f02bbbb209971ba324613bd6c467f2dde4f940c246236752cf47e9c53fc73e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0
| MD5 | 365139c81098a7d1a09be5ad35636cc9 |
| SHA1 | 1ea3cc8cd2e4af315129ad24f4788e7b5ae48b74 |
| SHA256 | a8afb3784cafc474c077c92a5e640ad01bb8b8ddfec1db4908e9291fa3d48ba1 |
| SHA512 | 1934dff330d81f0b576522350f655bfcfb10d4dea9b23b4a0c7581ade4044d7c8a81e62caf5c3ab1009fc1bf99d083ddfdd2c1a17f748a1566320868db1516eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f
| MD5 | 8edeb5a220fe2ebde6e724ec46a47b01 |
| SHA1 | 4cda11549a4866dda172d7e9eda415ce3f84fa3c |
| SHA256 | 25426e5097ffb53fe93f88b9e6fd457aece2c01ae06c9cc02aa6d0f59e04b7a3 |
| SHA512 | 279187e4788378c7b27a7d606293622be31423a76a749d9ae03c2b359b91482f937c466b1288545f8d2251b8df306ada2c30ba5d1d186b63946aa42327000118 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d
| MD5 | 258e004ecafda290f6007fbfcbefeac5 |
| SHA1 | ceb03d36597c7f77e68b4c85dc659678cebce4ac |
| SHA256 | 745bbee63267b68f0c10253ab0cb56e8e706ce1ad401e37ec0f198f0772211e8 |
| SHA512 | 4af726fdc5a36e2f0a6b9ae30f54399e69051527a2a9732cd19115f08a5bb3db0d6473abcce2015bebcf2b3cc7e34585adc339a9b16de5d2f7abbbbac4aa9990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a79fd8770ca83679e9f84e049aa4699 |
| SHA1 | 818b4925eb1e0c2937070978503907700d1b292c |
| SHA256 | 10c4a0aa5c44bd38b2d52615b4464369b426331c78099722221293ec2cd7f06a |
| SHA512 | 017e5bfc3d7b3490ac4f73f160d3f5c6a6180a242f312a19812ed6e61254ec37bee8ab1466f86e38dd228089d43f1420fb8108df4859323d30200f6c741a6dcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2efd95cbd239d726cac8df409bb0a537 |
| SHA1 | 593bf9fe9ea9f9327af068c41d29cd95a5fa1562 |
| SHA256 | 452b7b3cbf38e7ca8646b3ec08be927ef36e81bdba71cd81a1bcf5d93813f5f8 |
| SHA512 | e3184ada94bf633a81bb4dcde7164800e6ddec483aa66f2948ff65b86b50b4672de42ca5cd065ad545c1801ae7b918e3cb36fbcc5b42b64d6886efc8e7595ae2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c8a77e4686dd8cf930c9231cbe0f0e8d |
| SHA1 | 5f0c019e40663cab28f5cdcc5a683735130c736b |
| SHA256 | b129a57b4ae55c420760dedd0dd3b80c5cc5ee8cb709ea0a1d966cb9db1ff8bf |
| SHA512 | 5bc886b314c023f4ad007e0c87a9f052a42b49c6a52d5f17e8f34f1333e3ba1795e9d5135d59b4b11ec66a75b13ccdb82e4cedc674136eea5a902868bd6c8853 |
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Program Files (x86)\Steam\package\tmp\siteserverui\images\steam_spinner.png_
| MD5 | 220d457252003a47bd6c120b059c2a92 |
| SHA1 | 35f68a1017339b27c98a64d87540d7adcd241ad1 |
| SHA256 | 4d1f5f98d7e42ba4338d0388fb386344d5c374a47d45fde1ef5b3606080f5e8f |
| SHA512 | 7768d3c36cc77be7088a1ff5529e6cde2ccc1b0715c8f3dfbf7447685414e7982aa0202e85fb913eaae8be4ec70d3a8c5d09953e7f3ce524b97ba8d266f91d5c |
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a7c1393127136416beaea8b8e7c4a815 |
| SHA1 | b967a2f6c8c8bcf1ad48017b31cf0c01699f2979 |
| SHA256 | e874bd65955325672a1d3bcd61006043005f7560316cba7dfa112976a2035ceb |
| SHA512 | 2deca465ea517b3cbcb48aa2e1209d4f570131896d135d0d7a2cd329cb2ba5bd03469b6fd3ea67b546208ba09902262bbd46c85e64b2e8a34e2288a50b4e77ad |
memory/4468-13815-0x0000000000580000-0x0000000000A32000-memory.dmp
memory/3476-13843-0x00007FFF4E540000-0x00007FFF4E541000-memory.dmp
memory/3476-13842-0x00007FFF4E2A0000-0x00007FFF4E2A1000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/4696-13937-0x000000006FF70000-0x000000007135B000-memory.dmp
memory/4696-13964-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5e299e.TMP
| MD5 | e77b88c38790f2e042253ef48b3970a9 |
| SHA1 | 660d09c154874f90ef5d89517f98a107d2a3b524 |
| SHA256 | a33edbc94b6dd63694c37a9348c2b8dba06fae4b4bbc9c14643d87e2ed70a829 |
| SHA512 | b53fa3703487c6715fd979f01408e09e06831b9107c4b89e3e9a19714189a8bdd9ed7b18ad8c248aa55b31aa3e027cb54d39f7b8911726a531beda882365c6e5 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | d6650e45533c335281616f91ad97b530 |
| SHA1 | ff3ef2cbc2653ad34c1aec1fdb5195a1b4e969b6 |
| SHA256 | d4c285e884779ea1614ca578766e1fa68015305223977a07a00d4f80c5ed22d3 |
| SHA512 | 72d02ec0d7195431e84f17654c45a70987a1eb52875e00f4bbfb1461b05fd28dd32ab31bed4707cd89dad3449848ba27896a64d29d3ca42ee42d17de6c5108db |
memory/4696-13974-0x000000006FF70000-0x000000007135B000-memory.dmp
memory/4696-13975-0x000000006FF70000-0x000000007135B000-memory.dmp
memory/4696-13980-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | da89bc0dea70987eaeb45b049c805901 |
| SHA1 | 7aa3f2e4729a2f62b6e9b246b9070d9a81cb4141 |
| SHA256 | 4be5dc12b511c8f4c89ed24de7ad8f38a7066b4d1e25dedd21477cfde3d623b1 |
| SHA512 | 5fd0e6db336d5fa5873aebe74a49d1949944bc0deae3c66259ac29cd4db78d6aeb39a506342b2eb6a2c482e3cb31966ad1532d2d481497af63e7128665540617 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json
| MD5 | 6337f8dc9aa68a9f6d80aedd2d750c1d |
| SHA1 | faf33f797b834d3833646518bbcbe199603199a1 |
| SHA256 | 6aa1d242cc223f783ca2ac32145631c9e0a34ba214840fa470f88ff688a5afe2 |
| SHA512 | d28f2429f3f2b0cc25c69c883438cf26e9280c5615c75a1fb51ec8615482afe884393942e495dbe77ca71d7c1eea1fdebee283cc95a11709fa4f943eb573c0e1 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json
| MD5 | 7de6e80f634da24c564d459320ffdfaa |
| SHA1 | 62e460f7e49cfcd6588929da4b51c97093157b90 |
| SHA256 | 4d34cd163dff1707399d27900a1ceb9097b34767be402e07ddfeb325f30a4cde |
| SHA512 | 33936326ac253b8bd891bcb567da1c8de368dbd40b450c4680cc050143764a98a1e37fe4a223578b6766f426671736f9cae990d43bbea4a1a24b8aa3cda339c2 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | b6a7f8a16278c2faae70a09c3afe9704 |
| SHA1 | 85289c51b0814a26b7c26de45a2dc39d517aa65a |
| SHA256 | e95c174cf7169a3d7db20194d2a60b156befde8acc468fc298e4cfd669c8839c |
| SHA512 | 33571d9409992fb59c5e8b91b102516d19ea63b0fe6d90ca2b68775e0cb528f399154b0424ca4c993eb40c3a2d29bd7da3d74a03063e96e3de43632dc440eb11 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5e9950.TMP
| MD5 | a367914af64c63d0f1639ee90b7b5ca9 |
| SHA1 | 3c1276ac4825d93e7bdfdda694eb5befaf576864 |
| SHA256 | d18913d759b4bfd11e01941ce9f0678a81145b0d582dbdf68d4b92624a2055be |
| SHA512 | 315a7d0d6d80977bf5c2e73eda03bb2fb4b3bee49caddef2936274f3e402b1985467afecffcfd40e79408cca71162316348433e447fa0485a0a0541602fbb6b4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 5ad856734a61015e15a13325e63fd2d7 |
| SHA1 | 9974ed3961787b4bc277207445cb8f9dc0bc1d69 |
| SHA256 | 295f8b82fd6d442e36c8dd26b30c50d4e5c309531cf11e81dd54b459be63f7d6 |
| SHA512 | e84cbd1832c6d37d25800a4b2a6bf4251e20fc1df6d1b9724018b9c3010d49a0d5896b9df906c34558f00dc2cc993352abf332439947d2455daad3af0d0fe537 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 86f9da7a7e214a7769a5245bb5613e5c |
| SHA1 | f9b5ef930c7d440e5444f9d027bc9f713e9d86f8 |
| SHA256 | ffcb710a6035a3a50b85162d5b698abe3a6ac4aed4c419874ff01d080fc795a7 |
| SHA512 | 991aeb6a3859874179d300cb00bb29ebf004456f22825c1a021d72b61697cb922d983db059055b463228886ec7d4bb7e024bc06d554fc9077652db95d6bc4ab4 |
C:\Program Files (x86)\Steam\userdata\1838748412\7\remote\sharedconfig.vdf
| MD5 | c6191ebc5d14413b21faaa63ea5dee37 |
| SHA1 | e2d817ad598b0b733b3a84aefd2d2695b7e95ced |
| SHA256 | ad13d891b799c3ff9a41ce9f7ca6376eae3fdeaa881eb2f60b171d0edd617273 |
| SHA512 | 5ab8d6cf2afbe305da18dcf0f467cca50adaa00847144162c6ae4e723381179611eee4f9a3fbf49e23076e4306c2143ef705afe43d19151c9e3fcd1bbf735f69 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | b9e84f5eea0cbf233ca0c24ab8d1f0be |
| SHA1 | a3436a29af9f4e640f233d434e30c5681664338e |
| SHA256 | a8d85179976261c374ba55306d7b1b35760efa5bd8b8eb42695a8ecd318631e9 |
| SHA512 | d70ba86a330594c81dcaa82fdebcb7b86bf5a4c9d1376b0651426243f979a43dbf3035695eec9736c548b25c9b86a6f2c50b2f37f6b56407fe0dfcd5451ff5c8 |
memory/4696-14062-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 2f0581e949bf3ff2e008aed3c40f2841 |
| SHA1 | b3616a3788e5a8a67f596261e64f5c103fe81fd5 |
| SHA256 | c6ba9f3103410d552ca12cc58e6f6918322c40938305798ce97981ba9145d5f5 |
| SHA512 | 4c28127448c57ac28d441cf945358ad52d722843c0947bdfe9cae62d67be901721f83a8e1b69820ed0265d17d8f49634e5dbe9ff819cc9ad8bbf292556d0816e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 0b79a7cbbfab1a5a4457fbaf93af05a1 |
| SHA1 | 96e90de2bc2871e9c8d89632f833065321cbeacc |
| SHA256 | ad8c3c1137cdd99323cede05604773e575be97eed0a03770ab0b29be61212e19 |
| SHA512 | dcd8b0a3a7cb15b736a9a85b9a88341f7a6c3a2666d6ad73f71da17d4bf0744982c87b0060b22d297a6c3c5400f72b6ee0c17020f1fa0a34700ce376a243cd63 |
C:\Program Files (x86)\Steam\userdata\1838748412\config\localconfig.vdf.async4696.tmp
| MD5 | 534389e287faf2cf3ec1aed965ac57f7 |
| SHA1 | fa382a1f67a10f04fd1dfa6753696f4e2bbe4e01 |
| SHA256 | fca0b2e16037d04edf8016040813db3c342c9f73131740df3aa2a19e3ee52491 |
| SHA512 | 2d8598a4bacb499cc79c70b3b3a32990d4aa642ad416b668e00a4c87e25aed4a59b29bdac363f33fa5a76ecededff58383378ac376361b5c8b4af82d1608dbfd |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006
| MD5 | 585d504676687dbe72abd522e20a8834 |
| SHA1 | 055c34a5c78bb8d26ffc956df3db2ae716ef6f78 |
| SHA256 | fcf9ce4166770f6622b4fb6d065847572d02224afeddae4c1a87ced5731ccd3c |
| SHA512 | 713bdc9d79aaa5590db232a1302bbba88a5f24df2e6f3a79b877fd180d3713b20417e97e5480124d7a1caa19708c37d4e615b300adf732f5e365cc75972a2ddb |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005
| MD5 | e13edde4a25e96e573f37bdd11e020aa |
| SHA1 | 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2 |
| SHA256 | 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515 |
| SHA512 | 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008
| MD5 | aa3794adfd20428fe34118f03bc93592 |
| SHA1 | 591db28eb78acf0ee9fc1855a1bc45d038169855 |
| SHA256 | 141849b5f1fabee6f3612317c0df48485ead9bd6147c26a04668061fcb643530 |
| SHA512 | 699c10405d2fa42569ce3058e578c54c6da13e68a68484d4988101a55ecc044ec312f5409a5fdb3b33fe2f9cd9d94c20459c0aa4b05482a9273e2dcf405c115c |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007
| MD5 | 499c1e719c78437eecb886cd5708e159 |
| SHA1 | d041f09450f48bf1c56cf9d79dfdbdf6dd04189d |
| SHA256 | 735abd11abae46fd2d71f4fdf774b0cd361c6e480d3f3c1c8ccd4c30990c7a71 |
| SHA512 | 927597ddd60ca95123d8ff285d48af852332c9feb1e1b15b04784e1e6863337895cd7145cf0e8b49fb9b4e6ba7594dae24c4a959df84de62c174bdb9a241df13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5b8f4486c52e4ad981a717f6a68c0bd5 |
| SHA1 | 39e603066ec55bf997991641a581c3f605d1bff2 |
| SHA256 | 517ed5c0949dafa7ac9f05f254bc9fa76d0ef98165fa1391df7872ce65ad773d |
| SHA512 | d16c6e38fb40a2e97d02fb74e95a557fed93376bf981b14da0640d9523c681331fa6d84ad409a85f49863f81b8b5ff62ce241a1ca76d2ac9b511ba7a571c0f08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58011c71a6c8bba4070660673d130f11 |
| SHA1 | 06adb275720667ae24e753759dbdac0b88683a7b |
| SHA256 | 62ccd7a0854c4658e8656e104b931fb15a9fb643444c992c0ba39afa33d3bb6c |
| SHA512 | 97e042e1712bd83ee3b8ff07f0d5678220d886844d863204dd213f8caa0a6254bb5c2c4ec7c3ea0045a784be31ee8af1bbcefb30b421ee3b48fa2a7628df8ab0 |
memory/4696-14378-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | bfb59e9c5132b04238d8b6d94baa43d2 |
| SHA1 | 425d4bd1286aa31f5b9a0b2dfe1f19fb96ba887c |
| SHA256 | b66144bd0ce3c78c429de7ea8acb1e8273122dba7ad3c94d06394bb68c1d8d42 |
| SHA512 | 21f858a02d97a3b3dd0d05913362bec2682868270b4a01529897d945d0ee60cbf507e3f1e9b958a33a5004e91f2ebd978cb723d98411727435ab70b11a398a6e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 8a39dd50f730189943d2aea089ae90ff |
| SHA1 | 49f3ef4c44f416a1bb7189ca70f9a40514dc0368 |
| SHA256 | 6dfa197d10b6addd65edf59803ff2d00b95ee15149b5df3299dbeb7c5ca81fc4 |
| SHA512 | 1912fb4b6111db07101adfbcbf0b9f48e26ee4a0fb5cd0646397492b0aa926fceacb4c214ae71234445ed5509dbbca1536add78137711d3b7be201d66b0e2626 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5ed520.TMP
| MD5 | 7f0633a77ab66d4446d0fa810060bc8e |
| SHA1 | 2c96610dd265b93d6c127326a9370d807fbb6f3e |
| SHA256 | d864dacb427e816fde29d173beec90698c41ec92a998da2679296dde8824f25c |
| SHA512 | 14b933bbd9a792f217c5a03ead88b0905f0c3dd8ccf2c62ff51d4d2b665fd06483acf1924da1b451e9faaf9e34d4a48083594531f24c03edd574ca7cd3914f6c |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | b400dd9eaffb671236115bb2cff66395 |
| SHA1 | 0deefc9627743ba547699d10c7d8d37595ca3ba9 |
| SHA256 | 4a6be8905734c08812767d108aa19dc6ef08908190eafff27b470cdc3e516aa1 |
| SHA512 | c47a4a86cd43a7321edd1d57f67ddb0e1378e84cb5f3071a9a64764b658ed59dea4e892bd6392bec09bfdf2b74c30ea5afd4591f62628c304d6ac767f20e00a1 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5ee85a.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/4696-14485-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | cc5b08f92cc7949f1db2950da7aa9b8f |
| SHA1 | afe13c8308f18c35bf34564ab9c2c15f6b05a036 |
| SHA256 | be69af6bf46fb146e4d6681205f6366e174adad1e3d2a752175ab53128acb28d |
| SHA512 | 65d20ffc1af910c43232b51d8af24efca0f071c3c724b9bc103d1da1412a474c1c7c953a6dd92ee43172792b4a73d34b10300112cf625f1f67f72de42daae59b |
C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg
| MD5 | 7ecdaf8a54ec52b20640a88527512903 |
| SHA1 | 3133a4d748ad3be61fe9db759339cd5de73339b5 |
| SHA256 | 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c |
| SHA512 | 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
memory/4696-14720-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 55a93dd8c17e1019c87980a74c65cb1b |
| SHA1 | 4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d |
| SHA256 | 4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009 |
| SHA512 | f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 087aba8f9ef02f2d4e6650e46be0d525 |
| SHA1 | 271c96a1b1bc286959f82be0221a15965f93e55f |
| SHA256 | 8893630801440ee47edcbad32f9598ca346d281c2815a729592fc1fdf13a71b0 |
| SHA512 | 126c54336d1c8d6282892622267aef708207c957bfc0a3a2c0166f6313c1422a4d1afdac0a5822278856706abc01d60ca38ccd6241d9bdd635af6c10c146c60f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce0de2af3c23311e1f36ebfe19a0aea6 |
| SHA1 | ccb5aec571abcdd4342088b3f7be72e547c2b823 |
| SHA256 | d2b168249ca835e13ac44131a9d93409a787d4efc408513a0ff03eb1969c7ce1 |
| SHA512 | a1bfb2c1e97555f5513824c728d3661243f27ad85e40610ca90dd31a9213f8c8c17be0df7385c375432ff94a813f35108f8a3ec97cc11fb8d14386e1e7f7adcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbef08f2a705b768a9d3021f5ed32ef7 |
| SHA1 | b7219a433169762a392b1ead74b3da78d7a20971 |
| SHA256 | d64a4e706855bea03f86e3135f3037a58c53129748b4cadae43e242567641af2 |
| SHA512 | 158f633226334ecb417edd8275a5888f2b756390a8154ec18dc4e10399f951b3223b6b334b9a5b6454098ecc5f25ae7cec42b98ca89afaf8a279e5e02a938fe2 |
memory/4696-14859-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 569bd2cd7699e3ff58f6014e324d491e |
| SHA1 | 5b13b1ced05e0ed49dae06384365438085bb2d70 |
| SHA256 | 1a1b5d632a572e7ac66af34398858dac6976642619392519b71e788937ea2752 |
| SHA512 | 2a6b730cfc1db8897b7e361784c02259445615fbaf30fa780e7705bafda7db2d68b7cf8baf627147ede84b59e188893e69186d332ca05b1f57e64ccdceb899fc |
memory/4696-14870-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 92a0e9b55264f798fdce4641db90aac1 |
| SHA1 | 2f0e2e825148aaca6e9e69a554e11c09d717191f |
| SHA256 | 75b7a014e2e1df322b312d2d07ee37b303182c0530159bf06786527903fdff9e |
| SHA512 | 4a8b3d575ad95857e3aa6323b2b7cb76a4ef901595d79eaf47dbfc2610501484df71361390e87f3686d9e8441bce6b6a47461f1ea6f824e21ac5b750b7c77d2c |
memory/4696-14926-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\cefdata\Dictionaries\en-US-10-1.bdic
| MD5 | 4604e676a0a7d18770853919e24ec465 |
| SHA1 | 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f |
| SHA256 | a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100 |
| SHA512 | 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9c073ff6c4cfdcee78c8df496ce9ca35 |
| SHA1 | 3f3cc26fd8b0a6201002a6c2516a5f2150841a4a |
| SHA256 | 2de809425fa3848dcfff784fcfaf734717ca773cfccc75521051ed44f3a917b4 |
| SHA512 | 41425e0e0db597e227f2406dd5359208a839a9f9b1b665a8637b34c8ae48c0b06488ead163131c0a413d73b6e1ef457e55d217476cd9b3a3f13ebacb3a3f900c |
memory/4696-14952-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 88e4ab8da92540678e6242d7043e2a1b |
| SHA1 | b3d900086d5629bf2882f0127a7a232340efdcc6 |
| SHA256 | e7c8f4ef6191f2a4e6352ba06120ca45d2c7adf4ab03ac24f104c26e23393600 |
| SHA512 | b1c33e531141ff0111048b9a1000f12e29b1dc35b535e1d97d34c38e2dcc6e458cff8cb4f82672f56cf3584032a8c85e00042518d4575cec85e0390705e0f7f9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 3ed845a94d8311adf1e82922b6612c8b |
| SHA1 | 991357485b1be18fdf487a35c9660b8f7a9dafb7 |
| SHA256 | 630c9273598e5977ecb03ff1e87e526427b9f8df4ca68f7ad4ac12942ed48b02 |
| SHA512 | 30adec37548c292affb7dd73422d9fb92026f8c6e0b82c5e9f50ed42b468f024f75fa11281b01aacd10a0972cfdc3ab41bda3927c2098d32ba927be631800ed2 |
memory/4696-14976-0x000000006FF70000-0x000000007135B000-memory.dmp
memory/4696-14990-0x000000006FF70000-0x000000007135B000-memory.dmp
C:\Program Files (x86)\Steam\userdata\1838748412\config\librarycache\2599051212.json
| MD5 | 5216ef382c2d09e344ae46f2c073acab |
| SHA1 | 91040770b2b51d00e6b7c32a37315eef249a55bd |
| SHA256 | 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617 |
| SHA512 | 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a185d790ea8d41d09dd10f70bc139f9 |
| SHA1 | c6fa90aae6b97c784165f935e237923dc1520af3 |
| SHA256 | c0ed5d30fe3b6dc15d2483a45395f87a12c1b55056a85fd6eeef6137be1160e3 |
| SHA512 | cce27d234550ee9816784bc825f1f0fefaecb96094a150238b616cdcbdf54aaff394c75f8513d35567aaf3a98e96a3c1b4469dd7a6932d118e81d148eb406b01 |
memory/5504-15003-0x00000168E31E0000-0x00000168E31E1000-memory.dmp
memory/5504-15002-0x00000168E31D0000-0x00000168E31D1000-memory.dmp
memory/5504-15005-0x00007FFF4C630000-0x00007FFF4C640000-memory.dmp
memory/5692-15007-0x000001CE18530000-0x000001CE18531000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 69b744ac930675bc08a3645e829ce9de |
| SHA1 | 680782797718bdfccc780a5b2da328175207769a |
| SHA256 | b7546e2dad2e7d0e1f6752b4daa48a466aa860e81302264088adcbfbda7a5da4 |
| SHA512 | ce70be21ea5e0058f8f534ba44db1d85692702e3e2a9931c3f493269b06e0190d224e00519bbf3474be62cc8a13644aa8e2cfda3fdd52c2502e5cebf00b60280 |
C:\Program Files (x86)\Steam\userdata\1838748412\config\localconfig.vdf.async4696.tmp
| MD5 | b9dd74c32604f2b84613acaf8685de34 |
| SHA1 | e0f9aa15e30266f165f80a511b68d1da2b0516f6 |
| SHA256 | d10a4298103b5b0a38ed7dc10c6628e0e084888a417687f0d779402a083e98cd |
| SHA512 | a0676d1c5f8d0404e6ffcde69e4e219e0899d2b75419b9d404bfc12bc15827cd0174dfc2cf11e05339bf6dc4982bd3e5e24eda9e9ddcf30b62196182bf330166 |
memory/5504-15035-0x0000016987F70000-0x0000016987F80000-memory.dmp
memory/5504-15036-0x0000016987F70000-0x0000016987F80000-memory.dmp
memory/5504-15038-0x0000016987F70000-0x0000016987F80000-memory.dmp
memory/5504-15037-0x0000016987F70000-0x0000016987F80000-memory.dmp
memory/5504-15039-0x0000016987F70000-0x0000016987F80000-memory.dmp
memory/5504-15040-0x0000016987F70000-0x0000016987F80000-memory.dmp
memory/5504-15043-0x0000016987F90000-0x0000016987FA0000-memory.dmp
memory/5504-15044-0x0000016987F90000-0x0000016987FA0000-memory.dmp
memory/5504-15050-0x00000169871D0000-0x00000169871E0000-memory.dmp
memory/5504-15049-0x00000169871D0000-0x00000169871E0000-memory.dmp
memory/5504-15048-0x0000016987F90000-0x0000016987FA0000-memory.dmp
memory/5504-15047-0x0000016987F90000-0x0000016987FA0000-memory.dmp
memory/5504-15056-0x0000016987E40000-0x0000016987E60000-memory.dmp
memory/5504-15055-0x0000016987E40000-0x0000016987E60000-memory.dmp
memory/5504-15059-0x0000016988070000-0x0000016988080000-memory.dmp
memory/5504-15060-0x0000016988070000-0x0000016988080000-memory.dmp
memory/5504-15064-0x00000169871D0000-0x00000169871E0000-memory.dmp
memory/5504-15063-0x00000169871D0000-0x00000169871E0000-memory.dmp
memory/5504-15068-0x0000016988070000-0x0000016988080000-memory.dmp
memory/5504-15076-0x0000016988070000-0x0000016988080000-memory.dmp
memory/5504-15080-0x0000016988070000-0x0000016988080000-memory.dmp
memory/5504-15079-0x0000016988070000-0x0000016988080000-memory.dmp
memory/5504-15075-0x0000016988070000-0x0000016988080000-memory.dmp
memory/5504-15067-0x0000016988070000-0x0000016988080000-memory.dmp
C:\Users\Admin\Desktop\Gorilla Tag\BepInEx\config\BepInEx.cfg
| MD5 | 43bf2a097425d604deea7237661705ee |
| SHA1 | 3b9561dffba3eda506242fd47d358d42a8b4e872 |
| SHA256 | 7cc5aac335779bf82d9babca4dc8d02f113b99679887eab406cc85ec8813c6c9 |
| SHA512 | e0e5b39eb5ba701b05f0566d47c8e26fdc0769aaa1d88cc976b8423565c5dd18bc16936cbb743b4b4c7b919157cfcc154d588c227912a7e4a3788f9ef7bbd477 |
memory/4696-15090-0x000000006FF70000-0x000000007135B000-memory.dmp
memory/5504-15105-0x0000016A14DF0000-0x0000016A14E00000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnCache\data_1
| MD5 | 29e5c2e0b1c137f30c3a5a0c8b4db9de |
| SHA1 | 2a6dac774f120cc799213ec983a834c3c5a28c83 |
| SHA256 | 45c69ecce0e126d801b6c2ab81e70847044391bd148d12f176025b7a312a34e4 |
| SHA512 | eaa43d1dee3ae86d8a896a9526bec55773797c47a094555bf17fb756ca56680ab795ebbf6eacdf62940fbcf0c8e0610dacb47ef055951376017daa71d05bc13d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b84cafc8f6fa9789fbfc8d39ef68986 |
| SHA1 | 0d7d1154dda288f62f806fbc655bca757955d474 |
| SHA256 | b0a68234f2897d8d0f2ec4e6a6067cbf374a0c2abcf7f9121a0821e21dc553e6 |
| SHA512 | 1905c40fe8492d80778addeb4c05508cc2d77500a23da448cb37df3bab5cfc72e4c691ddf1e66b28b5decee6e04d76654c305351d864338da753c969c49690c6 |