Malware Analysis Report

2025-01-18 23:47

Sample ID 241108-v2he7awdng
Target YEAH.png
SHA256 15c952ff76ab4feea15da576ac14b2c0f15c217ce350ea7155d586dde20b0ee1
Tags
steam defense_evasion discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

15c952ff76ab4feea15da576ac14b2c0f15c217ce350ea7155d586dde20b0ee1

Threat Level: Likely malicious

The file YEAH.png was found to be: Likely malicious.

Malicious Activity Summary

steam defense_evasion discovery persistence phishing

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Drops desktop.ini file(s)

Checks installed software on the system

Adds Run key to start application

Detected potential entity reuse from brand STEAM.

Suspicious use of SetThreadContext

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

NTFS ADS

Modifies system certificate store

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Checks processor information in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 17:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 17:28

Reported

2024-11-08 18:14

Platform

win11-20241007-en

Max time kernel

2699s

Max time network

2702s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\YEAH.png

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamerrorreporter.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\BadNorth\UnityCrashHandler32.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 9260 set thread context of 3860 N/A C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber06.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_up_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p3_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\250820_logo.png C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0100.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller_generic.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lt_soft_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\friendpanel_rightaligned.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_working1.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_czech.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_rstick_up_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7\VkICD_mock_icd.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l5_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l1.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_090_media_0110.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p2_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_button_y.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\SteamInputControllerConfigNotification.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_turkish.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0060.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0345.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\platform_vietnamese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_ring_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf.3586730505.tmp C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0120.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_l4_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\id.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\cloud_icon_down.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\vgui_schinese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_turkish.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_CDKey_Success.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_vietnamese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_lt_soft_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_logo_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_l2_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_brazilian.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\userdata\1456296740\config\librarycache\2371090.json C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber04.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_up_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_down_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_up_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_l2.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_updating_posix.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\gridview_placeholder_1.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_ring.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\tabStdLeft.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rb_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\ru.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_x_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_r2_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_outlined_button_a.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\gameproperties_dlc.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_r2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_button_create_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0360.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_russian.txt_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\LICENSE C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\manifest.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\_metadata\verified_contents.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\manifest.fingerprint C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamerrorreporter.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3973800497-2716210218-310192997-1000\{ECDB48ED-A5E4-42C4-9D82-6BBEB954719C} C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\steam.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 316939.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4552 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 1632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 3824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 3824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4552 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\YEAH.png

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff855c23cb8,0x7ff855c23cc8,0x7ff855c23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16301729574800044299,3470647855640026987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=9260" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ff84491af00,0x7ff84491af0c,0x7ff84491af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1552,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1556 --mojo-platform-channel-handle=1580 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2136,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2140 --mojo-platform-channel-handle=2132 /prefetch:11

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004DC

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2740,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2744 --mojo-platform-channel-handle=2684 /prefetch:13

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3100 --mojo-platform-channel-handle=3092 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3736,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3740 --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3888,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3892 --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=3860,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3852 --mojo-platform-channel-handle=3856 /prefetch:14

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3992,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4100 --mojo-platform-channel-handle=4104 /prefetch:10

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Program Files (x86)\Steam\steamerrorreporter.exe

C:\Program Files (x86)\Steam\steam

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3512,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3516 --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3972,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3896 --mojo-platform-channel-handle=3824 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4256,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3836 --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4608,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4600 --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4596,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4356 --mojo-platform-channel-handle=4624 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4508,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4292 --mojo-platform-channel-handle=4568 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=1908,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3884 --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4664,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4668 --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4476,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4528 --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=4644,i,16472092108883793641,12628670934248371487,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4524 --mojo-platform-channel-handle=4412 /prefetch:12

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004DC

C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe

"C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe"

C:\Program Files (x86)\Steam\steamapps\common\BadNorth\UnityCrashHandler32.exe

"C:\Program Files (x86)\Steam\steamapps\common\BadNorth\UnityCrashHandler32.exe" --attach 3860 14946304

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 3860 -steampid 9260 -manuallyclearframes 0 -gameid 688420

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

Network

Country Destination Domain Proto
GB 92.123.128.133:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 92.123.128.188:443 r.bing.com tcp
GB 92.123.128.188:443 r.bing.com tcp
GB 92.123.128.170:443 th.bing.com tcp
GB 92.123.128.170:443 th.bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
GB 2.23.210.75:80 r11.o.lencr.org tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
GB 2.19.117.21:80 test.steampowered.com tcp
N/A 127.0.0.1:62776 tcp
N/A 127.0.0.1:62774 tcp
GB 104.82.234.109:443 api.steampowered.com tcp
PE 155.133.244.50:27029 ext2-lim1.steamserver.net tcp
PE 155.133.244.50:27023 ext2-lim1.steamserver.net tcp
CL 155.133.249.164:27029 ext2-scl1.steamserver.net tcp
CL 155.133.249.180:27031 ext1-scl1.steamserver.net tcp
PE 155.133.244.50:443 ext2-lim1.steamserver.net tcp
AR 155.133.255.164:27038 ext2-eze1.steamserver.net tcp
AR 155.133.255.164:27022 ext2-eze1.steamserver.net tcp
BR 155.133.227.34:27019 ext1-gru1.steamserver.net tcp
US 8.8.8.8:53 180.249.133.155.in-addr.arpa udp
US 8.8.8.8:53 164.249.133.155.in-addr.arpa udp
BR 155.133.227.34:27022 ext1-gru1.steamserver.net tcp
CL 155.133.249.180:443 ext1-scl1.steamserver.net tcp
US 162.254.199.184:443 cmp2-atl3.steamserver.net tcp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 184.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 23.192.21.216:443 store.steampowered.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 104.19.229.21:443 tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 104.19.230.21:443 udp
GB 142.250.200.14:443 tcp
GB 74.125.105.39:443 udp
US 8.8.8.8:443 dns.google udp
GB 216.58.201.99:443 tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
DE 155.133.250.20:27019 cmp2-fra1.steamserver.net tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
DE 155.133.250.4:27019 cmp1-fra1.steamserver.net tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 43.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 42.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 4.250.133.155.in-addr.arpa udp
GB 216.58.201.99:443 udp
US 151.101.3.52:443 client-update.steamstatic.com tcp
GB 2.23.210.75:80 r10.o.lencr.org tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
PE 155.133.244.50:27024 ext2-lim1.steamserver.net tcp
PE 155.133.244.34:27036 ext1-lim1.steamserver.net tcp
CL 155.133.249.180:27021 ext1-scl1.steamserver.net tcp
CL 155.133.249.164:27033 ext2-scl1.steamserver.net tcp
PE 155.133.244.34:443 ext1-lim1.steamserver.net tcp
AR 155.133.255.164:27023 ext2-eze1.steamserver.net tcp
AR 155.133.255.100:27036 ext1-eze1.steamserver.net tcp
BR 155.133.227.34:27028 ext1-gru1.steamserver.net tcp
BR 155.133.227.50:27032 ext2-gru1.steamserver.net tcp
CL 155.133.249.164:443 ext2-scl1.steamserver.net tcp
US 8.8.8.8:53 cmp2-lhr1.steamserver.net udp
GB 162.254.196.80:27018 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.80:27020 cmp2-lhr1.steamserver.net tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 34.244.133.155.in-addr.arpa udp
US 8.8.8.8:53 100.255.133.155.in-addr.arpa udp
US 8.8.8.8:53 50.227.133.155.in-addr.arpa udp
US 8.8.8.8:53 80.196.254.162.in-addr.arpa udp
GB 104.82.234.109:443 api.steampowered.com tcp
HK 103.28.54.100:27018 cmp1-hkg1.steamserver.net tcp
HK 103.28.54.101:27021 cmp2-hkg1.steamserver.net tcp
HK 103.28.54.102:443 cmp3-hkg1.steamserver.net tcp
US 8.8.8.8:53 cmp2-sgp1.steamserver.net udp
SG 103.10.124.5:27018 cmp2-sgp1.steamserver.net tcp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 101.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 100.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 102.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
JP 45.121.184.23:27019 ext4-tyo3.steamserver.net tcp
JP 45.121.184.23:27031 ext4-tyo3.steamserver.net tcp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
JP 45.121.184.21:443 ext2-tyo3.steamserver.net tcp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
AU 103.10.125.148:27030 ext1-syd1.steamserver.net tcp
US 162.254.192.98:27020 cmp1-iad1.steamserver.net tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
JP 45.121.184.20:27032 ext1-tyo3.steamserver.net tcp
JP 45.121.184.22:27021 ext3-tyo3.steamserver.net tcp
JP 45.121.184.23:443 ext4-tyo3.steamserver.net tcp
HK 103.28.54.172:27037 ext6-hkg1.steamserver.net tcp
HK 103.28.54.100:27018 cmp1-hkg1.steamserver.net tcp
HK 103.28.54.172:443 ext6-hkg1.steamserver.net tcp
SG 103.10.124.5:27018 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.5:27020 cmp2-sgp1.steamserver.net tcp
US 8.8.8.8:53 20.184.121.45.in-addr.arpa udp
US 8.8.8.8:53 22.184.121.45.in-addr.arpa udp
SG 103.10.124.5:443 cmp2-sgp1.steamserver.net tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
GB 162.254.196.80:27020 cmp2-lhr1.steamserver.net tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
HK 103.28.54.101:27019 cmp2-hkg1.steamserver.net tcp
HK 103.28.54.102:27019 cmp3-hkg1.steamserver.net tcp
JP 45.121.184.20:27038 ext1-tyo3.steamserver.net tcp
JP 45.121.184.22:27033 ext3-tyo3.steamserver.net tcp
HK 103.28.54.100:443 cmp1-hkg1.steamserver.net tcp
JP 45.121.184.20:443 ext1-tyo3.steamserver.net tcp
SG 103.10.124.4:27018 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.5:443 cmp2-sgp1.steamserver.net tcp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
IN 155.133.225.21:27038 ext2-maa2.steamserver.net tcp
AU 103.10.125.156:27033 ext2-syd1.steamserver.net tcp
US 8.8.8.8:53 156.125.10.103.in-addr.arpa udp
US 8.8.8.8:53 p2p-lax1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
SE 162.254.198.104:27033 ext2-sto1.steamserver.net tcp
SE 162.254.198.44:27033 ext1-sto1.steamserver.net tcp
US 8.8.8.8:53 cmp1-sto2.steamserver.net udp
SE 155.133.252.68:27019 cmp1-sto2.steamserver.net tcp
SE 155.133.252.68:27018 cmp1-sto2.steamserver.net tcp
SE 155.133.252.68:443 cmp1-sto2.steamserver.net tcp
US 8.8.8.8:53 ext3-sto1.steamserver.net udp
SE 162.254.198.46:443 ext3-sto1.steamserver.net tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 44.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 104.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 46.198.254.162.in-addr.arpa udp
US 8.8.8.8:53 68.252.133.155.in-addr.arpa udp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
US 155.133.229.20:27023 cmp2-fra2.steamserver.net tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
DE 155.133.250.4:27020 cmp1-fra1.steamserver.net tcp
US 8.8.8.8:53 cmp2-fra1.steamserver.net udp
DE 155.133.250.20:27024 cmp2-fra1.steamserver.net tcp
US 155.133.229.20:27020 cmp2-fra2.steamserver.net tcp
US 155.133.229.4:27023 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 155.133.229.4:443 cmp1-fra2.steamserver.net tcp
SE 162.254.198.46:27037 ext3-sto1.steamserver.net tcp
US 8.8.8.8:53 4.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.229.21:443 api.hcaptcha.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 p2p-fra2.discovery.steamserver.net udp
US 104.19.229.21:443 api.hcaptcha.com udp
US 8.8.4.4:443 dns.google udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 104.19.230.21:443 api.hcaptcha.com udp
US 8.8.8.8:53 cmp1-mad1.steamserver.net udp
ES 155.133.246.36:27018 cmp1-mad1.steamserver.net tcp
ES 155.133.246.52:27018 cmp2-mad1.steamserver.net tcp
ES 155.133.246.36:443 cmp1-mad1.steamserver.net tcp
FR 185.25.182.20:27028 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
DE 155.133.250.4:27024 cmp1-fra1.steamserver.net tcp
FR 185.25.182.20:27025 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 52.246.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 p2p-par1.discovery.steamserver.net udp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
GB 104.82.234.109:443 api.steampowered.com tcp
JP 45.121.184.23:27035 ext4-tyo3.steamserver.net tcp
JP 45.121.184.22:27025 ext3-tyo3.steamserver.net tcp
JP 45.121.184.22:443 ext3-tyo3.steamserver.net tcp
HK 103.28.54.100:27021 cmp1-hkg1.steamserver.net tcp
HK 103.28.54.101:27020 cmp2-hkg1.steamserver.net tcp
HK 103.28.54.100:443 cmp1-hkg1.steamserver.net tcp
SG 103.10.124.5:27020 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.4:27018 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
GB 162.254.196.79:27019 cmp1-lhr1.steamserver.net tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 8.8.8.8:53 79.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 162.254.192.98:27020 cmp1-iad1.steamserver.net tcp
US 162.254.192.99:443 cmp2-iad1.steamserver.net tcp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 162.254.199.184:443 cmp2-atl3.steamserver.net tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 8.8.8.8:53 cmp1-dfw1.steamserver.net udp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
DE 155.133.250.20:27019 cmp2-fra1.steamserver.net tcp
US 8.8.8.8:53 36.253.133.155.in-addr.arpa udp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
GB 162.254.196.80:27019 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.80:27020 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.80:443 cmp2-lhr1.steamserver.net tcp
FR 185.25.182.52:27023 ext2-par1.steamserver.net tcp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
PE 155.133.244.34:27025 ext1-lim1.steamserver.net tcp
PE 155.133.244.50:27022 ext2-lim1.steamserver.net tcp
CL 155.133.249.180:27035 ext1-scl1.steamserver.net tcp
CL 155.133.249.164:27028 ext2-scl1.steamserver.net tcp
PE 155.133.244.34:443 ext1-lim1.steamserver.net tcp
AR 155.133.255.164:27023 ext2-eze1.steamserver.net tcp
AR 155.133.255.164:27019 ext2-eze1.steamserver.net tcp
BR 155.133.227.50:27023 ext2-gru1.steamserver.net tcp
BR 155.133.227.50:27033 ext2-gru1.steamserver.net tcp
CL 155.133.249.164:443 ext2-scl1.steamserver.net tcp
US 162.254.199.184:443 cmp2-atl3.steamserver.net tcp
BR 155.133.227.34:27032 ext1-gru1.steamserver.net tcp
GB 88.221.135.34:443 tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
US 8.8.8.8:53 149.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 20.189.173.24:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.170:443 www.bing.com tcp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 crash.steampowered.com udp
US 208.64.203.140:443 crash.steampowered.com tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
DE 155.133.250.4:27020 cmp1-fra1.steamserver.net tcp
DE 155.133.250.4:27019 cmp1-fra1.steamserver.net tcp
US 155.133.229.20:27022 cmp2-fra2.steamserver.net tcp
DE 155.133.250.20:27024 cmp2-fra1.steamserver.net tcp
US 155.133.229.20:443 cmp2-fra2.steamserver.net tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
SE 155.133.252.69:27019 cmp2-sto2.steamserver.net tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 155.133.229.20:27019 cmp2-fra2.steamserver.net tcp
DE 155.133.250.20:27023 cmp2-fra1.steamserver.net tcp
US 155.133.229.4:27023 cmp1-fra2.steamserver.net tcp
DE 155.133.250.4:27020 cmp1-fra1.steamserver.net tcp
US 155.133.229.20:443 cmp2-fra2.steamserver.net tcp
SE 162.254.198.44:27022 ext1-sto1.steamserver.net tcp
SE 162.254.198.46:27030 ext3-sto1.steamserver.net tcp
SE 155.133.252.68:27019 cmp1-sto2.steamserver.net tcp
SE 162.254.198.104:443 ext2-sto1.steamserver.net tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 162.254.193.75:27018 cmp2-ord1.steamserver.net tcp
US 162.254.193.103:27018 cmp1-ord1.steamserver.net tcp
US 162.254.192.98:27020 cmp1-iad1.steamserver.net tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 162.254.192.99:443 cmp2-iad1.steamserver.net tcp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 75.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
HK 103.28.54.172:27031 ext6-hkg1.steamserver.net tcp
HK 103.28.54.102:27018 cmp3-hkg1.steamserver.net tcp
HK 103.28.54.102:443 cmp3-hkg1.steamserver.net tcp
JP 45.121.184.23:27028 ext4-tyo3.steamserver.net tcp
JP 45.121.184.22:27023 ext3-tyo3.steamserver.net tcp
JP 45.121.184.21:443 ext2-tyo3.steamserver.net tcp
SG 103.10.124.4:27020 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
US 162.254.199.184:443 cmp2-atl3.steamserver.net tcp
US 162.254.192.98:27018 cmp1-iad1.steamserver.net tcp
US 8.8.8.8:53 p2p-iad1.discovery.steamserver.net udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 162.254.199.184:27018 cmp2-atl3.steamserver.net tcp
US 162.254.192.98:27019 cmp1-iad1.steamserver.net tcp
US 162.254.192.99:27020 cmp2-iad1.steamserver.net tcp
US 162.254.192.99:443 cmp2-iad1.steamserver.net tcp
US 155.133.253.52:443 cmp2-dfw1.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
N/A 10.127.255.255:27036 udp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 41.117.19.2.in-addr.arpa udp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.117.41:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 151.101.3.52:443 shared.steamstatic.com tcp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
GB 2.19.117.27:443 steamstore-a.akamaihd.net tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
GB 2.23.210.75:80 r11.o.lencr.org tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 23.192.21.216:443 store.steampowered.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 2.19.117.4:443 tcp
US 151.101.131.52:80 avatars.steamstatic.com tcp
US 151.101.131.52:80 avatars.steamstatic.com tcp
US 151.101.131.52:80 avatars.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 8.8.8.8:443 dns.google udp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 8.8.8.8:443 dns.google udp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
N/A 127.0.0.1:27060 tcp
GB 2.19.117.4:443 tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
GB 2.23.210.75:80 e5.o.lencr.org tcp
US 8.8.8.8:53 steamcloudquincy.blob.core.windows.net udp
US 8.8.8.8:53 steamcloud-us-east1.storage.googleapis.com udp
US 8.8.8.8:53 steamcloud-us-west1.storage.googleapis.com udp
US 20.157.180.96:443 steamcloudquincy.blob.core.windows.net tcp
GB 142.250.179.251:443 steamcloud-us-west1.storage.googleapis.com tcp
GB 172.217.169.59:443 steamcloud-us-west1.storage.googleapis.com tcp
US 52.217.135.226:443 steamcloud-us-east.s3.dualstack.us-east-1.amazonaws.com tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
FR 13.249.8.192:80 ocsp.r2m01.amazontrust.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 2.23.210.82:80 e6.o.lencr.org tcp
US 8.8.8.8:53 59.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.135.217.52.in-addr.arpa udp
US 8.8.8.8:53 96.180.157.20.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 5.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 26.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 192.8.249.13.in-addr.arpa udp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
GB 162.254.196.23:443 cache13-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 162.254.196.26:443 cache16-lhr1.steamcontent.com tcp
GB 2.19.117.22:443 steamstore-a.akamaihd.net tcp
GB 2.19.117.22:443 steamstore-a.akamaihd.net tcp
GB 2.19.117.22:443 steamstore-a.akamaihd.net tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
GB 142.250.179.251:443 steamcloud-us-west1.storage.googleapis.com tcp
GB 2.19.117.157:80 www.msftncsi.com tcp
US 8.8.8.8:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 8.8.8.8:53 40.113.111.34.in-addr.arpa udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e11c77d0fa99af6b1b282a22dcb1cf4a
SHA1 2593a41a6a63143d837700d01aa27b1817d17a4d
SHA256 d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0
SHA512 c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

\??\pipe\LOCAL\crashpad_4552_HAVLEAUVRWOBKJYP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c0a1774f8079fe496e694f35dfdcf8bc
SHA1 da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3
SHA256 c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb
SHA512 60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f36e9c0bcc27d2a7fdf24c007f7d71f4
SHA1 408e19a6f557077003b07f9c6ef8df653ff3672e
SHA256 0b7f6a702afb6c4401b7d69f90d74bd438dbcb410013671e248b25da473e9524
SHA512 105d8ae35d8975186b52ca1b6cf77a6fef0f56de50ace1613c5045a452c8e4a4e6f0506c19bef305687885327b36bbfab031d35abcc58a3869d537c9d4c889b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6a9dc8c87041b0c4d378d93a62c2d68
SHA1 0e58be6d821ab1882a80f6b605bae6f842f07f0e
SHA256 603334bf911a5f1a7f11ca8ba94b3a4e773ea4d28bf85ac0815b3165524f125b
SHA512 633fdf0ee9894a08d8c9542dc2b2d1ac002a8fb8a8ca3fd653f59a2d04c0c4e3e8dd5d98aab19c8fad74f99610b6a1f3e95bd2d8d02b580cd14ff33ac2976fab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 548eda48d4a52ccf1d5ffe1eac5871ee
SHA1 3b036ab27b9d73fb8eaaf62dadaa0cd8c0ee6b91
SHA256 3fbae20c125deb803caa9824e19cca8cdf3120dbac52a064730afaf94e39b5d1
SHA512 59ac4fb637aab950d4a7aac1d75591392589d7c2a3ced1ceb99ae6e5990a5fd8e620ca210635e6ef282659cab8abb98952d555256efc9eb5039bf82a95d82535

C:\Users\Admin\Downloads\Unconfirmed 316939.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cfc8aeb0ef7c81c6629f15e0dca1c369
SHA1 a0490888ecef7f587d0b4c6c278a0dc8c02bd86a
SHA256 1954087fe84253d103c55add930688a43913a55fb05208d14f01de87bffed369
SHA512 1879b1426cd4d39e2841043f60c4b25927762d8ee7a44247857d948bb5c014b5cb2bc81b2a920dab03df335149d80cc8e491ed02769f4d63ff06339f730b6a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04342552ebb05358400860b578bbbc94
SHA1 4b3c478192a1ef9e50cc3ca09eb0854cca7fc2e8
SHA256 803c3b49b6884d3907ca6b51c376b8bc43f2eb7a024c93867c458bc38c144278
SHA512 719d9ba36a01b4c72f57f2589d03844945c139d4e7ffc11542fb0cbb803e1abf4f012395e12e9594f1ffa62a60c0739a43ddb2e3902be18089a21512cdb43aaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f220.TMP

MD5 bfce4853d9c2dde2e4325d7478d0b13d
SHA1 fd74c0a1bddeb847c08312ed374d3c45fce9f2a8
SHA256 d4d1697382006641e218e79fd272de2331a3d3b3936cefea73a55874e14b1be0
SHA512 e814aafa9c167a2b1e7a3e18b50845d4a12dca758d462ab702ce8f61465325a4597dcae6f9b9c74b5fa067c7015f15d49e5a936cc333c98a98d44c0992207d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 47e4770ddea81633c6b432e16cd461e2
SHA1 33d61a303d8c61ea30eca89715360ddef9905b3e
SHA256 2b815f4701318b8fec52c5567526d9d4c2cba0f840829076699b0feac9b65bf8
SHA512 7c35fd5a6a4832c3b2cb560b2a34c493b5a43029c7f107d51fe60ea73955037b78b6efba7edbe30caf916cae2fe84eb8dfca56ccaa8ea3c5bcdb6d674de0d665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f94c5b42a3083a3bd23ec1f33af09d31
SHA1 818154ad88b468daed5ad4c6c5e368b005729da6
SHA256 cec9389c34922520a6febecdf12b1e7ba89220a69972ed7b04c7a88b55177d29
SHA512 2cb3f44b773e9f6acf7503b759046d64dbb72cf430f2b014f377d64dd6fd61c8f5088935e1c9546d2d2d7d817f82edcb150ddcfe24dd075dcefa2a70b3ef2c38

C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 af4a8488720b6732803eac09e4a6df41
SHA1 47831f515646d0d60acaecbaf637284526f1fbdf
SHA256 5bac523f6d7f235d7c9c92ffe2f6522e35fc24edeb0c194d105f9efef975d479
SHA512 edcd0f9617c990e0e784088f7114a94bb083f834d57dac6179d0d4fe7499b65f926a1225208bd5dd72d898919ef6e8a2cc5aeb1c06ab0664745bb43c4884853f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f9356a68979a3c69da30fe375932e7a
SHA1 442684054fdfef56afa460e9e685b64b73a0c74f
SHA256 8c3b1ea9fcb3e976f2988733f08d99218a6f60c54fa39cebfd6e560a40f0596e
SHA512 36e1bbd7f0e9e117860727fe083b68165ad190ebc835458598bd265ec1d59d721018cd0ddf7d766128e3b96ecdf0a5412241c1e0e276c19bdfe58dd5d8031a76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3c55d5983ff3114e3c1eaaabbb1603d
SHA1 b50ae837b6888698c791b3247e127d6566b4bd0d
SHA256 090b4e1ab42873ae97e3b71ad5213cc9f680f9d89b028de91c59d8284875be77
SHA512 06ca39d39f815f2893abf010cef3c68fc2f107dac1253c2b661c098413a861513c38c41a759d3565ea7d3f91dbb8953fe87aca64812d39841345d2397f13d76c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b84102ee8a9bd9c67d11e55a7a97dfeb
SHA1 09feb7d54bf18929865fa2f316a9c2c138a257a8
SHA256 f29e0ffe54d8e0060fbb231e039c67cd6e0bbd9de05874b1b1bc4a49c7eef160
SHA512 72ba2871b2d0a46067367bf66cf1e712aee2407cd0c30e698d684819361e157334f7d3f24132ce7a45ff487d75b45763977b5673955e0f63e3701b4226666051

C:\Users\Admin\AppData\Local\Temp\nsx304F.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsx304F.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nsx304F.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsx304F.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

MD5 f350c8747d77777f456037184af9212c
SHA1 753d8c260b852a299df76c4f215b0d2215f6a723
SHA256 15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185
SHA512 efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

MD5 cadd7a2f359b22580bdd6281ea23744d
SHA1 e82e790a7561d0908aee8e3b1af97823e147f88b
SHA256 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99
SHA512 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

MD5 29f9a5ab4adfae371bf980b82de2cb57
SHA1 6f7ef52a09b99868dd7230f513630ffe473eddf8
SHA256 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f
SHA512 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 53f7e8ac1affb04bf132c2ca818eb01e
SHA1 bffc3e111761e4dc514c6398a07ffce8555697f6
SHA256 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83
SHA512 c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 194a73f900a3283da4caa6c09fefcb08
SHA1 a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA256 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA512 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Users\Admin\AppData\Local\Temp\nsx304F.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nsx304F.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

memory/4780-12959-0x0000000000780000-0x0000000000C32000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

memory/10520-12996-0x00007FF8639C0000-0x00007FF8639C1000-memory.dmp

memory/10520-12995-0x00007FF864260000-0x00007FF864261000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Program Files (x86)\Steam\config\config.vdf~RFe5a2992.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Program Files (x86)\Steam\config\config.vdf

MD5 3e7c2d80d26b31d010e8e8dba561f5e1
SHA1 6fb2f3c092c24950f7a0752352797bd9a101a131
SHA256 7b163ddabb049441be82532773e83648450720102dfebb7893bae56b5b79a90f
SHA512 acca5a269aa31e6038f03753cf30a449a887ea8d8d40e5786f68ea184e1424b3741fb80330382b8b06eb72b8c7678d6f48d0154fcf55152c875e4f3826d305c6

memory/9784-13101-0x000001F2D59A0000-0x000001F2D59FD000-memory.dmp

memory/9260-13100-0x000000006E400000-0x000000006F741000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

MD5 45886a6a9aace3fad669a79bc3191ce5
SHA1 c24b4a569c0fee533ca9db199feea061ccda03f9
SHA256 99d8caa7d664ce601c1e90e2b94cd63c6c5ff70f3d9871223f356f89341a43a5
SHA512 2dfc402d0c3f39bac280ea49bcbf9edcf7d849c23ab97422ddc0c46d2a18250e90bc66a6a407e437defa1eff3ea745ea657fc2a21f6211525e35a560a31c59ff

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

MD5 9fa060a599b0ee1912f2073ed59df3c8
SHA1 eaaeef616747d09506c6ed1d96901d2c8d1ad4e0
SHA256 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c
SHA512 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

MD5 544a6e4b1b34c5132739a0d2ba39b18d
SHA1 683d474bf1ef4998ae5e37bdd219f34f15a12eb5
SHA256 369ca10d1b319a8fb94a6cd6143f4a524833faec18688d733508dd2c4f6db7e1
SHA512 efa73011d5933b27c23282e0e3caaaec3485d6db3b92212106fa6636b18365704904e7cc444a8b51d0e32d3a29c13e1bc2dc296214c492675b912de85824d4c3

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e

MD5 af5256dcf1ad35a9c186d180372e992d
SHA1 d3f93c5db0aa41589e9d525624ff518c9343b459
SHA256 035328de83fba90fccf87a4c8ba797fd4f841b08a7b5cdd8cda582a396daeb86
SHA512 2934d2de8cd9fbe94b0b179d7a460c2e671f726c1f93e3a04cef15c52ee437f6c3810c2402caace0fba2225f1d727dd3178630ddde83c51b55a3fae8b49d3637

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000f

MD5 d285b525b70a051564f76ca71504e368
SHA1 333744cde9de37b4936c98e90f5a38b1d90af845
SHA256 bce39f57831630e2ac08ef2cc9bcb6cf6395149ebe4c487bd136cf8881591637
SHA512 5739f18afd9c2f07723e4e1ed9526d90ac2e541284a57efc51b464e0eb3f9ac7ebb58304d453d300e98110efb881ef0d3f8673847f01162bca0b02290c1cdfdb

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011

MD5 daf4bc548bc47e46ac4221c35e57b3e6
SHA1 232e6919b20457c5564cfb4d5510582a15073b27
SHA256 d2efa5f3652a92740b4f9349f4fdcfa550c0564f99c8eec357518b6ae8c9ebae
SHA512 45125729ef6cc2fe403545f096872b0470be4d932da283aa708ff9323fa0da18157b586efe7243aaa30480c0d7d2bd0606ce78644beae976ca81c350e134ff36

memory/10520-13169-0x000001E777B00000-0x000001E777B31000-memory.dmp

memory/12984-13171-0x000002610C850000-0x000002610C881000-memory.dmp

memory/10040-13216-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13218-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13217-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13219-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13222-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13225-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13224-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13221-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13220-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/10040-13223-0x000001F95E3B0000-0x000001F95E3B1000-memory.dmp

memory/9260-13228-0x000000006E400000-0x000000006F741000-memory.dmp

memory/7468-13235-0x000001C389800000-0x000001C389831000-memory.dmp

memory/8016-13236-0x000001FD3F4E0000-0x000001FD3F511000-memory.dmp

memory/9260-13237-0x000000006E400000-0x000000006F741000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 602c49f9246967bdcff45b4f43cf2fb0
SHA1 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d
SHA256 a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114
SHA512 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5a9be3.TMP

MD5 68b20851ccb9834d21fb32615e42bd43
SHA1 88fab935f0b9484994097c08f785e9ecb7d68127
SHA256 a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f
SHA512 dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 6d6bff8d4dd0a15ada2f67bdb6f04bc9
SHA1 3cff423940541f38caeab83f9e0469eb6a8f0528
SHA256 329b78d2219c8d2e14c6f060233c8f39580afad0b31cfeb8989cbb4da8138bc7
SHA512 151bda9290fc03cf9d292581deae269f88386b5465e92a23ce9963c1973a1cc1944a9af349f5f07836cee12554c0375da758ce84bc0a7ab8ea5e9b51095d9364

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5a9c22.TMP

MD5 f1779f985affcf833bdc49bedd779aaf
SHA1 68be26c2cf085e0aaacae4053fc69f42dd4c8aa2
SHA256 57791ac0a3cbb5869284b28537180beca0282090a6664773cba3d11bde2debb3
SHA512 107fee46a7de4c265ffe0b12a12ffadfb5e7056a5dd4fa59163495a23ac50159ba4b2ea4e5e2217497f62bf7a30a1adcac642a59cabbebab7fb255be63b20611

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5aa3a4.TMP

MD5 6b8f39e562de6327b769f139d02e41ca
SHA1 05cf08712c0ca1891b232399d700bf643c20ac4c
SHA256 6290e4a64ff27e6e00a9dbdd28643ee80f4e7f6de6aab73ba999b7dc420cf08e
SHA512 0ec3c0c61968d38e08d5c098d13813a0ef94aa315c8578964bb514e90c73dd6ed795fe8ad4f7a92477c5db4e9dbb6a41c2ab23b39051fbd3279598f8c5cbe777

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 0db170026e24977562053d63700d36af
SHA1 5017604336a0d5eeaafc6305d4830893ba5f23d1
SHA256 f722c78f41438690f6cebce78e680d67152671e21e6afb165e7e9168ada282ec
SHA512 5016ebf8071d6b605bb41d130178fe828f80afc30a4ac725e904994c5ba5de3e364897c2844d9f698fc74fe4c1864424f82c25b29db28bc4d014ff1c814d436e

memory/9260-13270-0x000000006E400000-0x000000006F741000-memory.dmp

memory/9260-13276-0x000000006E400000-0x000000006F741000-memory.dmp

memory/9260-13282-0x000000006E400000-0x000000006F741000-memory.dmp

memory/9260-13289-0x000000006E400000-0x000000006F741000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 6886a32af9462b51b0b38501148b5758
SHA1 0e16bf4d8c201e96d37d5a2137ca6c971e051988
SHA256 157e30508e45b80922115a7b4a31619b7a2234c5bb0079dfd2b175a97c53a766
SHA512 286439d92dfbd40d7f2daaa253513a2ff96a7c5a43d118cdcec0b48468fb59544c1706984d1c85abf9e89fe3de06d850b705cd5e15faac611f141b508a1376df

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b36eb.TMP

MD5 3e74660230b54b98958ca7e776ce6b69
SHA1 a1ce5e9e4f4fd9f96fbb1f6a3caa5c63aa0dcdea
SHA256 20a2273ff32561bb95e0262ad54773b71fee2be305d1408c66a5c31d076c8c2e
SHA512 8645fa0b08e449838a04671004ef6a7aab45c961223a9ab04e32faedd680e5b93f7312237a830b4ff80d7e06a735608a2125a1a9813754af85e6400115aab0e5

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 239fd47d7f255736173ce8daf3a9e207
SHA1 68af0da40ede48ad30e6b3c5409566ec00466c95
SHA256 ee3494eb7addc5fb1bc9e87c71b0062741a3048c7f0c64ee915dc5e825ec09b0
SHA512 901bd52b4b025aa012d7e66af04482a46e6ae098f6cda173e665cb1cce88bee0e37e60fd31a2c613266abf300a9ab2270c6fba5d7d5df013893c91cb77903521

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b4a73.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Program Files (x86)\Steam\config\config.vdf

MD5 bb44d505c0bf7692c3e89850edbffc16
SHA1 7beb0a1e4782a610c5bc56ee050e8c2bcd303a32
SHA256 686c2cfdd7df53cef770c4b1140613dccc439c1ece00774005c066984a3e7df4
SHA512 a22adedd0cc174c3ed2a693f350c972017a966bc514ffb928a070a56b0839d36678de8ce60d47097d5bb146824ffca16359c2079bd702a345acfe8612949187b

memory/9260-13334-0x000000006E400000-0x000000006F741000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\manifest.json

MD5 2ff237adbc218a4934a8b361bcd3428e
SHA1 efad279269d9372dcf9c65b8527792e2e9e6ca7d
SHA256 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827
SHA512 bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9784_234712922\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 1bb18749210471c6485d4800ef1ff368
SHA1 d1c8dc76b09221ed94e45d1fd843ebf65e45e919
SHA256 e5b36badf4a147c916a54a1129269d223adc44e4ee1e033fba91da34cdeadb04
SHA512 cd89b2c5b9838f7735247cac107e46e93bbdacaeb3151f468f28b44fe9156780c0f5462217e21a1715d37af416a2b2dc79ce745ae14cde52a2de823435b494ab

C:\Program Files (x86)\Steam\config\config.vdf

MD5 29495df06325258530c9611822b8a8ae
SHA1 681f94578a1891e882f62d177c7896c073cc8594
SHA256 f317eeabcfdfcd918beea049d669e8825d0eed7774574a6b9be778767e516fc3
SHA512 320850ce0609bad7e82e129e8e44721dd8e20cf7745aa33c039e5aabe2d435778200d503088603c124adb8e238f10ed0dca93d5f013b9d00c027ae0613204ff9

C:\Program Files (x86)\Steam\config\config.vdf

MD5 fd945a8ad4bc41cb69e634db73f657f3
SHA1 85f786df0c1428b4dbabaf79c5cec73c8da937f4
SHA256 0032638b62cad65db165b8ef013bb4dbb5122feb37a8ceecf08403a74af8bfb9
SHA512 3ccdcb2906bf4d651e4b4bf626f573b2db43cc11dfce64309d601e1d478cc4c79b7808da94b6b02dade6db4d0e693206f0f3c606595b680002351785b1219581

C:\Program Files (x86)\Steam\config\config.vdf

MD5 569584ad29aea8a3b47f6cba708570bc
SHA1 93bf2d23a4fa9946e092a4fa6dc70b168385be02
SHA256 c1fcf2c94320d3fe11e781276d5f05f0a815847b1b20b965d0a85328194ea875
SHA512 edd5cb52aaa3ee69267934dad8d7f2dbd89b3eb1f778694340d5dae9297881cf914b8444f8123aeb178e1dc7367e7108e5f58e8161108e5a858035fa614bdfad

C:\Program Files (x86)\Steam\config\config.vdf

MD5 e441f162d64b4fd65eca8f111ea6fd46
SHA1 fba814351530ae684e70b606bf8c9c8fcd2192db
SHA256 0a3238021d465a0d2a3d74bdf3e6b9112b89d6beb9024c49197d2d6df1cef1bf
SHA512 dc822f636e1eb300dcca35238283f83936b94930bc17dfa476a2c64208db895634403cbdf8b09be5ed1c44dc05804ada6e9c39fe6b95a72050dea294276d6f4a

C:\Program Files (x86)\Steam\config\config.vdf

MD5 f1b909ab77b44a4ee246302ff67e8279
SHA1 2a16a92547cf0fbf5424d719f15206a5025c04b9
SHA256 36b9bb26af0585bec8685c148f405103355e53596914ce5a778eb4b49a4061a6
SHA512 f25c43e2e2cfa623954b5725fbe4e157e14f66726ea9776dca4ae323de334ef37dc0bad6ad60c4e762d2cfbcc2173af74225635542452389eb907be04b68b2eb

C:\Program Files (x86)\Steam\config\config.vdf

MD5 37fca5d2fdf9eac109784938e1be115c
SHA1 150c3430adaa9884db725f518a6c954fb3082647
SHA256 9a4ca689ee16173d8f686d9e7c061faf6ae547a43b4d347d07f9fa5c81c642e5
SHA512 268e4003f9f4acdefde5e494a453216c29585b73f9399a1feed5c29b62b57eaf1ad803d869a899218465fb2547375fd6851e39d7ba97ce4696260008f57c51a9

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 444596a0e400a128f7b9270c75f81f84
SHA1 75290fb3be5f9b00e4ba66d62a71e83312643d95
SHA256 afa9e1b7db8d3466ad9d0b8d83639bf4489da9583d6a699fcf6ae105d3a33bb8
SHA512 2fc54ffe05f235e3dcb589923841bde5e8140b5042cc42c2fc8411b043cffd4de5ccd4ce14421969a76232d8920a7d1798174113137d30703b58d8ac7144436d

C:\Program Files (x86)\Steam\config\config.vdf

MD5 1bd8f5c76a779249278b70f69b4794c8
SHA1 bd0fd9a78cc2f19557b8d7e068738a1a59ad35ce
SHA256 4905d492b59c71896fef2ee7fd8dcf3c5d83981e7331c0b890f023903afe865f
SHA512 642d986cec868494d3644b36813bbae77ce89962b2036f0d75c87dd446fe37dcfd61755a986a49d49514af35efa92f3ad9728f108b780e4b15ee00b531966c34

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 f2606eb28c4d41e5eca7f3cc881b2ece
SHA1 e9ca85aa1b45e94525f3842aa2e931c2536609eb
SHA256 ec1985abd5408c61f59c5455af3e3c9228befb786c747cc64d32eb4a62d3b59d
SHA512 34fc5307c0ae71aaecd481ff7aa9b404a35e42e1a3926eb65e3fe6eaedccdb0a7263ad271e96dbeb158f1ade83a4574096e893d68e6a7bdc477a535ec6a270a4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 e71a2a2fe1f8fe7484a92ba0d61f30c2
SHA1 aef883d13d98833ef8ab853ec05b4d0fecb3545c
SHA256 a9d5a017498624b05190d557579a148ecc1e0966f0421f22a7f7cc5a9b995462
SHA512 3d5d398ad389c11e22bfb53d2cd560bf75bfa2ceb6e3ea6a5d4aad170b040f0f151ef28b362ce5c12622a6c01eb566947372f34032bdf6e4ba9db667c885b9ea

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 3ad1147527a56fe40ecadcb5e5101c9a
SHA1 7b0b31b94413cff202c17fd4b4a67a40648b35c6
SHA256 0ab0a258a10fe716afdc20ead1037a420875e966e4c2e0b10c558062be1b4d06
SHA512 f3eb52279e9bc3fb9d3e665c0fdab1156dd246a96ecaa23af18cba8178632d7d569c72a24bf63dd105f1ad38b4ad4288f9e68a8fff01e953e5be56b205616cc8

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 748049dd35bdb652d20e237fa065b825
SHA1 84606b00a6dc0396a992ab8682cd18e5d760f1eb
SHA256 6c2f29f58c717d377966d3f421a1e3f74dc5d4cc97db47eec989ba758e7b3729
SHA512 e851e48a458465d803194e9c7b34b64b7d9a35cb9726517952e8831f282aa452d98b4ea6003e2ef5c069ec80861ea1edb1d1166c32b057a5a95f1c74415827b4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 d6c0eb0b9a22d4768e38ad7c56a2b59b
SHA1 4a4f43c7826f0312e9b1a6a86fef08b851094ae8
SHA256 029a1d54193b72b43a25a49046b9796faeac2433bb7123f11664628aafcefcb4
SHA512 98b2bfa9c5270d1d26cb20d462d3941b58f208b0000d65799a36d9963271588da8b7af646926d19b3b9e7fcc4d55e5027544041844be69bb35c73146b83a8090

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 783c7606a9736043115c940a227fd45d
SHA1 e2e2a716159bb0723706f5af537279a24eb151f1
SHA256 a7f3e22f240b239d5147daecb27e6f8dcd9032021c10c27b88f153fc5eed009b
SHA512 14e67a7ba9a7265f17709bac38a09148b087ce6f8e1d82f9d38f840806e2273ae8c857bc42262f165f763d6754b98fc16d394387576c276c780adeb0592c09e5

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 318db031247a915ada93a0ed4e5902fa
SHA1 0f6c44074fa9239eea712faefd8d96978060e687
SHA256 3e5b86b0f061a40a6b71e3739cb30dd6217834c5401dc9f6d71ce83b622c6592
SHA512 15fd3d7967efc1b03c2a3e313e91a10ca155522f91c6d51dfa66bcf09e31bcff435ed6de52f4ffa7e38237155669c3a1931030c5d22575c57cb07b829c468f30

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

MD5 190eba47c2a18464f7f3287b9807b800
SHA1 6897d78a779a16c68c373f1de5370acae23c2483
SHA256 75e051e989f7d235bdedefa513d8b3c1f47bcb87dd86ea3c63dfb45f142a2ffb
SHA512 8c4ee0b9160b48c9555aeab880065b0099d15de959ac30a80bd539eb7fa2b95e3132a16bbe03e576e84d967455d4af25b47aab3b2ae8fb782f8bac34b8d748fe

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 6683f23234cd21b22492f2e6c5cfeaa0
SHA1 8ca9ac0bdf8feb58b136a82f3b39e169a046fe73
SHA256 b42d414d04dd0457a47dc6b54ef22a450fef2b0d0f6a12f57f5bb79330595311
SHA512 54b48abe21bff1e180391f8d66c60e640de2ca47bb8458940b66e5efc0d97b851dcc263df35adf5a12961818fd7723e4090900d9f89004de72ccea646e2f5239

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-index

MD5 c390d5edcb40d86af824e8e905ad23be
SHA1 9dab8b95e9a3de0915248f675e8f139646cc997e
SHA256 74ca1bc01f2c81f875e22c4c546c5d0cd66f0c4569e78c5d5012e99f2dc8d753
SHA512 26fc2fdf4a02b8f588c6053835376d1ac8d8340b4c8ce0e798ed396dced9a13bf93cae88fb8a4a7c7b2a6851a3bb3f738c9fc04f282efc0d94d28130f47ccb7d

C:\Program Files (x86)\Steam\config\config.vdf

MD5 ac1f36a1fa1ff3ebda034f4f62a6f5ad
SHA1 8b57ae402e0d41e08e2033906ea3db46c4895bb5
SHA256 5c72014bc6d94e764ffb365b47af3ce5ee59229829339902dc934796722698a1
SHA512 945eba198674dc400d38f8ccb9b6ada1312124e5dd15e2ad1b3e276444c2c36b1f06552cd79a10acccbe33f1fbdcf45c5e7bdfaa5f3d26ac54528fc3792dbcd4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 cdf76ba35fba1a6e8cee7d00cb6a3c16
SHA1 abf3ed8c7f4d3061f5e7f601136945a1ab2923cd
SHA256 0ffa2fb0fb2565590fd5c10ea07b9628b45016796380463a68e7c5eabb07782d
SHA512 5088cbde7b4fbd9e0ab4b595954989c1feb9958695d8c99726017ec61e8b309b3d0d3577a7c37f0f0abd70fac85d3fcd23c680e958918377b0706a806319f95e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 f2c0d79c7e575332ff92b99657c0488c
SHA1 1560e2ad97d61765e6248a2f12984b7a4f69c1c6
SHA256 e13c783bb5f2449ec9bc3b322dbf40df2ccdb81ab377ae7be06aa1810f987227
SHA512 362d8d082da74eedea7317f349b3e3773d5545def70ca75d638848832a73924adced48f5761bd8b6748c1475680d7576e4a10b7a3e9b303fc4bc6cb76278cfb4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 ca916891082674ff321895448bd8a1e8
SHA1 601dd1be8230e6f4640e1d6084037dcb252638da
SHA256 63b6cc0dd2c494936121e89efae75f090f48bfe37cad4e730939a301350f15b0
SHA512 bc53b723da2a083b0712dc69571a1e96497fbdaea05d8968e1330eb71ca3ea70b53f4517e45cd1a54ef48bcd15ccc69631900ec982b46f6b57c033c5f4db3b89

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 a741cb5850c2ec3bae2f496c2b3fae3e
SHA1 16398aa788e638ff49c01686f58b3bfdf486433b
SHA256 657bfc8118b709451a84bba1885b56c2ce10d08ebc00511279bf378cccb4abec
SHA512 d292859e931b8264c808f700dcdaf6768abb69f60d8618b1cc84ce61fcdb88a65d9a507a410ba07ea29c6d774bbe37857662d1ec20e62bbbbce11063c4e230fb

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 ec1598bedcd7a1c2a3c4f74fda3a75ab
SHA1 c7b7d5d4eb8846d06a2b53ab61cddfab48ac9f62
SHA256 cfd45487e18d0ac582947fda56c75480e6943c65acb1c0715f05d03ab4aef21a
SHA512 ec82a1bcc39f117c95685751bdfbbddccb10799487726cd89fba49b6bde57cc736a50c1f22c00eb9c8dce52d9474f542296e62cfe0689ed88e1dcba59a567a05

C:\Program Files (x86)\Steam\config\config.vdf

MD5 d30a693e6cbfc24fd2097be1b0329c79
SHA1 f8aa25a6d2b03367363fdf0487832b5fd7bf79e0
SHA256 edd882fe90f7d9281db9bc44b77d721974ed1b20cd150453c71057b45c945859
SHA512 dc8b030def59a13991f984df1b0ff3cc4e295a0fc80384496e1b9f54427ed1f0a3556df4685419816bf107837692febeb56084306c15424f07cd3ffd9586ff0a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 80f9696d4357d11b335e6786df05ef43
SHA1 f22a8a120825a0dd082b04fa1a8c9e5b09778142
SHA256 85f5c9f08c2dee641672ba5f678afbacc13f58fcea3c48e5e55240661e69d0b3
SHA512 eacca78c59df17fe923d1fbe1e4f3b7ff3efbd7d4eebfde6edefdca4b010c6fc5b32f3183cfe1a4ea1170680e4bb4e84851c07de6b8d406c65d8f0e0307d7745

C:\Program Files (x86)\Steam\config\config.vdf

MD5 34a3d1eb43087310da82d771edba61ec
SHA1 db4b35398605b07d1de671d49b12e00bd1b41713
SHA256 9756ee3f4b39816feb661cbfcba20c00a502ff160f5dc7f96e101c04af540a0c
SHA512 b3e23fb56fc5a3edf8da18a06c239b50f9074effd4fdb5414dc256e4b1409d74726ca0e5b3a24cd57d5fed119c8c8845153fc429ce253f918386ce54f66fbeae

C:\Program Files (x86)\Steam\config\config.vdf

MD5 f9bc647ac78901de1b244d82b475eacb
SHA1 9c36fff750b8e6c062f7b5e2966ba89f0fdcf382
SHA256 278b9186c1fd5d67bd1f189ba92b94c6553bd55eb2cdc2539fbb6a1e375c0282
SHA512 c96e46f75480067cae4dc4f47f33815f1b408426636c289200f5b654fecf66aa9431fbe092f558b8bc94dc9d88ef4e8f101e532a94d6a4b63b0e808fa8ab5b4b

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\4169c757-90e2-4b8a-acc9-f89953e67154.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Program Files (x86)\Steam\config\config.vdf

MD5 731d506cd674f4fb8b2f6c2d2bc135cd
SHA1 49536bc28a3a1423706f7fb069a4eee1d9b010d1
SHA256 8b9e6a4f7cb1aad7baf30c879bccc4e6fb29f4013879d46407900a3c695d6f1a
SHA512 67724cd90e5c441806ef8612a6b7802b2dc35ca02c1bba064b0a3d452077d28ff6e65d8acf8160d98be0cc370b989818f9231f37cb13019e03dd00c433f5b9d4

C:\Program Files (x86)\Steam\config\config.vdf

MD5 83e4a9e127e4857bbf017ae40fef1c30
SHA1 7eb428d626e28e73b3238ab08747fd0b3ef3265c
SHA256 3ccaea2a1d1dd90cceff02a5a2907344494584181d6d9bf57529ac3ccf47d48b
SHA512 55e0a2353ec825ca28de6f563010d5315b850c402e00c4abf1b51f3e99c411b03cc4db0f96bd0a2c0d2921a6915cd36a95644a4dcff964ef3669c090cef3342c

C:\Program Files (x86)\Steam\config\config.vdf

MD5 4f7825508fba40e65b432e3d98593fd5
SHA1 f231ebccf21a129ae22903c9d0e0ea635dbfe7f0
SHA256 b1b05194894f46df8929d186e144b9020d4b69574cece388dc01a3457ad3d4d0
SHA512 cf2ab022717433fb2707a2c595316600bfb7e8b78437608bd48953abe9d87eeb6751142e9c87c1cda868a1dfa796e093575d0e90e0b9196376f7cb5dd2dad566

C:\Program Files (x86)\Steam\config\config.vdf

MD5 01f5d7ecd9e6767da2a9f0c490f60052
SHA1 5d0e93df0ea6fe920346a3f143f624051c6a832f
SHA256 d543a84b38c2e2d0354424aaaa3480e8828bcc17e11f74076b8aa4d76a2e4a77
SHA512 5cf4e89078c23b5e49f6be0ecd4a998849c5f261ce7341a87e67f4b971d6bae6464a213a42c2653578a8b7e44f6b7df58b03f1b4d47eabb18d5e68d145993c41

C:\Program Files (x86)\Steam\config\config.vdf

MD5 15418e6d72265c10c199b3bfaf960bec
SHA1 76f116d07d44430b035eb147f814d042fe57d5f6
SHA256 2312bdd739395a3735637195e056609caa120ffa0f65553bf6a3167ee245956d
SHA512 7513f95cea08dc75a8d3f9af1480b66d7e94bc9e02e1ee2ce39843f005bfc12bec1ee51c0c2296ffb71e19c38d5b81023cd76bec326c2e6f1df32dd8d9e30cd0

C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf~RFe6d791d.TMP

MD5 d50a8be6485deb9327fa0362c04245df
SHA1 6a997713254aff5698a375ec03bf31ec1c26a6e3
SHA256 9bbc63c8abb60985dfee6c2223d4a15d4e5b5ff53549052ba5a1558ee0877de0
SHA512 e79119c80fd8500ebf1d1e85dcfe526b270a33785a2be9ddee8fd83cdaebac1675618153d9d9e9b06daed318c11b39acd0378fb493a4a2a387ee0723a31fc427

C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

MD5 374a8f191960f84915dc85e3ae231442
SHA1 2363737edd59202fe717dff3cb41fe62a838332a
SHA256 47cd5bc411c6a040f03a6f692fedd6a27dd2c74c0a5089cf365febb9cdd154a0
SHA512 44f2a90149c6ea8237fb29eb21ce9a5528c94a1c4af13744fec8a6c9a2f313c8e3eb9aa67c187fb0477e9b31ea6ff56f3536ffc5f99d7be95c73c40ef5c10064

C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

MD5 4cf5ddbad5af3fe162321e79c4af975e
SHA1 131ea23d8ca299f2c95f7f20219c982e6dd77f9e
SHA256 219f763c9e5f65deccc2eb44d80adf43b9bbe3e78d628f63c12c12c4dad1e6f1
SHA512 f11723691605e527f9200e0fa526c58a38280fe8ba73db9bc6326cc7f59c9940cd1a9569d73f6759c5b5a23499388d99f411391711f57c64bdca04c0c3aa27db

C:\Program Files (x86)\Steam\userdata\1456296740\7\remote\sharedconfig.vdf

MD5 0b7765037fff002484ff20c37bcfd619
SHA1 c818da256b671d222c493c0762feb9a5603d2d37
SHA256 87e7e6fc1035395b3d5e788996a775c46c94652da5ba980d836d1d8dbfce3e3f
SHA512 b3b49495ba4322414b0c468e8102994767ca6f0656071021c6c64befc70b5ae46351e9cbf67fc85fbc3fe95b6e03766d388c5c9cdaf806af0b9d785318ce004e

C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

MD5 740979efe906407f0a2f1800ba3e1642
SHA1 047149de2ecb5af6b53f11e23da38913c83b36bd
SHA256 cafb5e6821dd72351b81f104914c598b1b994a5247292848a9a3f3b3d04a3804
SHA512 cf90f57df4d50ada89f0e4a99dbec1b5c8f02b65e9a406266292f2599ce4dce9ddb5e7377e8ecf239550ddf10dcf8ec00353295fc1616b288a46c12c5ecbf506

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 da69839c6b8271b65bb160f274dabbb6
SHA1 0c7bf940c7e490ad4c1547723a6c90962fb9d987
SHA256 fa7d17d492ca339058f3876daed4c63d347bce64df1ae2a417517bfa5bfc991c
SHA512 2d5bcd87b75553bcabafc4a86f159f513bd6c3934a2656248de2aca6e8175dbba6d4d726356edf7083b0a4a83b97d2cac6b2329e6ca936795f88c25102f489ab

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 27c10dc29126d6dcc00bba103f072ecc
SHA1 76b828deebee2ece0891f9bcbdf1db98b4bc30e6
SHA256 13422cc02467a8ce5ec4db4cb241d40a2f37f7c552caa9ac2323c6ea808fb042
SHA512 5b2408e31fa47e0473a2b9b8e42ed805223ad3d8953cf4914749e10019abe64983d325c28068fc5f232cb56a64beedeb97f272a7b4fc4506b12fae5f593289e8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 14b6989118d1e1dd46f1c8cfcca465de
SHA1 7dd930fff45ee424ab4b891877a6b5e30c94092e
SHA256 c92f41360520d2672126e89845b3037f2ca2b285cdacf12ab3d8e819b3b829fb
SHA512 ef4f6c838cec4c549d643a3dc08558739ec45c96b9404a03ab192ad93ca5c02d4e6a804029577420c89366d46071e36a09b3b15d8e22dded917c8dd31855bf9b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

MD5 e13edde4a25e96e573f37bdd11e020aa
SHA1 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2
SHA256 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515
SHA512 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

MD5 ef94e26e09fd6962f86f29c1c30f7447
SHA1 c574353d60b5973522a96fe726b0d26092167386
SHA256 2c3a7f1d3f5524c76c35942871974ee222eb012c65ec7f19d83c392f87b50847
SHA512 77abdad3b1f76fdd8eaa4cb3b2dcb9e5e0c00f46f25b52420e24129c4b178b34103329de52c15b130c3dec214c77e25eecbd2294855c1b3ca39936c8c94a5b26

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

MD5 c9e90bc8ec6a09d8a69f4a4dc6fe8b6a
SHA1 f099ace175891bb8b81eea2595bf8de8027bec6b
SHA256 8fa6b37e750ce1df8e880691ea6dcd4aa922b55a722aa0b1df8ed6302aaf723e
SHA512 c4bda62806935165c94191234b8782408876f1336279a26d58ab3a75f41c51433ad24516c0354a8a047c1e743c4fbb8989938b6a1ff29ae0585b3fd08230a497

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

MD5 fb8a686df2e4d5987c9e43e10b480df7
SHA1 bf85d7c64d6c23fb859989f0229c083aa857197c
SHA256 b6b6c978ff263141e66d878ec683c0092f651fb874a21556d921e62e6c7ad887
SHA512 e21e7287672434bfdeb7de3cc63bf98ebf923fc709941364f68a8fe4ff19259c7518ebef4aa1ae5218ae845450deff5d10dfcc114f562bceeb24b0244900ee57

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

MD5 b507567f09861406425726176430b282
SHA1 ef31ff9a5a918797c76752018a667e29e415e580
SHA256 4390634070a440bead4ea3dc609984097da973983ac140b094149b4bbed1349f
SHA512 23e8a4e14a2a8608c817b88080fabce226ef7c280f5c87baa27780dc1307d60f75d215a91c3de6651f17e6df71219b3e51f2665ce9553c71f427a38e7c81d65b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000c

MD5 cc039445c6c92d32fb74a942a2876d71
SHA1 71cc9c01cf705b61ba163bceaa62651865ef5ee6
SHA256 1a71cffdaadd8f15a6268dfd76f3524409eb5fbad791ce30def403ea13a373a9
SHA512 1834c2c6d6529e69746be6ef8b441997a7e05b00303b10cd2dbc16b0d18cf89a6ead9fb943732f56f7f9b74e347b1bb889a71f08baee17b6b69afbc7350311ba

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 5a2300c8efc2f599e20540a756699609
SHA1 481787b180ab4fb6533a51ac10d468bf4707d65f
SHA256 fb8cc5a8342064d410cf9c8dc03cccde515c7f02ddcfaac054be3b310c8bb3f2
SHA512 5942e740ac1264b14b72ebbca1ddcdbafbaf848a4d991d8f0e2146e3984ea59900f8664ff0d38050d87a4ed32438f36c20cc47cec21a192ae6f764ec6d4c1ff2

C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

MD5 b54b5b1d5c67cd013d3d3e27f883eb06
SHA1 f0a85c018c8283d3b5114cacc99033099aac53d5
SHA256 c1c3d601cd985f87ef738b67eddbe92785a9cfd7364adf1017d4b7ef1a8b9763
SHA512 46b06d2d4adc179820790c0e5363f9c9c1d52e624a8df2cfc0b75e66dbc961e953098b83eff045fdd4d4e1acb8e453496e3bda6cf5babe90d4c8412cec57d3e9

C:\Program Files (x86)\Steam\userdata\1456296740\config\localconfig.vdf

MD5 54838699cf43150f80b23d715ec80973
SHA1 92cfabac710506af0f88d5a675a6b57b37c07de9
SHA256 dd11c232ceb2912aa319e395d334bae080a3499f9569dd4a058ab0d9d459b7bd
SHA512 c6ffdda7353369b195de6b1f19e50e308808a65e7707b2050f3022901b6e4f5d6fff52abd2a76f1599c2b57ebdf379fca868df132bb153e12dda9ff26eb5ce45

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010

MD5 ce6bda6643b662a41b9fb570bdf72f83
SHA1 87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8
SHA256 0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
SHA512 8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 5beb72283195ee05837c6ea8606b8930
SHA1 cfd57984f23640e50d42ca231f7e5a88ac0fe1a6
SHA256 5880e7b980437e9c8017246a211cd696d8fade8e4e4d062c0d516e527699a74c
SHA512 d9616046208a646cc0a066a918a3c4e6fb4094560806927aa5158dc4f23248e4b2558de36324e57669d4a047e32a3ef3eba4516fd4345ec784080bb0f9a0b0ce

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 ed11b5df926152ef4b23b396b3718ef9
SHA1 31a9d64b246357c42649ce41296eeab54b9f9dde
SHA256 848da1a9c3350dd7272c181fe09d881c6c3351fc5352932762eb49358ad274d2
SHA512 b3b7ffbab748cf04f3007c2c4abe912673247ac52afde19d3d5fb804c1874e3ff49ea792a8a0d290fa093b14e0f59510bfa87d6e285d647f4225177542f497ad

C:\Program Files (x86)\Steam\userdata\1456296740\config\librarycache\688420.json

MD5 d9473f809641fc70222b2665f45d9e73
SHA1 db268c895bda2d4c89fdc54b606dfc5ab1684b92
SHA256 dcce5d06ffad0d920b60cd1cb81f76c9713a3f866121e9093c23cd03a6496637
SHA512 947183f211ec0eabaac7db127ebf234dd2aab5745f923ce547e52a278c88918af569df4f9284ec57bd97f6168167de86a06ff481744d98fe94b59f4878d1fde5

C:\Users\Admin\AppData\Local\Steam\htmlcache\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

C:\Program Files (x86)\Steam\userdata\1456296740\7\remote\sharedconfig.vdf

MD5 aada85cdcd04887e485be841170b7522
SHA1 5c310791114ba636768e172a84833a6d4a14eba2
SHA256 742d0d11e06ac06886f1930bd70c45fa72131b7a87b37dd709d8f2c6677dd964
SHA512 60f55fcdd829d43e57ad3c7a1822d78cf76dc2173770fdf20a1799f04cd1ebe0c5f4667246c0b81eb191f36185959ff486677108b55effec3b8e5ad11f6c6656

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Bad North.url

MD5 1b42847d25b84f129d856eff6393a936
SHA1 d0de07ed021ed652135f3ef0808a4a62fc0920b3
SHA256 dac69de2df80f4d7220f75c395144da6142c70d1a6dffc1ee87decc9807fac54
SHA512 1bcd116de487ad710929734555dc663fde0a0374eabaf276e23a2496cf21d5874704beaf8173a3fcb13ace281670817d26b0ce42d037b0d5015f88279200608c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 f7313f71be41729924ce6d216a88d198
SHA1 8a130d70959bc565fb7919d20900eed1c95c7a73
SHA256 59b3ae8d4cb68b5031351967b35a09a03f57910fcfc70b2b7a5277d77bad9fee
SHA512 e908149b7edabedbff7b5ba48625dd83b35af0df271692997a9cc47e4edaf5ed0f0df5644633d38e39d8a09752f22a9fe78182b9f2f3281c87918e449fe56477

C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

MD5 a4a6ad02fbe2e952c61c9b6d71cbc330
SHA1 a018d34d27aeb2a65c6aaac2722a8971b3d5bf8e
SHA256 ac9917514ac4a66be10b87f72a719244b79db908d944ca3384935e2feed5624b
SHA512 19b9b084950492b5b2b0f4a9de93b81883067741594870c0bd41f79a4e3da2f7e4b7f8b0f9d4926864b5280a2d5d4f2be7c706f1da8f10139108b7e4ec9b897e

C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf~RFe6dce13.TMP

MD5 4ee00b92a988689d068a9de027aa940a
SHA1 f335a4ee12b19fbfb1f0eb4bc3bd83f608c0a761
SHA256 6a732ab1d000a493d38d0af08d2c94d5e29ba6e233981554716723241f235dc5
SHA512 c514ea7c6f61bc78f11e5c0c157e4fca74307f54869f5fb9e73822a24f505b9d4c5256abbb350f2206becb7f33fe3c8f19a4a43cf12ec8199bf5be54110fa8ff

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 660f466b11a0e54d3ee5d13e29f90513
SHA1 2d6e2d6400f1d806f541c6201f75e69d45d420a9
SHA256 dc4e1bc21a64c681cd25243287429b0dd0ff4d9b8a4d43c36dd2bb504164ae90
SHA512 4854d7748e894e4e84b32ea3c64b7b696ad6c1b138cdd9c96da14630241da0b2a15dca8ecbc6f04ee8a28c29af7b674ba2e930b4e9d1a45bdfa5226dd55579d5

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 fddce3543384a63feeef129d93051a85
SHA1 60d5553a81579fd2d1ec9bc747e922082433dd78
SHA256 fe9d4eed32d1dbf9987d44e8644ccf353d2da61c1dc243f4f0fcbd1abefa2245
SHA512 e20e24090fd7f26992113528384f251e04d30c9db38272171d4e561866095217cfc63b0cbb9b67dfeb7fe1bd7174146b89eb1813a0337a106c054b7d4d22cc63

C:\Program Files (x86)\Steam\appcache\appinfo.vdf~RFe6e01f4.TMP

MD5 f824adb32584deed41943ed855963532
SHA1 efdb3f474ac5017943940ee6452ba39b797831e6
SHA256 f419764df41b84fbeafbaa150cb08612da5aa53e8130cdf05deff91f6d627f45
SHA512 afc94432ff598e9e0a2d8719f48dddc1b659af08ad40a595622cf86167ca7bcfc4ee6bdb74689729564bdb275672408d737927cee702e349fc4e662c084ff0df

C:\Program Files (x86)\Steam\appcache\appinfo.vdf

MD5 9b3e19a712f99026c60ceb972fbc52cc
SHA1 62d047cd5c487d7f1ed9069e77cbc996956ac84d
SHA256 2379f965ad863b13d368ee2806005bf31789ebef7b9ae729eabbb353e762517c
SHA512 bc8d5ee86723dcd6c47b50ab6c669ed7475db723151a37a12f146be1f732c897671767063822338989bd23f7920f0a90e6cdd145fcbfd04fd45994fd9b1f73ca

C:\Program Files (x86)\Steam\appcache\librarycache\1245040_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

MD5 b6cad3c00a62a378db8d658f785c9ecf
SHA1 58a547165d7a3da05ef6d6fe5ca9db44180a5611
SHA256 7a888e1d36b59f09fdaf8e5b0a916c467d80d79b715ac86e5dedbfaf336bb5ce
SHA512 721b97ec51588f49768dd467626b6c3c7c8fbe137c9e6ce08b9413171fb12ad4d0619260044bd4b14ad4b815e07bc34d8e5c15d42aec2b5f02b4db7977f52b8f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 c4c2b35b7e1ef48bd586523e9b94a20b
SHA1 6c7c10578b95c75a3493b4f8dc00e394782f5f26
SHA256 218158edaf2ed1e41fc29232fd544bf016b538d121316633f4382304e06a51cf
SHA512 d82b909fdbc8112b73524e43381085eda37cae343876dcd704fa2ce1ee06e04b754050ac8b3988c9e70de7c69e7f90357b0a11e9634b9e4b28c823ce0f229fca

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 bc19c5922509833f316119facb8541e8
SHA1 bd9db2500991b78fafc43a815573a9c687a2e34e
SHA256 3162c53c21bb2a166a6c0b253c2fe3e774cc2c699de1a87e7b834d7d2c046ddd
SHA512 50ad19c5f38ce581a6edf8940808e74655067d5fb8c6a4d2b9e25f31140f411557c9bd410cd45331a41402136977493e4f0a28c1dd241233d4ea1e5f3efddc4d

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 b379216b7c28765e41b0a03a27d989b4
SHA1 86973d50043fbaebe7db60454747de4f297a618a
SHA256 5ee47b0b11db11544e188df34f4cb712dac7d1c03bf3740826f55b6790684dda
SHA512 2c89b86095e512e517bfc09903e9f4da911d91403b0bad98a86fdfa11bd176c78449db1ce98aa5992d0c6a28cbc9f0021d2c6f31f59e5dfba1b723badd8a9794

C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

MD5 89b5448809662e2036dace3d40b4c371
SHA1 2e098729e3d2acaf52beef8ff664d6df5978f5b3
SHA256 26fd6774bd7c80d03641da484619bc6d7bc762ba0148fe09ecbb2c86603a14b7
SHA512 aed5e535d1ee9f9bf17bf4271e29a78391b870f7a598a39c5ea224338847bd595963268bc2f2af0c488abbe7322efe9adb8e7ee72643cb53f277b21573f87a4a

C:\Program Files (x86)\Steam\steamapps\common\BadNorth\BadNorth.exe

MD5 da66e56b44086d618b1ae2116dba6c31
SHA1 d33b1ad42606783d520d334240e3fd0dcb48883e
SHA256 65f364d3851411cf15d158141ec3feb890abd9cb605e4d1bd364be9f5fafc8a7
SHA512 7e7e814a07b6183527d893e09b0d40f9fe299ca57dcd80f0ebd43adf95620f69e0cff8afd915d10e35370da904cb685f0f55d3aeef3b7b3019920b923c90e1cb

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\campaign - 0.checkpoint

MD5 6803b1304217c1e5b83b8bc9dc8a070e
SHA1 b840ea4c7e2dcb69642fb9cdf24206d11f2cebb5
SHA256 8f9ac88f0c0f20a9e7fe41d8f14e25b9e744bbda8196987b4c388c0d6f0e04bc
SHA512 a850c0cf998822f0e22b15270fdb06606d6fac026ef151efb3e1b696c3ff06c3b0a6fd2e80fa650dbbd5327ba59fdd2d8f43f72f1548542657f42506bb8adda3

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\user

MD5 15ade915f0a67873d8686c37fc7375cf
SHA1 fb6e7c4478fa7654ba003f926d10886f62c30cac
SHA256 ddaef90e0db7237b07e39e02342669d031f47fc2cae8564c68617129bbac9a38
SHA512 ff642bd4824441bbd91e07110c69d2ba9c55c0aea76b1dccd65e81f716802f82564ec1d5a7b43bba9a64bf588fa12aad076dc58cbb70bd93e22221ee0ad6a2c1

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\campaign - 0.meta

MD5 570c115f624673bd0b25e747cdf4a3e3
SHA1 3448690b445af130bca4acb0025826f42500ecc9
SHA256 2508cce6ddb0f26f31f6499aba8a3a24e1cd2abb0cd653f1fc276a299defb016
SHA512 dbcf3259399050ca958171bd8ed664c2108e383abd9fe65bc47e99ebb6ed0ae2e277a6da87442c4b1b02e58b4029d917d51fe164db4ab4f79cdc7864df7f2595

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\campaign - 0

MD5 22fddfe8280a94c17a150a3c07af43bd
SHA1 b23cf0ea6f5d2e7f5fe6781cf2b21ab50dbd2941
SHA256 c39b8f85c5c03afd7dec66b0aacbc87b20e3baa6a9f3d0f2ea45da6f35b4a72d
SHA512 53a85be559f720afa2c04fb6e219eadd9cd073ca1951a6324beb85714d906d785e8a392db5ef38841b3daf282c2b0763524d8fca5c9cccac75430a8aaf46116d

C:\Program Files (x86)\Steam\steamapps\common\BadNorth\UnityCrashHandler32.exe

MD5 d62afb263e4ca1f52d54493f383555b8
SHA1 c7b5ee97ce731431585fa9f57eeb3b4fa9e2b8e9
SHA256 a5a5cbfeb70c9496df6c5858215a79c2700f4d5abdf07a0be0423683f20ddce2
SHA512 45a2bb1eca870034a030254e914e0a7fc73539de9d667c1aae240aea8d09669085740f86a55f62ad0e857259322cb20945b015cb10df2cf99b5aeb8c2e022a0f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 a0db3d6cac093747dab5c341a4dbe4a1
SHA1 ba45d9cd870445a820376b10337a25d2037eef38
SHA256 ecadafe76bb565befd07345150d35f9fa7105ac9b7d04f8af0bfd6d0e8193cc8
SHA512 4877146d00f0efc11e9b41be14e414570f50a6691a7f6f7f6a16efdaebba2e54e334eb26479699f4089eb9744377a25b9e005b459a138ec456e300784415ed14

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 9c50803f837eb3c13f3909526598dc51
SHA1 d6fe7e4fbbb305ed5067f22f6116ec05294003d0
SHA256 0a07bfddb77a721882636597c7f13bb799397534b9e8a074e5c69dc3f3ed2daa
SHA512 c08f3d612d049f6e7607ff4f6964418a83068556ab3cc736e6bd6a32e795bb2da2622ce840a7dcb62568990cc04eaefcd4f7f61596ee056f9d55609f0dd3b0ce

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

MD5 405ed983ab2a28915739eb58e0a103ef
SHA1 4fe66b9c662b3fcc62eb529e6f8005684440189c
SHA256 777d802fb1c58e315e287ef29c94dbc3fcbfd181cf85401cf1bd100e33a567cb
SHA512 43cdbe6726005303d8dc6f7310b244b51c7e475f1ccb5f7e2fa2c77dd6ffd9c7248e0425b3b5a754f0af1bcc94cc9519286276f40629a48b170425a40c0dd07f

C:\Program Files (x86)\Steam\steamapps\appmanifest_688420.acf

MD5 b61e497f8375a2b5dc63b78aa30b6e38
SHA1 338660236f90992c8ae668f185bce2af3d3189f1
SHA256 fe39e691f6aa5f540b55c15e680bef1b8a1874eb9cbd719d827b5af35571f3cb
SHA512 5f0f68995a59bbd89afb4d3a3af2848f3682ecdfcf35db0d20d14d191aff706a243c70438f85241cbedffb0158e65d58af69b2d477ef74467bdd97e49886d065

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\user

MD5 8dc9f6ce66aaa24b2a76bc62b45ab3fc
SHA1 6430803998780ec30f3f5a8c28a75344962f67ca
SHA256 3f9d00d4c8d883dfd446e9abea55e346e0305e7ffdcc1420e9409031acc78d07
SHA512 b18571f908d9ab3e5cebf6cacc8c1e74ab09208dff3751d76696e956addc1bd049fb1f1e16d01f2ea916af1bd7b99c17900d6d080e4d9209d66cbe61dd6f0609

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 58f3e4c726d45580f61d30b0bd6d8c28
SHA1 e2700a142e093480b6746e8899c9f5f7aff849a5
SHA256 4b4bc0d8e8e57b2cde24150a8d2606d1d1f33cc00d70a15530c014865cac0614
SHA512 569e251b84348823fefba116c2a5bfd92dea61aaab2d18fc9fe39b53e83cf7316f0d1338303cba3aa2d57149cbd3934a4f25014593649986d834f2437b351e6b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 2150b6d41ec2c4a9fc0a871324bb03c0
SHA1 e841954cc97c0e236fe97a8f458ec9aebc9a76d0
SHA256 372c01151fe1e9220fb327a3082ca8ec5677c4cd654dd9ef0d1da762e235b871
SHA512 b96b0e3fb0a8f2420a6c17bf227d471ac90c4ff940eadb4520d994c3ebf2bd73156998ca3a067b410db3ea3f64c7736cd0c1d223ec989a3c8eaadba2b64a5189

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 2d526be0f1bd67f96914ec5033ad4c58
SHA1 f6dce0babe7b79781c5ec279785b78ed2be27d11
SHA256 9e3ced8ed3ad261555d68529deff6d1b6460f236a334be4de424fcfae0b4a14d
SHA512 12eb0acff660bcf45d13b120bb657b94a3398fd17f09db809efcad53b79647f6e16674c1959fea7add98a9f0bcc233caf5723bbdfed94547171a4e53ed82c746

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 c2935df6095a179e6944136870ed41b4
SHA1 aa4fb853c323d75b41ffc0dfb2d9be32a083dc26
SHA256 5ea0ecfd7cc65931f90897b8d7fed4d739c93d9b14845bad7154ae1548fc78e3
SHA512 4b3325c5412b4964376773fc93361bcd0f1b90a59a49649c4c0f97a08990b19a19511043c3d99f69b241dfe9388e8958930ac64a5ebfa58b446a47be23ba6406

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\campaign - 0

MD5 c7e1ccecfe2235f70645e797de0eeec7
SHA1 756d30f9a765ee4500f0f894015eade09c927a74
SHA256 42ec0ef2b6a799366826180dc2b0b1fd7a81b6f3a44eb4e39a0e5c2dd6a86631
SHA512 0637ef3638f01d582256b4e4bd221f2fd700baa9bc85ec21036db7d7967ad7f8194f84658773e748bccdd1911b9a39c76c1fee52461e48a7f7b450d5814bfeef

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\campaign - 0.meta

MD5 caf3fbbbbfff0cb58e9e9d0c1ce7758b
SHA1 881b96e08bb53bc13f1c55f94329d863f672da76
SHA256 12801a804e6982c18610a6168bba663daa60e0ccc82f9ddab98fb7b68dbab450
SHA512 cdff4ca113aed6b03f681fca0c8136dc3a9790d46593b7fc95af1e43722fddff38d55863ebd819d194bcc7030a63d9013a5980bcffe814b983b834fa94925750

C:\Program Files (x86)\Steam\userdata\1456296740\688420\remote\user

MD5 8658c9f6d2a619679f6e47ac5ffe2ccd
SHA1 9a8ff5b70a37c0d3c737f4adf6ef71e662440533
SHA256 4afa2716f0323f055c536b4697d8d1a21d55d34caf083a7f52d956ccc8654d25
SHA512 66729d26fb2772eb80a1b699c43548f4948fbe3f27edbc927fdb036870b3394b14ed5281da60c41bf95fb9175cebbed1de35d36e981cc17da4c1fe5982fc88e3

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 2b5695ea6a959f62a564fa57d697f5d0
SHA1 614da8ef46bcc61b39f880733f3e4057b58fb4a5
SHA256 28ba977593f11d4ea6b19929278c185c731e58f385aeaa052817bf97012ecdc9
SHA512 3e455cf865fe06569d8151fd8f6d38009cd07cb857204a9c5529d76ff0b87c6059058953a23d1107819118dc0609946e6db2e6bddb115df9f6ea1b91f3fc3416

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 4a8d7711579682bcb776b43419b00dcf
SHA1 9c40b901ec59df024219200abe4cc616576e6c44
SHA256 59dea21b2679c2b400dbfe67e5c39feac8163c8099d92ce631e0a24af406c0e4
SHA512 ea9f72b8fba787d768ad3e779c7e690c88ae4b7d260557efb140defdba1eb778c89336105cd4e8a6ff21eeea48ac87b0ec382359c8faecef3a87e9030cd5583a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 ca6f039fad40018b46f826c2ebda950b
SHA1 0f4a8987aee09035760663f52d7a8c540cb8049e
SHA256 412da29a6d049dcf7817f846b293986f0d9fa160f369aa1e9c0753cd47f211ad
SHA512 62090ad512ef71f46612480334703d4955944c1a2e96c48ff4a90c207e878771318a30c33dd9913e78b82d6f44941fe018b69661d397e2130ef59914862595d4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 126058c12b01c87c99acd11359163476
SHA1 8ee6132c4d035028625a099f44a8cdeb6de90a28
SHA256 4df4339179ebe711970d85362a4c72db2172fdcbfcb3616b65cd52a084aa1e9f
SHA512 17e0104627470361b7043e50840c009286b9de360aafe1edb9132ad841a4596cd11fd5b97cd6ca55a0d19fd8689d5006897d49d5aaf770f14692d30276ee832d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 dc92ee9f799ffbedee2ae177cec256c1
SHA1 324ec7fc76013ec99777f0c256a4d3d982242b72
SHA256 928589e692dba6b95bba514a2a9f0d54509aad200fef495ab455d4e08e25d539
SHA512 0cb872c4a278abf60a505774c7fd5af326c8c669460f884b7599078d8afb8551e95a20062f5bbe216587bda565a730152bfb9564b8ebd6084761d083e880cec7

C:\Users\Admin\AppData\LocalLow\Plausible Concept\Bad North\Unity\local.36cf57ce5dd8e0846b0c782a42957d05\Analytics\ArchivedEvents\173108877500003.a768aab9\s

MD5 a331f2ce8fb3b655cd9dfdde10c2346d
SHA1 15fc2e7e234ad6bcb911e8829ce6a9dfef66812b
SHA256 790d587b4d8308a25676f23aff9a94a4d2940a1533bfa1bf7e2cee00ac0cc093
SHA512 50c5861809193b83e9feebce1c8fdb1461043e866b177c5b0cd08eadbbb1800a9c22bafba80cc9773d40e2209469cd4d04674d12b95d4b66ce8046ee8f9180f9

C:\Users\Admin\AppData\LocalLow\Plausible Concept\Bad North\Unity\local.36cf57ce5dd8e0846b0c782a42957d05\Analytics\ArchivedEvents\173108877500003.a768aab9\g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

C:\Users\Admin\AppData\LocalLow\Plausible Concept\Bad North\Unity\local.36cf57ce5dd8e0846b0c782a42957d05\Analytics\ArchivedEvents\173108907500004.a768aab9\c

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a