Malware Analysis Report

2025-01-19 00:04

Sample ID 241104-r76s7a1kdy
Target dolla-cafe-menu.png
SHA256 25e3100617d30aefffe68e607812640443943a405a14ad1d3f99005018748df7
Tags
steam discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

25e3100617d30aefffe68e607812640443943a405a14ad1d3f99005018748df7

Threat Level: Likely malicious

The file dolla-cafe-menu.png was found to be: Likely malicious.

Malicious Activity Summary

steam discovery persistence phishing

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Detected potential entity reuse from brand STEAM.

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-04 14:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-04 14:51

Reported

2024-11-04 15:08

Platform

win10v2004-20241007-en

Max time kernel

1050s

Max time network

1054s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\dolla-cafe-menu.png

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_b_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_outlined_button_a.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\ClanEventDialog.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\.ntfs_transaction_failed C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_romanian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m1.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_dpad_touch_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_right_sr.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_collapse.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_l3.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\vrwarning_dialog.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_x_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\ssa\ssa_bigpicture.css_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0412.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_ps3.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\icon_password.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_left_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0150.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_mute_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_right_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_up_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_060_vehicle_0040.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_down.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_outlined_button_b.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\pt-PT.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0120.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0407.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0070.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_welcome_large.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_lb.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_ring.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_lb_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0040.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_grid.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rt_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\joingamedialog.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_button_circle_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\cmnd_screenshot.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_ring_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\ssa\eula_italian_bigpicture.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\toolwindow.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_offline_posix.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\remoteplaytogetheravailablenotification.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\ssa\eula_japanese_bigpicture.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_ring_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_touch_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_square_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_achievement_toast.wav_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0320.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_swedish-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_square.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r1_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lb_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752055005499589" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{8F820658-AF30-48DF-A3FE-D836C132E44C} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3736 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 1200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 3296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3736 wrote to memory of 4544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\dolla-cafe-menu.png

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb24d2cc40,0x7ffb24d2cc4c,0x7ffb24d2cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4480,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4924,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4852,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=864,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5184,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5468,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4632,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5496,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3764,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3708 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3496,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3420,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5128,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4120,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5520,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5660,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5744,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5376,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5248,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3564,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6060,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6064,i,14672494227164603572,13245517512896112833,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb24d2cc40,0x7ffb24d2cc4c,0x7ffb24d2cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=2576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3120,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=4480 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3100,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=4776 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4788,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3152,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=4376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5116,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=4996 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x508 0x3dc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5332,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5688,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=5644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6004,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6012,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=6060 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6172,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5700,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=6164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5712,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=6056 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5240,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6080,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=5564 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5148,i,12884728242073719087,11742356062392423500,262144 --variations-seed-version=20241103-180210.308000 --mojo-platform-channel-handle=5460 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=216" "-buildid=1726604483" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1726604483 --initial-client-data=0x364,0x368,0x36c,0x324,0x374,0x7ffb264cee38,0x7ffb264cee48,0x7ffb264cee58

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1668 --field-trial-handle=1736,i,12228868715370160852,6403384838805872279,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2192 --field-trial-handle=1736,i,12228868715370160852,6403384838805872279,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2512 --field-trial-handle=1736,i,12228868715370160852,6403384838805872279,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1736,i,12228868715370160852,6403384838805872279,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1212 --field-trial-handle=1736,i,12228868715370160852,6403384838805872279,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1726604483 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3684 --field-trial-handle=1736,i,12228868715370160852,6403384838805872279,131072 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.201.110:443 clients2.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 216.58.201.110:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ogs.google.com udp
GB 216.58.201.110:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
GB 216.58.201.110:443 ogs.google.com udp
GB 216.58.201.110:443 ogs.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
FR 142.250.75.131:443 id.google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 131.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
DE 128.116.44.4:443 www.roblox.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
DE 128.116.44.4:443 apis.roblox.com tcp
US 8.8.8.8:53 4.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
DE 128.116.44.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 2.19.117.134:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 auth.roblox.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 134.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
GB 216.58.201.110:443 ogs.google.com udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 arkoselabs.roblox.com udp
IE 13.224.68.39:443 arkoselabs.roblox.com tcp
IE 13.224.68.39:443 arkoselabs.roblox.com udp
US 8.8.8.8:53 39.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 172.217.169.67:80 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 arkoselabs.roblox.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.212.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 216.58.212.234:443 ogads-pa.googleapis.com udp
GB 216.58.212.234:443 ogads-pa.googleapis.com tcp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
FR 142.250.75.131:443 id.google.com udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.212.234:443 ogads-pa.googleapis.com udp
GB 216.58.212.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
GB 2.17.5.46:443 store.steampowered.com tcp
GB 2.17.5.46:443 store.steampowered.com tcp
GB 2.17.5.46:443 store.steampowered.com tcp
GB 2.17.5.46:443 store.steampowered.com tcp
US 8.8.8.8:53 46.5.17.2.in-addr.arpa udp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
GB 216.58.201.110:443 ogs.google.com udp
GB 216.58.201.110:443 ogs.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.213.1:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.75:80 r11.o.lencr.org tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 test.steampowered.com udp
GB 2.19.117.155:80 test.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 155.117.19.2.in-addr.arpa udp
N/A 127.0.0.1:58981 tcp
N/A 127.0.0.1:58974 tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp1-lhr1.steamserver.net udp
GB 162.254.196.79:27019 cmp1-lhr1.steamserver.net tcp
US 8.8.8.8:53 cmp2-lhr1.steamserver.net udp
GB 162.254.196.80:27019 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.80:443 cmp2-lhr1.steamserver.net tcp
US 8.8.8.8:53 ext1-par1.steamserver.net udp
FR 185.25.182.20:27019 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 79.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 80.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 20.182.25.185.in-addr.arpa udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
FR 185.25.182.20:27022 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ams1.steamserver.net udp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 p2p-par1.discovery.steamserver.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 216.58.201.99:443 tcp
GB 216.58.201.99:443 tcp
US 8.8.8.8:53 p2p-par1.discovery.steamserver.net udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp1-atl3.steamserver.net udp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 8.8.8.8:53 cmp2-atl3.steamserver.net udp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 8.8.8.8:53 cmp1-iad1.steamserver.net udp
US 162.254.192.98:27018 cmp1-iad1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp2-iad1.steamserver.net udp
US 8.8.8.8:53 cmp2-dfw1.steamserver.net udp
US 162.254.192.99:27018 cmp2-iad1.steamserver.net tcp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 184.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 98.192.254.162.in-addr.arpa udp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 162.254.192.99:443 cmp2-iad1.steamserver.net tcp
US 8.8.8.8:53 cmp1-dfw1.steamserver.net udp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ord1.steamserver.net udp
US 162.254.193.75:443 cmp2-ord1.steamserver.net tcp
US 8.8.8.8:53 cmp1-ams1.steamserver.net udp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 99.192.254.162.in-addr.arpa udp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 36.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 133.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 75.193.254.162.in-addr.arpa udp
GB 216.58.201.99:443 udp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.3.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.75:80 r10.o.lencr.org tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp1-fra2.steamserver.net udp
US 8.8.8.8:53 cmp2-fra2.steamserver.net udp
US 155.133.229.4:27019 cmp1-fra2.steamserver.net tcp
US 155.133.229.20:27019 cmp2-fra2.steamserver.net tcp
US 155.133.229.20:443 cmp2-fra2.steamserver.net tcp
US 8.8.8.8:53 cmp2-sto2.steamserver.net udp
SE 155.133.252.69:27019 cmp2-sto2.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 4.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 69.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
SE 155.133.252.69:27018 cmp2-sto2.steamserver.net tcp
US 8.8.8.8:53 cmp1-sto2.steamserver.net udp
SE 155.133.252.68:443 cmp1-sto2.steamserver.net tcp
US 8.8.8.8:53 cmp1-fra1.steamserver.net udp
DE 155.133.250.4:27022 cmp1-fra1.steamserver.net tcp
US 155.133.229.4:27024 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 4.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 68.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp1-ord1.steamserver.net udp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 162.254.193.75:27018 cmp2-ord1.steamserver.net tcp
US 162.254.193.103:27018 cmp1-ord1.steamserver.net tcp
US 162.254.192.99:27019 cmp2-iad1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 162.254.192.98:443 cmp1-iad1.steamserver.net tcp
US 8.8.8.8:53 cmp1-sea1.steamserver.net udp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 103.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 cmp2-lax1.steamserver.net udp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
NL 155.133.248.42:443 cmp1-ams1.steamserver.net tcp
US 155.133.229.4:27023 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
AE 185.25.183.36:27025 ext1-dxb1.steamserver.net tcp
AE 185.25.183.36:27038 ext1-dxb1.steamserver.net tcp
US 8.8.8.8:53 ext2-dxb1.steamserver.net udp
AE 185.25.183.52:443 ext2-dxb1.steamserver.net tcp
US 8.8.8.8:53 ext2-bom2.steamserver.net udp
IN 155.133.224.23:27030 ext2-bom2.steamserver.net tcp
IN 155.133.224.22:27038 ext1-bom2.steamserver.net tcp
IN 155.133.224.22:443 ext1-bom2.steamserver.net tcp
US 8.8.8.8:53 ext1-maa2.steamserver.net udp
IN 155.133.225.20:27038 ext1-maa2.steamserver.net tcp
US 8.8.8.8:53 ext2-maa2.steamserver.net udp
IN 155.133.225.21:27038 ext2-maa2.steamserver.net tcp
US 8.8.8.8:53 36.183.25.185.in-addr.arpa udp
US 8.8.8.8:53 52.183.25.185.in-addr.arpa udp
US 8.8.8.8:53 23.224.133.155.in-addr.arpa udp
IN 155.133.225.21:443 ext2-maa2.steamserver.net tcp
US 8.8.8.8:53 cmp1-sgp1.steamserver.net udp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
GB 162.254.196.80:27019 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.79:27019 cmp1-lhr1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 22.224.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 21.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 4.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 cmp3-hkg1.steamserver.net udp
HK 103.28.54.102:27020 cmp3-hkg1.steamserver.net tcp
US 8.8.8.8:53 cmp2-hkg1.steamserver.net udp
HK 103.28.54.101:27020 cmp2-hkg1.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.4:27020 cmp1-sgp1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 102.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 101.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.82:80 e6.o.lencr.org tcp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
US 8.8.8.8:53 cmp1-hkg1.steamserver.net udp
HK 103.28.54.100:443 cmp1-hkg1.steamserver.net tcp
US 8.8.8.8:53 ext3-tyo3.steamserver.net udp
JP 45.121.184.22:27031 ext3-tyo3.steamserver.net tcp
JP 45.121.184.22:443 ext3-tyo3.steamserver.net tcp
US 8.8.8.8:53 100.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 22.184.121.45.in-addr.arpa udp
JP 45.121.184.22:27024 ext3-tyo3.steamserver.net tcp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 cmp1-lax1.steamserver.net udp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 69.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
IN 155.133.224.22:27019 ext1-bom2.steamserver.net tcp
IN 155.133.224.23:27035 ext2-bom2.steamserver.net tcp
IN 155.133.224.23:443 ext2-bom2.steamserver.net tcp
IN 155.133.225.21:27020 ext2-maa2.steamserver.net tcp
IN 155.133.225.20:27028 ext1-maa2.steamserver.net tcp
IN 155.133.225.20:443 ext1-maa2.steamserver.net tcp
AE 185.25.183.36:27034 ext1-dxb1.steamserver.net tcp
AE 185.25.183.52:27028 ext2-dxb1.steamserver.net tcp
US 8.8.8.8:53 cmp2-sgp1.steamserver.net udp
SG 103.10.124.5:27019 cmp2-sgp1.steamserver.net tcp
AE 185.25.183.52:443 ext2-dxb1.steamserver.net tcp
GB 162.254.196.79:27019 cmp1-lhr1.steamserver.net tcp
HK 103.28.54.100:27020 cmp1-hkg1.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 5.124.10.103.in-addr.arpa udp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
GB 104.82.234.109:443 api.steampowered.com tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.5:27020 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
HK 103.28.54.101:27020 cmp2-hkg1.steamserver.net tcp
HK 103.28.54.102:27018 cmp3-hkg1.steamserver.net tcp
US 8.8.8.8:53 ext6-hkg1.steamserver.net udp
HK 103.28.54.172:443 ext6-hkg1.steamserver.net tcp
US 8.8.8.8:53 ext1-tyo3.steamserver.net udp
JP 45.121.184.20:27036 ext1-tyo3.steamserver.net tcp
JP 45.121.184.20:27032 ext1-tyo3.steamserver.net tcp
JP 45.121.184.20:443 ext1-tyo3.steamserver.net tcp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
IN 155.133.225.20:27024 ext1-maa2.steamserver.net tcp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
US 8.8.8.8:53 172.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 p2p-lax1.discovery.steamserver.net udp
US 8.8.8.8:53 20.184.121.45.in-addr.arpa udp
US 8.8.8.8:53 p2p-lax1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 ext2-gru1.steamserver.net udp
BR 155.133.227.50:27020 ext2-gru1.steamserver.net tcp
BR 155.133.227.50:27034 ext2-gru1.steamserver.net tcp
US 8.8.8.8:53 ext2-eze1.steamserver.net udp
AR 155.133.255.164:27020 ext2-eze1.steamserver.net tcp
AR 155.133.255.164:27023 ext2-eze1.steamserver.net tcp
US 8.8.8.8:53 50.227.133.155.in-addr.arpa udp
US 8.8.8.8:53 164.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 ext1-gru1.steamserver.net udp
BR 155.133.227.34:443 ext1-gru1.steamserver.net tcp
US 8.8.8.8:53 ext1-scl1.steamserver.net udp
CL 155.133.249.180:27025 ext1-scl1.steamserver.net tcp
CL 155.133.249.180:27029 ext1-scl1.steamserver.net tcp
CL 155.133.249.180:443 ext1-scl1.steamserver.net tcp
US 8.8.8.8:53 ext1-lim1.steamserver.net udp
PE 155.133.244.34:27037 ext1-lim1.steamserver.net tcp
US 8.8.8.8:53 ext2-lim1.steamserver.net udp
PE 155.133.244.50:27021 ext2-lim1.steamserver.net tcp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 p2p-atl3.discovery.steamserver.net udp
US 8.8.8.8:53 180.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 34.227.133.155.in-addr.arpa udp
US 8.8.8.8:53 34.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 50.244.133.155.in-addr.arpa udp

Files

\??\pipe\crashpad_3736_WNPORHGWBVZFKLPL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d89fa00db110e8e7844314beeb1e6986
SHA1 862fc136f2845b552d9b6fd17970ec08207d352a
SHA256 12a5be6f4f8b44bdde99b7c78358cd63ce3a2949114e1b674e634a56489b332c
SHA512 d78b6baec1d03ce4f53f8a689e4bff5690d5033da0d07098fad603192ea6f5eb9f12c88b852a1d40fe86f8074312723cc93c4d8b94dc7c2d7edd206a7a610d47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c773d1b32c58932e7dcf59934e640cd
SHA1 0239a03ce47943b0710379a7c3e7348c3a21b93b
SHA256 b4af7c23d7a2297e64ac9fffd07f8502aec9dc68b3cfd3d04ae4c3dabf3c5ad5
SHA512 2d3bb1622c9b9a7cc0f29c029a1b75a53ed0850784c10c5ed7f90086cb572e8c164fe5b7c7a18c859e51951f3385c97543fc16abed3dbb4afffe7d4b01d069a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66ea55e04bb288321b5a3c3c5ceb3c98
SHA1 b2bbe1e5fd2c57c15a47b4e3cd364f0fe606eb21
SHA256 594c950dae4d20b485c6bbf5fd1d15bf7f49905f3f29de19b70e3b94060180c6
SHA512 b6b6c81810153b16e6fdd65cca5401be5611c57e2ff3fa3a82e671639116033bd1e0fa67a9297ad2a720b9e51c2950e6c8633667ebefd848a42eb2420a258ad3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5aeb3c4f9674d0e036c7435eac5e01d7
SHA1 0b9cdf7a37722f7aedfa67d2c36f3c38b5b99bbb
SHA256 05f183d69500987073cbcc66236acdc37e66afa45894006499990c11d0c537cd
SHA512 a1ebacffa1f1bf3ceaabd0a47453e249d581f209578b1b524eff554c0e1a8a5fc1163716f2a3707df531f899f25a8c16f125c768d2d7d60ee6cd6eb07ecd1019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 55a09ebbd203c80587b9c315555ce0ff
SHA1 df9e037c485d1f64af2db2f28c949bee4d975431
SHA256 04a7f5c93da90785f2d42da66377ff58c01c48ede1b867929701c3163c8ffad8
SHA512 59c1e4e26c2eafd88116b5c8e3dfbc0792813d7a075c44b32c21216fd200ea4f9472b4357603d44263603695f69ce9a9404f323cdd21fb75ffcf375791914e93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31ebc8d4a53e6cd5400aaa191c7fd040
SHA1 ae09cff6efae30fa5a545ec108156a89451e0fb9
SHA256 952454563c8db0959dd37b77e5ee380a24870de84cf2b520d8729671d1833bdb
SHA512 efff7042c3c877a068668170fd459af2dfcace99afbf99a2172a9c89de5818ec45e09bed8bb982c936ba76a5bc7a2ab8b0ef73b04d79e40731a0933308ace26d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4fe704fc0ee8dbcd0c15ff6052accf46
SHA1 9a1416979815f874a3d23a471d776da5d4590436
SHA256 cbea5fd980b79344c3b0a2adfeefc56ca654a24d8dc51824a5ab4a729de4ff09
SHA512 3895f4b4b1becc9d26009763dcabec8feec5407a585aed05dfea4c43beb06ba9297f132fc1de1b29aa21bae553c9d69fa96218e6f369eb106dfa52ea319dc77d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1adecdccb674e395865605c79af9aa06
SHA1 c29636a45068f76a8996f12b7571e5d0d32395ed
SHA256 8ece2f94237a2519b36190479d34836f2ac79975388f0705adde920d106a04ce
SHA512 b112ba65906fc0fd8b4f9f9478ed37974f185bbac16ce3d5e9068d5a04db51a7968ba52ea8a8c9aa0cdd79b57b09024f37115f5d6cc201e10608c2376c875bb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 975b779b7ed2ad3263ac077b89508848
SHA1 d06b4a69348b364d45a7244bf1983f836a7cb804
SHA256 0b9881780ca720b6e540973edf24b428d599adbdf4eef809a73928e4c077b90b
SHA512 4be265fac2136f97deb2c9086c24b7b86cf76962c59dbe9f96ce90cf9c7366da824699e6227333344fececd6fced0c8789ed89cbba56a9eb371428329cccdc08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac7929a65f06030653ec5a1c50a94e7d
SHA1 67c581d8a6659d9a35fdacb7ce126eef27843e3f
SHA256 70cf85f964e34597f68391f3def992973efa0812ceb1a09fbc68419e2718b3f7
SHA512 c81ce498638b006545b60bde5621a9e76a563daf63ea3c3a039777a347f7ba5fe7c50d83afb5568b7176c83e26315cc2e438150820dcbcbe2dcc04a3b3df69e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b3df6d49f7ffdbe801ddaa81aa15385f
SHA1 378a4f59ceb4b19a257ed3854b771236105b52b7
SHA256 5830cabdaed4d32f9a6fa44f4de4f344ed1bd506d1c858cebd23564fb959b325
SHA512 16cdd52d83927303452061da49045645c0e82e06717464e9557c1bfc6534f540922268ccb5ffbf966202287ba98fa8af050fe7b3e5c6a860e613682da2f64e48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 852204b48dc81c58c95b450c07f765bf
SHA1 b96fe47d5f3d9ba4d82c67b7277a4f22adc81385
SHA256 ac040f8909dd1e13e7c3e86edee929bbadfa18e114b7ddb329a2403a3a9becdb
SHA512 444bce7bad85347cefff957efe7ef1d01cdf87c0d4c5e2930755af878a7860ce70135fe42172a1285509a65877f77c42cebed9678a6b8945a241308043a0746b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f2a81382eeca5b22b2ea29b12a16e358
SHA1 74f466b280807bab198a8831d302230132e6a52d
SHA256 fd8da2ec74183be063f6b33c36e17ff6f1125217780fb485c51f481f632f84f9
SHA512 7466482464cc1b0f0645ff0ac9fb7935a72102b3d6a5873e4ff6f91a2ea221d9c2f4b30ef8fbc825264e750a0f172145ed60f7f24594cb001d6c0c2fa3d9d3ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e7c9fe4766f0d6004f0bea439ffaf0d
SHA1 efb56a82adf728824c0fbd6c3bfad8b658d1c0a2
SHA256 aad08a064ef21174113f2d6f49a517347770659b9b8adacf7667ea6c85c0e755
SHA512 27d3f8bc6ebff2c6ff05520a79a0ef89dbc42ab4d8831dacf0850a33a83bab5730720a5a8a02f954dcf0eee6fd16f466706713c5700cb44f6c7e9a6737a474a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc99657395e9e26831ddb21ccfc91bd7
SHA1 c301d1741987edade6d84b06425eb1976183e410
SHA256 605ed17f405f83bfcb4dcfbe8ea99e9d47ea3e62fc06410635cffbfc6d19a77c
SHA512 2a75f85acd22d00b1e8969257b0558c6b3c2cf77fcc551ef136e9e94931a5380d8f4c58961db123a694767f271218da8a59dd4bca23696fab1dd22102924b51f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 37053569a2c6f7e5ec0ba0bad0dec0ad
SHA1 c076b3b4d65dc69ea7dd613cbba8c7c486ee0c9d
SHA256 6da30bc0b9417c9b4ec3f6e6597479612c0ee62ff4df1c3fea2824b976235286
SHA512 f2dea898e8a63864dd88ee483114b1976a756bc8dc2d40abc609df5d74d800b632cd3ebe09ad547ae6c346712a141e9ffb69c69b5231b8c9d7e791a57ceb3ca4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aff401ac50fac9bb22801917076fad3e
SHA1 45bf90e909eae5d0eb41174dc27cc2237fc913c6
SHA256 3ff41e64b03c97b478eec8cc84b11727c5607226b31d36b1d3a510664938d71a
SHA512 36f79808c39858a2b0687d9ce63d5c542d2f2ac254869a51776b87d46123ca710ae6de85108d1e259ec00be41067dbed8bf0bf659bff73a9e5954ed63907b9e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 e5fc91cbce096df1d36191f9eedd3c64
SHA1 1a8076bf524b6d2b8a44c18fa8afb199a60dc1c9
SHA256 0e111dba5797ec182bf4af537a2c928ebd3957b99ed291610fbf322d6c2c9e19
SHA512 c9b064fbcb2df48dcf5bfa4387c164acb2bae075af013e6c39166dddc7e91ce993caaa0fdfac3ba1c3a12ca6c21577d99776fb1445f3009c7359b926a173f668

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 d4586933fabd5754ef925c6e940472f4
SHA1 a77f36a596ef86e1ad10444b2679e1531995b553
SHA256 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2
SHA512 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abf3f857d290ddfd7492490e52a70e2d
SHA1 5c6453f79d9941aa7ea182b3513dd32ce3ee74c1
SHA256 56facc6c0f1fc23834ab0f322bbbbf7f8ec5e46719d8ca1351544971c01279ea
SHA512 968f4e8146259b8e932638299fe7df41c6df57bcf1b281ce5a9dae18fd5b1beb5a378f2c06254cd3e5fb552160ec2999a2b176956ba784120674bff374559eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 346b8d1336748dcd071071c36dbfe281
SHA1 4ced74de945b24693377f985c63b36e575735ce5
SHA256 2b2812d7f0a64d466d388933069d41f3b9f3aaa659ceb37912e430098610d2e9
SHA512 a34b2aae41bfa9f7e9c9e74b3d22bb05126132934ee0a67bc58c798b52a65be29ddd32e3ff102d739786ac3b546f1405b39339fdba6b60312f66a53ee16faddb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 446fbdf6eb28be69a51db9c6b7773fb8
SHA1 1fdbe71f4974068bca13e968bf0bebbdb68f0e1a
SHA256 06865d779b8fc8cfc2c7d30818dc61282a7bac204a0ab56e09e5005aa4d9dd38
SHA512 22eef049cf32bde9790ab20f1506edd37936409f98f10d3b3c2e0cbb042773e2624fc4222ea14d91b5ce9deca88e07353dee5629f1ef5bcf163f35085915c518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06b7cbcf-88ac-49ff-8ddf-4a28cde72901.tmp

MD5 481bf4c912ea25233a9fbe432be0ff22
SHA1 ab38cc1d41c03f74b343e3ed93cb6b0504ad5044
SHA256 1b7227d0cbdc3f134fe289c568b729d535e69311256888e198178e811971defe
SHA512 f21e4f4a2b9a3472312e9eee93b0daa5dfa9cfa39b8209575e49f90430cee0982bdf8bf60b931767145a5928e00410e5f1d9865c9d3304288197c1e4d32d2d7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bb5f9b58a8723e555607f7a787072d04
SHA1 c5d271ab6fb2f50bc940cacb16842f77d36ef78a
SHA256 371147491d9f7377e832f83afada949befe14df8397b3e275a8a9939f4f94d58
SHA512 025e67e38cd38ebad593957f12c8677ee8a896c59b07e2e0bcf51b1414cf7e5b10b0b0e9a666b3f6d7addbd151752f01de6038d6cfa5ec7989929ccf37557cca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f47e017d74e97471cc80ac71524430a0
SHA1 85a030c89c4fbedb502c6d055cdde83ac969db25
SHA256 009734238e58ee8345be7d04bb91e456790f7629f083ba244d3edec9f88a2d17
SHA512 e575b90987f2a8a75bab008ca859b26d6eb1f502b7b7eac75fcdb79b9affdda91e2f8d185b21624e744255e802176011622da4aebdbf85504234fc03bb115a15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 48d6a5aa408149c04599e24f4eb891d4
SHA1 6b8fb7255dc278177139f9a781e107c6d3a9a384
SHA256 3ad69bced4267349aa0e2edc652d9c55d03b842d4c8ca725abe692bf9b24f74d
SHA512 3eccc76a42c57738259869591971eec8789ef88585defed2baea552046631bcb2a9ecb0c0570aa324f99c47b0e3ba69e44a9a95c2ccb0d7abb77bb39d7ba9118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 818444f96a5b11521722c2a736714570
SHA1 3eb1879ab924f87191483227d295ddf5992b78df
SHA256 b114a9fe29afe29269d8f8e49974fa7570059ec1b90854141a47f2e1cc9f1e3d
SHA512 d73d752254b6e4b117c1bcfe1cac944e86a251456ca80d7ba710d3c18304098471c01d70f788a4adf2a38a2698c6b891c14c1b4c5c92b0815e358a5222e3e153

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f105ee33519678beb8d9a8601cb01375
SHA1 f2510fc9d28b16f3aac2648de03c52c8bd0bb9a7
SHA256 2dfc74ca28f339e54dc11bbf759e109185cb4288d59beb75fb235911eddf166c
SHA512 c781cc77cf4e5cf81df400ee11c158daf56ff6c2f8f25e76c73bf2c3ec31ac116dd5d0fbc638c5f88b18b87249d4e10c71e09a9900980713d887766790bab5e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3ecbd0a161ed6618e40894cf8711a6ec
SHA1 7e791b717489e82355bac9cd3ac28de341c80d26
SHA256 a95cdb63980196e6b5c16ccfc2b714e5473b23c43fbb2bb7ca11a06c3c4a5de5
SHA512 ef4d67da0f0493aafeb244cf3c744a1234229519c3c2740f2b17f71a86603190a1bfd5b380a5362e1b45f6b92c04aa58f74f2ef9e955ceaf70f98c7901d3e18d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 82ff7057a3f4a809b6599d11bf46e108
SHA1 625201a9dd8b5826e1a229684dc5e9fb2cc9b1e1
SHA256 fdbfbebeafb81e8cc30df5ace6e4dda90c15463d6c66c4f1253f901b70603cdc
SHA512 e8074da034c09ce417a19a6f0f13e9e31b58f4ea7bc64a84a712dd0a8c180458bee3c0b624014042cc5550b28c9c6ce9c13e4fae564cace0923cae76b3e69edf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc2bbfc6ad828e745a7497e5d6015233
SHA1 5bfc991517639a73a9c22f5e87359b926f64962b
SHA256 3e2ba2e9696697f24401f14ddcd63174c378b1735450f0082a7afe759a37f2d7
SHA512 a46ddfb1ae575fb46c2a0081d4b0d7396475fce314c94fd6d3b388274102f4819335a958a6099c4795d50fab0845abcdf581328b39cf5d5ff63de2efa575cfa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e5222bbf88ea9603ec8d4b38e00eeee2
SHA1 77109e635e00e5b017fd032e99035efa13d8f845
SHA256 ad8fa20c3aa49b1c5c12b00910630c727cfef119e05eb329be8520a08ad710e8
SHA512 0defc317544258d4a06ba6edc1ab61428c60e07ec99c2838bf8f204a1e03a50a91a5f57f74c1d26bbf6584d8e0817f4fff7953c6cae0bea14cd39fa7001cee21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad8d45640f34b0bac1cd1b70398dda25
SHA1 3448645019ca04d8535a433f0cf217be123762c8
SHA256 18ae24d0f232ff12186699cffc78e7a5b32dd6fac7c046502636e5233e13b9be
SHA512 5db2e24078273929905f80aec8c7fc9a72422d436d63ab95cbc9e75b9dc6fcac99bf94fda093d5dde52873ecabd0728a07c8dc8405ea57ae7dd197f61798995c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65fc46c3dfb5ec238c426e7675f1271b
SHA1 3fa1f53c224563266e745bf202afd07056fcf653
SHA256 11e4c599a8cff0ca9bf2db78a48b4bdebb190b39730f9b6fc56d7694cf3ba463
SHA512 11c2602ff4dcf43b520ea79fe293073a5e50ca39b2a0b89ecb5512d3ad99f34cf8ce641ce1a52ce998295ce42a21500c9005ccf982451a5f05b0678635771246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e43ad9ea60302f3063c413102e0383b
SHA1 d12b551025dbf858a4b12cd3ee8c20c5609f1c5f
SHA256 c6afe3b02bf81e69c75f0e92cfbfedf0da7b8fc7c6db9a1163649b4b29627c8b
SHA512 605a611cad45830386713aa629bfd814b2fbbb046f0f89318f46c2364920b2729d75d39f8a8239a1fbffa31b6c9e37d4b8c0bf5d60f39c23dc052640f506a9c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ddd111ef581f012e14d886bb487c722
SHA1 8eed2dd30fcab38f737c9aa34dbeb3fbf4b076a0
SHA256 d04b491b99feb29d4c7a46f168998dcecf4fa48c9229c7c44eeb7ebd6d53f550
SHA512 aede64422b937006d33ed669e1b0ca649b732d3fdaba1d56d3247b25e6f4e918c6a646d56c10a9e16566c465f3c0d55e15a75a8820142716ab0c81d2f3684e43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed798bc323668341404e07b00f647ada
SHA1 91a4fa5cfd5c6740407df228fc8481bd4c2793ff
SHA256 7d31ce391e467cc86ee3dca9c2187d32af66101d647db2455ab014c0ad51d517
SHA512 6f8f9671a3e6c5d7b35461f9dc4b5f60474b6532d8551282b80344c0bc945c2a9ddf0c4a5609783cc237b8a9ee67fa2d3a37572216aadee494d26bed09bb3e05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 86b25e1c8f635c2df8edc418e116bf48
SHA1 7b86067d0aec4777b923b276140932a42555a70f
SHA256 7f6c78f823ca5602575feb58d45045cf92d4cc2d8486e9aa58c3b8dd3d3ef256
SHA512 365a4217d28c7a4c456cfa498adbc23ec98967acede62a04a75e189209001fa87c205e7856cdf3af62730b8393e3c1eb0d14a277049770bf65433e84f34975d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47e46287d270f4c09a6f994cdecb67b4
SHA1 9496c98d1b684268b9c783c8dfad5f8c126ff43c
SHA256 55767a6cca4300ba14fa871f861b365f91b3b2f8f6e3c6bec967baf491a8816b
SHA512 d75e27ac249b91285179cdf0a3de8ab498be25c4c2bbb75bd285559221e07afc56a57880d4a6002e78294423ba1c70526d0266959000034c388960dac42037b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0407b88ce984192c7c3cf167aaf12a13
SHA1 2d2865e55674f170c16113a3a27f25da40a7b3ce
SHA256 c7733d942f970909b974dd6bcb1e593f821d105d590e0ed0e73b0e33cd71141f
SHA512 349577304df09d80887ee68a3dfec59b88a97ee9d9b0b36313fd55d94fa2f92f6a85fc2af931a7877d5436a5641cdad1a285d6bdcba0eee933422156ee1210b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c663f3a2cf20eb820c5fcfac00911f03
SHA1 e77b6942686c60c00f5c04d83691339f90ef6d1d
SHA256 76d9cedb5a0524687dc42b4f4f99b1a1ed3db56b08aab69551bd6afea3462add
SHA512 4340e423481ca574537da6480d62ee24667cf0412aec5efa37a5b9c0bedd76348629424c4f0a778397d5508f2b2d1d68295ddc762d0aa0346b20d8099db212a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 59d79d86c0888b1e6fc464614a9c439f
SHA1 e07a29e8536509d6ce7b6506c492155b61e12e71
SHA256 8c7b4580eb9ce19e0b64cad44cc25b22507da38a46eb5a059539e80cb0cd9be5
SHA512 247215c07de5eeba41f7c43c22c4e4c7d65b19df1905c986971f558612b5a0c3af5cb6fd61cc3856ae3133fa71f4cb3d238c0bcf66b26af870016d0996694be1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 db61545eb334d45a7372c788d1b24996
SHA1 b8c1c7ac4d27b3de11c311035617951face735ed
SHA256 6ae3870ceca3bfa51cb6eb7bb738b18abc041a55d6c4a151df40db0b936bb56c
SHA512 1d2c411dd76d45d6b93d7a9d1bee220766ebba689ea9017c57c6e04627037b0484e1bf1879f5e61e4d98f6bdb169592a91bb1aa183f43b4ca59cc6cc491510a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d2316bf9217e25545c1b5bfec67b470
SHA1 a5b5e24b67582546cf4d38f23976dd044394769c
SHA256 e3890fca2395fea34f7248b020dee1f13b31f0bdfb6b9d7c638d94598d418a4b
SHA512 574a1ee9a85a5fa86e191f7d643142173ed2a4dbcbae8a0ceb88de0444c71703ad5c4a5a3888c007522106bced636d8b97965f909f0888b2889f264f63ec7d1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b1a0782c85c92e3bfec85f18bae238a
SHA1 679bab23818ef9854676b6dd08c93cf762f549e5
SHA256 9130cfa65ac42bf51a85ab2b32781a98206d0162ce4fafe4b163ae7306e95780
SHA512 47c5eaab9d979d22a9d8732023bc5d5219f9c0464243fb8c4affcc4d431500a609ac10a84bccfc160c07bff08b76bb5c02101c2692f2b53d7e2733dbeb3a780b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 033fb1bf7f7bb9e40e2c908dd528537d
SHA1 7024181a36875c7eb61b020fb23ce1a5259a43cb
SHA256 95a5d5062201bef7acaaf88c702638fa9236e741091d48b1a978ab30d336b33b
SHA512 c3089b4c8edfc7e0345a4d931b6f98bde6cd8f48911ca7143804f30a42c6edd436a341910b824a035da5b83f1b2ac10a79fd45222a740be12a4fb0ddd40f3a82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 930000e9a79f24a11332b23cf14ee26f
SHA1 78050bfc08ca7c25798f85915e56ac09abdcf6e4
SHA256 5417b1c32c4e740f1d74e8fe222cfe22a40d72cb3781d9f70e252a690687bf51
SHA512 eccc44dc8f18d5157c7c42957bdf22768dffde73efe9a18d8329755beb69346a4e85089a1756ca5013be66eedb04971ee22d6e069a852129e89ac7b21e6c51ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7ebf6dff5ee6ecd465c339e1a598d969
SHA1 e99586893295fd8aedbf8a186f4e63f322c8c4b0
SHA256 2c2206c07e0470b9ae98f09e2d272da72ac2b72c10467117597dc8b81e44cb86
SHA512 4cad4ab21bb53d7e49c90286185a53b33e460f492f1e4ae55d3b230a9641129579a9c71761baf289e4900763ba5b7e4ece20cb8c636f2584d26b407571382d46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84e40e0df1cab4192735bcf1793ff880
SHA1 6504ecb66ec6da252c1bd45332f9792ed40d919c
SHA256 f4ef0fc33a55dd5ae7e689a936715f7bf7c0ba3fc010e2a1813bc8d7f594f7fe
SHA512 74172bbe33563cfaab363a8a3293667981e5aaefbd88f8986e3fcc3ad7a3a9369219205cbff7d63928d7a3a138ae8b7a9683e7b30d6975c6f97e4f175a77542d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39729eb7a2adebc727bc7d58db2af971
SHA1 b85dc1fbce2d9d661505f83e66fd6e1704a99ca3
SHA256 2e075ffdb832d39dee6c1e560ff0c9ed7685772dbb39ed31668856d92191557c
SHA512 92215bf1ff911c045d56d173a8ea2ddf9d1e1b0c33562f97c5c3b48bda7b54dba262fac2d3ade326652b50ce32ad6b7eae3af516e3e09760dbafe7c1ee8d6f22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a89ba322b8101863fbdbcd78856fbc9b
SHA1 e6728fccedab4a0bf474fcccabc931d695d560df
SHA256 9ff535ae078b7fd8632727085f15ef17dbb12564c6258f84e268e7d432ccce3f
SHA512 6f36d4f1d9300b5fdc36a1550e9b43fb18be6f41587e209e279ea934ef725bf24f97b73c547a2ee7f704dc61e432f1b1a09e57a9bfeaae0f6ba75b20a612afe6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e16cdbec1107e07ab6d303ed72bd552c
SHA1 afed3804840caa0c87b1b416e2c3a95c957edfba
SHA256 2e88ee70f5202232777282214586d2dab6c85fe6a3ac12ecb223ae152e8309f4
SHA512 a612a619cdba3cc59eef0d8abbd2a7fa6d3783cf8e871aba7e2ddab7f8b2a9036a6ec1736f3c97f4e4a02d50d2d9403f72bea6d77fe41780c79a3244dabdf477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 02e62d3fe44c0ed206217ca8492f9989
SHA1 99122218694e385c5f3d9121d31a1a8969563758
SHA256 9c8205c0a8940ecb8bdd7363fe3e01578c7b39d0c76bbe98daa2e145cb54c8d7
SHA512 ee6cbe8401503ae65b867daf42afc6ba36b9efa18072d5bfe153fc3117ad0cc470498a91a14983fade8d322ce98dbbaf52fa025cfc2b3fdb4ee080a121ad381e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 3d758a87359eb2af2e1f1b614c1ce917
SHA1 f72a80f7a49f3708e183609f4a875b361da2b2c2
SHA256 718d7489778721aa28a6966c278a9f3bbb5c4c4ce35f3082e2b57893535a13e6
SHA512 5f19498cbc84c5fcafe7915cabd924a97ea2ae5f57e082588e91785f0758c2984902964a78797468791091172150f6437229e3d38b1aad9d91d602846fc6712d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 b445ba2a4ab6ab364dac63c80358665b
SHA1 9751ab8940e800693ed32346dfbdb4c3e472d848
SHA256 76d3fe3e12e9296c94177e981ba19dbdc4d9e532c1c8b7c84e7ef942f3077d9d
SHA512 2832a6349c93db1ef62390efaf6baf2f4c642d0be3cf209acb7aec1f4c36477f20c008d51bcd0f05ec43af6ffd8551b266a84b30e829474bbb238e1743d1e856

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8dfabf41487debff466aebb44a46f83e
SHA1 42ad8bcef55a9d5158a297ba2164e6ec479a5e60
SHA256 68a50ba3e4177214e4364ebdee5369e7f1ed7e0fa7139c22ea7cdf0bab56589a
SHA512 cad9767b97816ac551b0d0fa8056ff81d885da879d2f9f361bee02baa029773301fd2ddcbbdf80fa450c72d4f20198f189d9aa5b79739a09472266f65c8260ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9ec9c789007a2d3280349857dcecb128
SHA1 a9e36e9db222504b859441827dc687b87241ac37
SHA256 af2d4905ec27c45dd56dda6d863b7d59b44f5995e0d8c8eb6c009b4d9a040aa1
SHA512 c7e696556dc255558ee3647d5ac7119b941c016cde15cdc518bb9534da47db78be681583df10cddc7dd12e491d7242a14eb3fc00c98bda366bebc2c02c013477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c375029d949e3656a890c4c37ab00adf
SHA1 b23b066889704b9c43667aade9794a34f889a977
SHA256 66e918acee6440263459361a1ac137f17b0b54c567a39434ab456e7eb67dffae
SHA512 18ec6dc029fe77ffc85b605064cd46743f7e68323c6bc6e84f9ddf944bda6696b1feaecb08a5f0e071870748e6222d57fe8baee3d7a55ba211899f35a635c9df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 41ce1b0fb5500b2e61bbec6aeb9c9e36
SHA1 5c849414b3e940e0f32e10b46dc4f88315796912
SHA256 f5551658061158c47d014c31802297fb5ce1ba8b9aa4eafc20b062316cdefbc1
SHA512 3760c1b998005cc21e5b1207483728b5159ee3ab4ebfa1a4e3d0a1e9f81b73770bcb983a094691134d279e4fb70712eb544cf6c77cc7f235b90a41e440c20283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d0d77e7c8425727cf2f8defde870b377
SHA1 8a991a81eb833eac690331580f54d297249d2835
SHA256 38885b4271bc1627cf545df80b789dccef4c1297be9adcef32f508951de6bf41
SHA512 df2f1e3ed1c90c6d0d485701bb351ed55ba3a6fb649bbd44c8d29bc161367f1ae9f70bdd493d94ecdfd5daf088400f928f3b2bb0ed2b58da3fa79e6fb74986b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 b98a65734ce4fa4d68e59759f7dc808e
SHA1 2f83e00358bf6c6b45d4e1697d31a216942b247b
SHA256 c293a227851abc75db24e8a37b859ce8f5273b9d9f689c49bef188027dc0cf3d
SHA512 891a87071302659f58d208df5817ac888a6a05c4758b0973c1ca64722261be402a5a410c3dd2213d5c153f2b8eca1a7d4eb30ea801b65ee8116330c4e3c77528

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 1fd21a5228803360e7498b21377bd349
SHA1 c028d9a423b995bb2f9d9b56ef09e5a4f9535b38
SHA256 920270c469d0fdd572881597d30bae6f24faec32c8a1e7e689186947ac7958d3
SHA512 c2324e1b0a32c3d4abdac5ee1c2e663d1e49c24c17f0b5a5dac56cc867f67d2665f29148de2773f2e048292b189d136876b557ae9837517f612155633cbb09b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

MD5 26ffd76d61ec1668cbd03cb513ec2d01
SHA1 2ab4001947e09e91dd39358c66b241f97c23f7eb
SHA256 816f13ce1ef490273bba45e30f5a779a396b038a6a35c0af05f5c8ab78fc0961
SHA512 40fcd39aae389d077c41a2b34a89a4c5bfa8773aaa68e16b58f0758a432970c89c984db6e5dbb5ed202209e279372ccfe23b2a51ff6eb0c6d3ad313708e4fb57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 546a1a058bfd2ff8f8837b5bcb8ee960
SHA1 cbb166782ad6a84bdd84a48d688e6f73933c6b22
SHA256 0eb5d87129bead1126935e0244199137fdf041a5a57cb52345a732dd8037c268
SHA512 3224f0519f32fb46fd16133aa8ef9abc3aa2179261316ec70506a342aa739e3700adddc0087e600cf482d21996f323a6315b96bdd0f7d87f1af6ece1441f8cb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 1caa7e06f8abcd3fca41e16a607b0604
SHA1 856638021212da63aaf5adcd70ba2f6453def7c4
SHA256 4383c7ebb65f9457b97ceaec726fef11ccadfe519f5be63eeb8b12d08870bb63
SHA512 5debdcd5029bd94c14f639f9fb21374c175c0eb510060a1fed1b55798124161c7504610ea9f6a2aa39a545f1a65ee2e975462eef61562acfdc9d19b70f280cd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 9bab25b49d18cf495825d2cac0c96e8f
SHA1 c0a0461939fcde2deb595090836c1e4728f8747b
SHA256 d6a8676bcdeb46aef2aca1ebacf9b79e1aeb57d115db065dd4288667ba2b3f70
SHA512 29202740ca7e52795421b3cc35865f87ea881a8be30f8e69214fca8f663b4f49eaedfe00fb48c6f3a65a32345f3991d1c83af47664b294efee250a297f546a59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 a9a4101028b3613f1b96b7d10c5e5922
SHA1 a41768801bca62aed2b03836ec3263a01384ccea
SHA256 eb2ffabbc530570cb0f24fcf586bf2987e3cf92c43da8f4eb1a37a0f48d67539
SHA512 c1d32dc856ca2f66682024cc16039e016ecac38b5953f8bd0fdb016a6576ca32d1cc35f25ad75327bfed8c889315d45d6aa64f4545d070a08b9a25de39519807

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 71c156e6e24363c097e61e2a40025f5b
SHA1 9326b21c570da801998c2461e05560c703f285ee
SHA256 bd2ae5ee1388a44afd673f3b6ee4dabd80041c81e62f257e3fe6dce4e387b269
SHA512 4096be5f94427065307861de5801d7fdd2c3f003905636ae489d1228aace8eac54c570fc72afbd00897f6016699f53375a4e3d3a78c807c186ff7b3aef77ced0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 be2330747b9f5ec4c940187380c66078
SHA1 e14088b0a020582dc179451894d087c5ff37d25f
SHA256 dac1549f2d532328996b4736e90c52c13acbbb5965b2919e2f1069292f1a93c8
SHA512 e5cd58a0d13c5d00d2a0e21567cd18dace4d30983ead81eb154efa333b0bef730118c1472ddbbd72131cf47b41b5fd4857e93d501973eec769dc948049ecdb39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 4352834589a68d157f6637d0843ea2ea
SHA1 6c2d6737a8ea952bebdb33e782909225264e371c
SHA256 d5ae170eab51d0ab892b9cc174704c60b22e915c6d2455e53906e68b458254ee
SHA512 a23b5d9d72368bf1128019b238861ea77c4e691aa5116f9fb7e5c4b759598c95e2d2b28bba13eb5772e4beaa4613c767d3a95fc8b3a375c98972e52dd69536b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 f69152db06083ce68ef862ff1502e462
SHA1 83037b4a8aec9e5906d612b9cf5fd9dff1e13b00
SHA256 fcc92e868ab1eec174839f608a34f4e91e965d1f153c78e9b8753616dbed6b60
SHA512 71cf3221f9153e1f6e6d017dd3d30d48cde0d37a8eabd24a13238c006d42f3fb359514aeda78c1ee818df1aa4f2037a2ffd9cdfa10a8bd07eee1db1ab26a956d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 c670db2f16a962add210b5e1b20c6813
SHA1 40027aa3e5eab0fd7b36a59e56aad499a4ef587e
SHA256 4c85f02e461b88a376597c3dfa548c1d9ba42f58d87aa90ee27ed35f9d4ac446
SHA512 54749e7ac3f040c048e17428c906fde25ed8260f9c1d5b46fa80bb0031e4c78ee5bc04a7fd60888fa2f44b427fb25d9d61cef8f25ef738043376c2a01a0eb97e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 eb7895ba582fa7cba9531ab42d9ed8c2
SHA1 740b43a2997f24d6859896bb46541ba2ce208f8a
SHA256 4966326cb66eba65e26b589887981530eeb795373529563244f4f29f18cab78f
SHA512 b405fe99fff3f9fbbc2849f4deac45cb3cd252a66e7f11fb20ed16e93aa0d63c752569bf42961910adebf0915388725fdba531283c9fc963b7b4221e066a357f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 5ed5f2fccb3b945bcdbaaf5f75e2b044
SHA1 daf890404e69683fe3ed1b7a9ba22063aa24d179
SHA256 f6514e2863ead7fc8e4661521f75d3b1934f9b89dfbd13e620dab907aeea916c
SHA512 7aa8789807cebde57890f4b774afe0512b195b01ea644f020b658ae5e7599156801c39d7868059be87c94569f8292abe2fee1e51b457295dfa2f9db779c66efb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 84337f56a94d0038fefe02e498123e06
SHA1 49ff82b16c1c58198a5c67105e505ecd7ae59f23
SHA256 23bc0e615d61a1bd7ec00cdc05a7567e7c527238579636c80754ae565b41251b
SHA512 900e685070d99a70b6dd59f42ae81682395db748cd5cd7a94dd03c2479796b8b53c9acfa3fd4d1ee23c63e6676c87dadfbc6a02bcf67b57924b9ca724736cf04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 f9450540412df0f1ee49d8c70cb734e1
SHA1 0ea941f52221a9e8d338f6878813fdbf2dce1f40
SHA256 79a522521368fb4e49b8eb32a00af198d75d13e22415f7ba1928c7fc6d35f538
SHA512 fcd8ef89ee0c2ff67067d02ebcba681b6361c2581ac3d60bfc0c5c88fe8894b5157f4ca4e5032a5809c4b33ba7403825153f66c3ce54371c45a90f0c7a3986d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 ff748e48720c599b5fa85589d5c0ca75
SHA1 b1266bd1c8f569ee48e75a4ee53a0606763b09ac
SHA256 b495c515406172a3cc16aeb8d4339afb7dcdf5aab5502d89d5e2496e6287c9f8
SHA512 a929ef479cf5dfbe23397bd800600afd05392de61a031afd359f0a5cbe7c9d222454d12a98d0dcfd081ee8de73d7593942eab077f4b0bed84b0246d1bc4f2600

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 4d515a6bcea2982c9af45b7e0c660d56
SHA1 728e411e164315fcc5fb7263e5649d59e264de3a
SHA256 449f965921b15e1a10a4fcf947d8fa683d3193455b05fb99f68223f44b257180
SHA512 d700cd8ba0a330b35d8a82a815ec8d847d8009138eb2c996662684ef1ec11a0a60482826bdbdbb1fe8b697b0522ac92b75ec982c9a541ae8c5c5a665b884b3e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 1b58f18301120c69fa59fb5002715c30
SHA1 92065b3d07c0cd41b9a21fc5099216489f318154
SHA256 33508a003e502c61e85f7de747634cbea01820c74fb141d8e570849c5e23376e
SHA512 8d828218545d0396883454eae6178d5a30cc5c38e847c5062acb2b2e933fce5c789619d8781f3d4a60f4d476ddcca4100c9d5b3a4d62f31460e126bf44fee959

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 cf9a045249b1428cf661b67c2a11dbb2
SHA1 789b745d0993fc0b5856468e00d6fa4e5e7fe35a
SHA256 b782d1613940136ef4dc125cf87f133e58f362ec8eb3d94d800c419c8bc6fa06
SHA512 722132107fee3e492963885696727978fe6b0e9db72070ded1e5f50b779dff624a770618eac4d8ab972d2832275fc8779116dbbbd3a3afb884894b9c8e8d547a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 1e8927e28acae45f5f47aa45e7e78252
SHA1 107c16e5bd902b79c3beb11af9b6ba8e859ab670
SHA256 4f57c1099b93656206e46cc38e63ab6962daf5385ab4ddc1289e2c26143c96a8
SHA512 29a541da2fb5a184af23fb63e1f7197aec2eb4b39b563e09a21dff34b7c451abcbecd53f5721b660951742f79ab4bd14cad22739f11ad6c6c1d24714b26eb884

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 a703a4b42b70111ca6004ecefdbea94e
SHA1 9585ff5c417c6d84c944d24264e4cdcbb6c8a3ce
SHA256 59de5318c7e3d65847563ced64021fe72563faf67241a7182c8dd620cc248af8
SHA512 86e17b2d28860120fb50083ffa61258759dcb8657b587093ec0c02d7e0ccfdaa620f819d0755f94241e66bc9a7e8571cee2e19d057296f9e3bbaa92c8a0592ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 d155d67871a7525613dbffd153695f82
SHA1 0593c69a3262533604d0b8add22e3f08d3d778dc
SHA256 a8524deb855d2b5537c926719d9232cca12ff9c941a460e8bd3371186b8f005e
SHA512 93d5d891777cd73906ab458ec7ce7f26373f93b570b7b4a15b67db3b750587b6065bc6c9b259c4529ef9a7732381d0660cefae167e5e33025e5e42ccd49eb55b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 5e1108a3e8c03c3a9ada6c967fb25171
SHA1 e29c3adc027563cc4405783f52252e51923fcd88
SHA256 bb6e6c90637596952e23bb3b17cb0e5829e65f32fbf6ffeeb8026992b2b29fa7
SHA512 0792b6b0227753f74cd67ca9274d8b8315297512565b1829e7ffb45af94db847f4b81183f512c9a6e0198df29591d105d1ebb65230e2c0426541dca4a054e0a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 23edd275ca17b0c57d37634e99b6f111
SHA1 9f424849ff12eae82c2a2cb6c2a1e115de4b5b0c
SHA256 2507247408b6f8c0ba5f3ebbd96acf51dddc25bbd33fb539c2111ac6466f8dd3
SHA512 803a83b5874d4a535bc1eb56fe4b58e6bb01e3fd92849fc69fe9a72a1b399835d73c3f3b6008b92c6bcadeb68740534ef5bbf79e1fc9c4251aef6f37a10db86b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 936318f63045a00d16e5a8894d0fd7b0
SHA1 995d9143f6d296a5ff46b75e5c1bca8824cde2df
SHA256 80c89a37c528ea7e829a5c71851d1f646452a7cbba038c661e196a0f8c55e215
SHA512 7701d2e17e3cad39a6bc900a13541c24f47193024286c14befafb574b199a60e7490a7fb48e78df2bf4453c6851d0f6ff3f928ebaa09e5f6f10509c0333b61bf

C:\Users\Admin\Downloads\Unconfirmed 501192.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3ff82bbfc7691b2d03616eec3fdfdc65
SHA1 622c08bc72c7c94a7098cfae00dcc166f55a0c77
SHA256 378418c2a91fe4b1aea1ab3605754248d20393727448d7201ae4a0f06b66c54d
SHA512 ddfc126db74e9174b0de6e6dc953fb636a271f940aaa8b81fdb89fd3d405ce6529ab71d63fd5ea98a0802acf7dc846cf5e3e9b4ef583e89d1b9108dddcfad131

C:\Users\Admin\AppData\Local\Temp\9587eb8e-f966-4a0e-918d-f9092a8531d5.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\a5f694a9-b6b8-4870-a10e-33792fba2139.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir5088_183323209\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d439c949f0eb228d55451cfdd34cfbca
SHA1 ebfb86a2608e4fad78a569daa6463e4c91c7d041
SHA256 24dcd3768f0559ec24fa6b7769a1c1ee2cb1c95295d0fc6a3d879a0acb42d6a1
SHA512 bd3eeec7cfd3273253ef6bdb9c51fbffb12c273b38b379da0cd02d22168e0f56ed9fe791ddc94c144ca2d0e3a835697a10b0e2991f420e679f3c772aabdb1334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 259ad8b2a6b0b59828eb64111b42cb12
SHA1 6d0e8e593af150b5f75bca2710ef299e0594d8ac
SHA256 221a3d5a89e952d4bbdf0353c17d1eea6f44004d0d810553741a6321ba9219cd
SHA512 c5c5c03c29173e5e9922d705614a85059f89b56b7a4a9dcd0ef6477a062f63624f9b3717f46c25af367eccca184dd07b2b59541e0f61d7b88ae3f390140a0eaa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4b6b782d153168dbd10ebeb2a0a11112
SHA1 1942b916a8f2f2b3c7c23653c2e59f253960ffcb
SHA256 9025c26758cc4afadbec9b371be4c9f10c946000634fb88d570dbb93dd83493d
SHA512 13b3657af1050b8685db78c041f7bd9041c0bbdcd7cb9841d232ca6c69b688023c7806039ef97c81ee9260a2f9faa84c3fbda12aa592c5f0d4fbb395d94a1af5

C:\Users\Admin\AppData\Local\Temp\nstB763.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nstB763.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nstB763.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Users\Admin\AppData\Local\Temp\nstB763.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71f39a7dc7bafcd9347fa24cc4ed945b
SHA1 d4341f0f5ade904d3d5a99aa373b035ff539b2f6
SHA256 3e1482bf7c2eb883d3c542196d788bddd80503267424ab503e00a91d78a83a8c
SHA512 7108069f87cc77bc1e8a63f318a24274fa244807195c64d9fc5a6ab1ef4e2ba40f9b56812da8a18b2141d29afe1a3c1d7fa7d1aa1fe142a8dd0d52a7ffc413c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d54f9f29b9c115010104c5e5f22404c8
SHA1 472fcd1a9e8ad734e4a41c00f09d5ab05a7c3b52
SHA256 26c8a82fb8ac7b6044964bd12e2c8d02fec10ad945da64e6ef467b183d08da25
SHA512 85da357080b01948a83e430d5bbf62334a57fe5dfb6321a19fe1e1e942745c2afcc8a34235b40be012ee491fe8fa43b4be6ea8a0d0bcdd189509e7013b90b0a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9a303a2a78528b2d5586db8dca77ebf7
SHA1 d08ea452d484d9219532446e9a099e46dddaed2b
SHA256 8a02f325a441f8c4c4992271ec1e57e9b173cb4b150dad2af96ce73b7893cdce
SHA512 f63b681a004fef36a986d16d498c914676f85f2661ade1ffa2cfc416ff5fbea377d682a338b30dc00452927e7b37d4f9b212504e913cc97b9858f5140c51f3bc

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/2648-14464-0x0000000000BB0000-0x0000000001062000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/7428-14485-0x00007FFB43450000-0x00007FFB43451000-memory.dmp

memory/7428-14484-0x00007FFB42660000-0x00007FFB42661000-memory.dmp

memory/216-14550-0x000000006FF30000-0x000000007131B000-memory.dmp

memory/2932-14553-0x0000019621860000-0x0000019621975000-memory.dmp

memory/2112-14554-0x000002A896C90000-0x000002A896DA5000-memory.dmp

memory/7428-14559-0x00000287DD130000-0x00000287DD19B000-memory.dmp

memory/7492-14561-0x00000245B0FA0000-0x00000245B100B000-memory.dmp

memory/7492-14562-0x00000245B1010000-0x00000245B10EA000-memory.dmp

memory/7428-14560-0x00000287DD260000-0x00000287DD33A000-memory.dmp

memory/216-14565-0x000000006FF30000-0x000000007131B000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 8e5bd1bcacac7994b4023dabedd65534
SHA1 1fd1141a1d79053258b10961ad94d922542b29e5
SHA256 5c2e4e84a6e28fd2e73bffb02b27e234c865f243e834ab5dd49630efb2bf5370
SHA512 f89c3ba630d46321dedd40fee0ac2af939e41fd15fbef158ac36eacc81ff71dca4cea3dda206b9c7c3b690d957862493b4f1f794b17b6079bd2f95a5f2e8ef24

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5eeacb.TMP

MD5 cd98471597ba123e1863e2390dfc5f16
SHA1 c8b1380ba53250dd8e98469ce210df852ab7c8da
SHA256 a49a9f0d007d31b98cd821d773d944300c5b1ea6080610b8c0f438b165978091
SHA512 649ceb0e6362c85b3a6f25722d2c252603e6d18e987c2c601fa8be8799fda1fda5651b4c426431aeba0e75f460b906e4295dc41d12ebc840c1f591fe6cf5b303

memory/216-14581-0x000000006FF30000-0x000000007131B000-memory.dmp

memory/216-14588-0x000000006FF30000-0x000000007131B000-memory.dmp

memory/216-14595-0x000000006FF30000-0x000000007131B000-memory.dmp

memory/216-14602-0x000000006FF30000-0x000000007131B000-memory.dmp

memory/216-14610-0x000000006FF30000-0x000000007131B000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 f59259793b0b9fceef916268ad95b358
SHA1 5b96fe0ede3d36e1419848f8e596a54583bed7c6
SHA256 34327390004f9f66f7ca626474dfeb80f679cafc632782ce62ce4153c1cfd2a0
SHA512 04ab89464ac1651361862532409271138a4e3a5b1363294c6a908a7db68d2ca7afcee3fe5b7d69145c10afb95bfa9fe330552952bebc1d7c8ac512dfa6e93cb9

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5fa830.TMP

MD5 91a7f9d7129f687011f3a9d55ab522fb
SHA1 60ed04d1fbdce2152d66480bea6066170641c6ee
SHA256 c5cab057a670d36cda284c888f3636da811ab871d17adf063b3ad9c59c018451
SHA512 363d8397c56c4da0154c0fb2ce3577be47e6f83c955288ebd87895bc95c3bf316fdb81702909b44aae402d6457795eff7abfbe86b5399ea932094db80da0e2dc

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 f4dc2b2d3ddbfaf0c329a92c50517551
SHA1 cc6e16dc7a0d1514f27a168ace7e6247e71bf041
SHA256 f657760e920796d41f95bdfd8c1cbfd351d6b86e21b0f167e1888fba9a67197f
SHA512 c04478df8f38886498c93a5df40b50d02f2c794380d528cdccfa145bd57823407b4bf913a7b9671747c5671c1e01a46a7021f3d32a1787835faf709bad431ba9

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5fb8f8.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/216-14644-0x000000006FF30000-0x000000007131B000-memory.dmp

memory/216-14671-0x000000006FF30000-0x000000007131B000-memory.dmp

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2932_1502037371\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2932_1502037371\manifest.json

MD5 32ef54fcac37d3d390c05880067559d6
SHA1 ab44258473c7c1a920596ccc33463a765e5fe60f
SHA256 d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211
SHA512 3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 62c20ee59239b5c25055731f18abfa41
SHA1 9a0c54d7cf89fbcd3cd00dd9f6444b1277036579
SHA256 2a945092ec8d33e5294b2a511d75a39c0fb173acc9dbd4f4cce3f7881e4d7e5b
SHA512 d4612a17f5b837a079755617983a92a6453ab33f7d61dea980000ea78935cd35e4b78818d4973435832f934dec7f97c6c468ba4599ba17cfe8e30772ceb0401b