Analysis Overview
SHA256
871b6e74118ee6c7b85a5ea0a14db672253b3710e6f5610245403ee7551c0b17
Threat Level: Likely malicious
The file sub-systems.docx was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Adds Run key to start application
Detected potential entity reuse from brand STEAM.
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
NTFS ADS
Modifies system certificate store
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 17:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 17:47
Reported
2024-11-12 17:56
Platform
win11-20241007-en
Max time kernel
470s
Max time network
472s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks installed software on the system
Detected potential entity reuse from brand STEAM.
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_button_create_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\friends\giftreceivednotification.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\logs\systemdockmanager.txt | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_right_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_left.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_ring_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_buttons_s.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_l2_soft_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_swipe.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_right_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steamui_sc_schinese.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_schinese.txt.gz_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_right_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\support_flag_left.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\joyconpair_left_sr_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_rtrackpad_ring_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox360_button_select.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\logs\controller.txt | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0040.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_turkish-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_notification_disabled.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_touch_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_dpad_left_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_l_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_touch_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_schinese-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_left.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_grid_loaded.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_rfn_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_070_setting_0050.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_020_ammo_0052.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_045_move_0225.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\html_lock_ev.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\icon_steam_vr.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_button_steam_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l2_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0230.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_up.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\win32_win_restore.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_y_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\submanagesecurityunlock.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\FriendsPanelRightBG.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0307.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0334.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_pause_hover.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\streaming_shortcut_16.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_logo.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_left_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_outlined_button_b_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0150.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_down.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lt_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_click_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_rb_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_left_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rb.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\th.pak_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_left_hover.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_ring_sm.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_buttons_n.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\gldriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\Steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\Steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\Steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\Steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\Steam\steam.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 828296.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\Steam.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\Steam.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\sub-systems.docx" /o ""
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd10ce3cb8,0x7ffd10ce3cc8,0x7ffd10ce3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,18444644007262178963,10425030297398964507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd10ce3cb8,0x7ffd10ce3cc8,0x7ffd10ce3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,3048763359571922966,18096112025305096641,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,3048763359571922966,18096112025305096641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,3048763359571922966,18096112025305096641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,3048763359571922966,18096112025305096641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,3048763359571922966,18096112025305096641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=12612" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffcff2daf00,0x7ffcff2daf0c,0x7ffcff2daf18
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,18319159566963304154,4537073492483212621,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1568 --mojo-platform-channel-handle=1556 /prefetch:2
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2144,i,18319159566963304154,4537073492483212621,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2148 --mojo-platform-channel-handle=2140 /prefetch:11
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D4
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2744,i,18319159566963304154,4537073492483212621,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2748 --mojo-platform-channel-handle=2740 /prefetch:13
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,18319159566963304154,4537073492483212621,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3136 --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffd10ce3cb8,0x7ffd10ce3cc8,0x7ffd10ce3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12957246976516737574,5706367389568395262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Steam\Steam.exe
"C:\Program Files (x86)\Steam\Steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8888" "-buildid=1730853027" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1730853027 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffcff2daf00,0x7ffcff2daf0c,0x7ffcff2daf18
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,11461149946176129809,1140517485441327721,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1568 --mojo-platform-channel-handle=1556 /prefetch:2
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2188,i,11461149946176129809,1140517485441327721,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2192 --mojo-platform-channel-handle=2184 /prefetch:11
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --field-trial-handle=2900,i,11461149946176129809,1140517485441327721,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2904 --mojo-platform-channel-handle=2896 /prefetch:13
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,11461149946176129809,1140517485441327721,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3092 --mojo-platform-channel-handle=3084 /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3720,i,11461149946176129809,1140517485441327721,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3724 --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1730853027 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3888,i,11461149946176129809,1140517485441327721,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3892 --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd10ce3cb8,0x7ffd10ce3cc8,0x7ffd10ce3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,4033804891986271713,1865827896361014202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd10ce3cb8,0x7ffd10ce3cc8,0x7ffd10ce3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,334731966436612226,13880581406931648966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.28.109.52.in-addr.arpa | udp |
| GB | 92.123.128.136:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.182:443 | th.bing.com | tcp |
| GB | 92.123.128.141:443 | r.bing.com | tcp |
| GB | 92.123.128.141:443 | r.bing.com | tcp |
| GB | 92.123.128.182:443 | th.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| GB | 2.19.117.24:80 | test.steampowered.com | tcp |
| GB | 104.123.95.227:443 | api.steampowered.com | tcp |
| BR | 155.133.227.34:27022 | ext1-gru1.steamserver.net | tcp |
| BR | 155.133.227.34:27020 | ext1-gru1.steamserver.net | tcp |
| AR | 155.133.255.164:27020 | ext2-eze1.steamserver.net | tcp |
| N/A | 127.0.0.1:62676 | tcp | |
| N/A | 127.0.0.1:62654 | tcp | |
| AR | 155.133.255.100:27022 | ext1-eze1.steamserver.net | tcp |
| CL | 155.133.249.164:27037 | ext2-scl1.steamserver.net | tcp |
| CL | 155.133.249.164:27030 | ext2-scl1.steamserver.net | tcp |
| CL | 155.133.249.180:443 | ext1-scl1.steamserver.net | tcp |
| PE | 155.133.244.34:27028 | ext1-lim1.steamserver.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 164.249.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.244.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.249.133.155.in-addr.arpa | udp |
| PE | 155.133.244.50:27038 | ext2-lim1.steamserver.net | tcp |
| US | 162.254.199.165:443 | cmp1-atl3.steamserver.net | tcp |
| FR | 185.25.182.20:27021 | ext1-par1.steamserver.net | tcp |
| US | 162.254.193.103:443 | cmp1-ord1.steamserver.net | tcp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 74.125.105.39:443 | udp | |
| AT | 146.66.155.84:443 | cmp1-vie1.steamserver.net | tcp |
| AT | 146.66.155.84:27018 | cmp1-vie1.steamserver.net | tcp |
| AT | 146.66.155.85:27018 | cmp2-vie1.steamserver.net | tcp |
| DE | 155.133.250.4:27019 | cmp1-fra1.steamserver.net | tcp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 155.133.229.20:27018 | cmp2-fra2.steamserver.net | tcp |
| DE | 155.133.250.20:27024 | cmp2-fra1.steamserver.net | tcp |
| US | 155.133.229.20:27023 | cmp2-fra2.steamserver.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 104.123.95.227:443 | api.steampowered.com | tcp |
| GB | 216.58.201.99:443 | tcp | |
| PL | 155.133.230.50:27037 | ext2-waw1.steamserver.net | tcp |
| PL | 155.133.230.50:27019 | ext2-waw1.steamserver.net | tcp |
| PL | 155.133.230.50:443 | ext2-waw1.steamserver.net | tcp |
| US | 155.133.229.20:27024 | cmp2-fra2.steamserver.net | tcp |
| US | 8.8.8.8:53 | 50.230.133.155.in-addr.arpa | udp |
| DE | 155.133.250.20:27018 | cmp2-fra1.steamserver.net | tcp |
| DE | 155.133.250.4:27018 | cmp1-fra1.steamserver.net | tcp |
| US | 155.133.229.20:27023 | cmp2-fra2.steamserver.net | tcp |
| SE | 162.254.198.104:27025 | ext2-sto1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 104.198.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| GB | 2.19.117.24:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.123.95.227:443 | api.steampowered.com | tcp |
| N/A | 127.0.0.1:63186 | tcp | |
| N/A | 127.0.0.1:63185 | tcp | |
| CL | 155.133.249.180:27034 | ext1-scl1.steamserver.net | tcp |
| CL | 155.133.249.180:27038 | ext1-scl1.steamserver.net | tcp |
| AR | 155.133.255.164:27036 | ext2-eze1.steamserver.net | tcp |
| AR | 155.133.255.164:27021 | ext2-eze1.steamserver.net | tcp |
| BR | 155.133.227.34:27024 | ext1-gru1.steamserver.net | tcp |
| CL | 155.133.249.164:443 | ext2-scl1.steamserver.net | tcp |
| US | 8.8.8.8:53 | ext2-gru1.steamserver.net | udp |
| BR | 155.133.227.50:27025 | ext2-gru1.steamserver.net | tcp |
| PE | 155.133.244.34:27021 | ext1-lim1.steamserver.net | tcp |
| PE | 155.133.244.50:27035 | ext2-lim1.steamserver.net | tcp |
| AR | 155.133.255.100:443 | ext1-eze1.steamserver.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | cmp1-sea1.steamserver.net | udp |
| US | 205.196.6.132:443 | cmp1-sea1.steamserver.net | tcp |
| FR | 185.25.182.52:27023 | ext2-par1.steamserver.net | tcp |
| US | 8.8.8.8:53 | 50.227.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-par1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 52.182.25.185.in-addr.arpa | udp |
| GB | 2.23.205.133:443 | tcp | |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 133.205.23.2.in-addr.arpa | udp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 105.42.18.104.in-addr.arpa | udp |
| US | 104.19.230.21:443 | udp | |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| US | 104.19.230.21:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.200.35:443 | tcp | |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-par1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.123.95.227:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | cmp1-fra2.steamserver.net | udp |
| US | 155.133.229.4:27019 | cmp1-fra2.steamserver.net | tcp |
| US | 155.133.229.20:27018 | cmp2-fra2.steamserver.net | tcp |
| AT | 146.66.155.84:443 | cmp1-vie1.steamserver.net | tcp |
| DE | 155.133.250.20:27024 | cmp2-fra1.steamserver.net | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.23.210.75:80 | e6.o.lencr.org | tcp |
| US | 155.133.229.20:443 | cmp2-fra2.steamserver.net | tcp |
| US | 8.8.8.8:53 | 4.229.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-vie1.discovery.steamserver.net | udp |
| GB | 92.123.128.142:443 | www.bing.com | tcp |
| GB | 92.123.128.142:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 142.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| GB | 92.123.128.135:443 | r.bing.com | tcp |
| GB | 92.123.128.135:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 187.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.128.123.92.in-addr.arpa | udp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.156:443 | r.bing.com | tcp |
| GB | 92.123.128.156:443 | r.bing.com | tcp |
| GB | 92.123.128.171:443 | r.bing.com | tcp |
| GB | 92.123.128.171:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 156.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.128.123.92.in-addr.arpa | udp |
Files
memory/2376-1-0x00007FFD20023000-0x00007FFD20024000-memory.dmp
memory/2376-0-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-4-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-3-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-2-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-6-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-5-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-8-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-11-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-14-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-13-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-15-0x00007FFCDD470000-0x00007FFCDD480000-memory.dmp
memory/2376-12-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-10-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-9-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
memory/2376-7-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-16-0x00007FFCDD470000-0x00007FFCDD480000-memory.dmp
memory/2376-47-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-50-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-49-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-48-0x00007FFCE0010000-0x00007FFCE0020000-memory.dmp
memory/2376-51-0x00007FFD1FF80000-0x00007FFD20189000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f1d2c7fd2ca29bb77a5da2d1847fbb92 |
| SHA1 | 840de2cf36c22ba10ac96f90890b6a12a56526c6 |
| SHA256 | 58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5 |
| SHA512 | ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14 |
\??\pipe\LOCAL\crashpad_1036_OIGPZILVTKUTVLAF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4c1a24fa898d2a98b540b20272c8e47b |
| SHA1 | 3218bff9ce95b52842fa1b8bd00be073177141ef |
| SHA256 | bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95 |
| SHA512 | e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90ddb42e3ce37efd8cc9ab64aa1de8b2 |
| SHA1 | 970f1c7dda02655e65b710ff9a2e108000e2bc21 |
| SHA256 | 7cd1a22dc7277952323d24cdc1960ff0e640c80fcd66c67632358411fb9c450f |
| SHA512 | 2f28a690f11ee0be07b365b4205cebe13802241bfba8aba05d4d94e95cf918a08a4278089eb04db1838f8ba45f2517ceb50434095f014e903083a7fab28c504c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 3378c83388fd4dd56cd0b07ea6f89f54 |
| SHA1 | 76c119a22fb6bb1ff6487188054a4f85c559f1e2 |
| SHA256 | cf8398e6fed5b50964efd97109aabed33be0241eab96ab845ef1dc9af8524846 |
| SHA512 | 1254e2178a1d8d94ca0da6b71b1907e08ed1a5d44b63615cda7dbbcaeb4efa246dd2b08fbcf1f6d91e7b59b16e2d7c5369565d536aae50dc489251ac134a6410 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 5dc22530e617f5a81653ba6c1acfd7a3 |
| SHA1 | 8c1373fa536fe5b06e4b3ef1db0d911bbff80729 |
| SHA256 | bb6b63422a59a754b281c4a8f2064de75e970f23d0cfba270a2108f4fe359143 |
| SHA512 | e17b7afa55c78399b8f166a583b82efbce5c93b52cd9ff68aeffd3460862604ca1066be0bd0c036492ec769514aa69d0f8356d9fd193241ab4e5d8ea2206a057 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bd36db17-d577-4cc5-8bf2-453d4a9c5fa7.tmp
| MD5 | eaf154d4771c84b0503a64b46eb22fd2 |
| SHA1 | e31d8204843d5b732dd46473cbb8d5d74520722b |
| SHA256 | 109c15467f40bd4bf793760e8e07aced52f9262eccc9aac7452dc9d98bc6ec39 |
| SHA512 | bb97f38d15008d7be898a07a46e8fb9547d4284f7fd80f916ec52fab3a2d6e01ce4e78c0a0bc93d298860b123e37a28afb116ddb481adbbf85cb7ca0d2a40365 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 708406ffc8237b6e386e9c8c6b244d32 |
| SHA1 | 02c7a776ff21a787a8e4c9ce00a104a86aeafc3b |
| SHA256 | 04c3c5e995e0e7d96f588c969e0516c8d8b396af79d70ba0de5114287a8aadaf |
| SHA512 | f0bac624d16015a9292644e37d0607103ac0f1acd84dab07c51d5f0e9de1b2b58c4af618cef7ec69c3d28a9f2bfe18b3ee944f693070460fd1dd46b6ed1a0b69 |
C:\Users\Admin\Downloads\Unconfirmed 828296.crdownload
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61bd662ae85e3fe22a10662d199f62b9 |
| SHA1 | b36019fd1ef78b442fe59b7882ecf5de5cb4e1d6 |
| SHA256 | e6256443b3ec2d50f4a37158c2abf225d56235f06da6ba489a6deb0dcd6b87e9 |
| SHA512 | 3af5abaa0a38ebe41d253df08483e3f050c332a20a51680d020372cae9e93b7a8b49823da1ccbcdff4dc81ce49f36a9b3c649900008858e5c55cd9f80110494a |
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 11ad9259909e3cbdf00360ee6ef9a85b |
| SHA1 | 2314d6c7bd71afd6e5ae43129cf3f3d5129e0f11 |
| SHA256 | 88cb8d6e6acab246e701cac9165428208cf7ac68f8c65581f1e1db6e0e512bcd |
| SHA512 | 3e6eb6a67c45b3861333aa9055ab94005fda7eec8fb57a0ecb3e7aa515d10998a02676a53fb2f6544d39edbec03dfad86ba695d8293df5e0055aaee473c61408 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a01224823bcb98922b3b5201e1effa83 |
| SHA1 | bb80acefd2880f7b27aec11bf1141378dc3122ad |
| SHA256 | fcc4d96eb45c473c1896786a6cda5462f56af2ab49b8b91d5f55fd4c7f97501e |
| SHA512 | db23a71040451e5f514ce0789db93d50e734022665231e50e49989da5a245d56cc7acf81848d909ce6e4f4c5198dc539d021eeb1ff57b01714eb4c58da75309c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a702fcdf4396442c1b5f4a1150f0e632 |
| SHA1 | 2ac46fde130df3ab46f589ef49f4932fab7864d3 |
| SHA256 | 23446e2b721e19b7645708d9a2c39862b4d55d180acf6229ccb5a93060b52e93 |
| SHA512 | ae35f28629c2ef648fa06cf70de3271bce16a85b89a83dc91628f9b0f44895db8b34ae5e851cd36fe4d23ebcdec3cb2980d8c7c0d395e7a338d9c2868bf3eb0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2819fe43e0646c645f04416155ffbff3 |
| SHA1 | e369a495f0dbe74fb0fa07ebcfd6410adf450f5f |
| SHA256 | 5f6459c9327b52a6366916ca5fedc00450a6aae5ba824cb286dd86e71e60ba6b |
| SHA512 | 3b7a7f14decc7ddd4b69141c1eb383e741c889137dd6ec3146fe0986b4962de38f140bb856fa1274748587bad6941be4d20f0359cb28ac8ec7cb0a57241d2b7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375907296684222
| MD5 | 580dc9378e1becad34f8e1e639810265 |
| SHA1 | 0449610318511cdebdfd2dc16fc091c8e1930561 |
| SHA256 | 923b6f87cd208cc8b739c414469e483db6e540271ee68d5fabc60da9cc41be1f |
| SHA512 | 39fffc56c8847b66abaae00ebcde29c6f31bc9321f0cf25b0995886ab17c0adfe108e5b8b4994fbc9041bdcffb139f35e72b73d1d97c331bc9226abecb621e67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7bf27c29c8954f5045b55fb3a0b6efbb |
| SHA1 | a32b2907523cc11708a3c756aceda56b21636b69 |
| SHA256 | ea190290e07878a94a9acd766272de35d8b4ff82d70f8023273e0b0725df9951 |
| SHA512 | 2fd8f974e6f748d887f81f8a20db04e30df506a4b7ce48bdf8c0df0143840e1b98de0ef4ca907ffb8162484b1241c950d515cca4dfc88170b66853da8528857e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | a79b0aa502b15fa052f082d4a519bc72 |
| SHA1 | f9642158d5ba0079cadfb659a589a1a5f0edfcf2 |
| SHA256 | fd7ceb5a5aaa810d9315d29449319690d091d62398e867e22a8fbf2e857ecb5f |
| SHA512 | 82099dae5dcded05c6c4c05f1d53a907a32dd00083d15eef5340474023f7c328ac32a5f159afac053f47fb8ae94807402e2a26163f48963ea6266ddb0f9ab4b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | fde91bd3c8aa42613f69996f016b345d |
| SHA1 | 71d6baf43be7b3b65203a89d254fc7239f257d60 |
| SHA256 | 80dbb3089c535bcb03aab588775a730554155710ee019add8c890589607f50f0 |
| SHA512 | 0d1cd02457d93e2553a3cc4b5324feb8c7e7686b4d2e6e7af281b828c32b43f2c32511081041cd02fd99fccf7d5e0076d9ae95687474db0b8ac3bf9e37f3f159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 2343071a538e5b1e98655c56f9f2c065 |
| SHA1 | c6848af143582ea6448c74fc6dce204a62a43213 |
| SHA256 | 285e5fc23cc38d24b279ca03d3aa9b355bc19cb02eee41c433c5ace13a2a259f |
| SHA512 | 048bc7dac929ba427f5b48cca82eb531633b7bf2aa67ba5f06f0b54f438c9ebfb68bf981e306b901ab869ed14f77718ab0e65f8aee855f8248f58018135e8014 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 9c5583a0b0b60452e5449238b0153596 |
| SHA1 | dc087c371af5df1cda465df840069890e95db713 |
| SHA256 | c5e8fbad5656c43dbf4cd22d328f3a204de8b533bad02e469014314d73b8146e |
| SHA512 | a89ec22386e0738105664173ff5e6ee126e76150e9009157dd9b583f3e8a9b8cb7ac044f7c23d5c201debf2754f703eec7c7d9d17a752a6531b6dbc45e721935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 5fd2a7e4f6e4fddffd8865591a334786 |
| SHA1 | c4a4948f1746ef7ad510ec4abbf615380c8f291d |
| SHA256 | 3417d871b560a408032685b918a7d53508456d7f0f84ec4774bd809c3bf5a3dc |
| SHA512 | 2cfec6c93c4d5cde51c80a50e80a505cbfc0ed8be2b5c159c27da4d9c0133258caed6192b61420a9368e73c16c4be56ac7a1172805ccd5b6aef401fef6eb0036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | ec15ca6047f922cd6f1b0039800eaa9a |
| SHA1 | 2fc6f1cbc9315517e38cfaefa0d6848dcd0f713b |
| SHA256 | 4a1dc5563773b119c32b158ccc6764148d815479a09fdf93baf69a2dc3f92ec4 |
| SHA512 | 8f1c5c43851823e91601951f466a8bc7fcb785c8532a5857b79de8b6f8ff44207ca944387026159c893f44e6595b4fb31e2e98f62917970fc484f4b168939e7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | ba81dde0bc99d1142bf0536c27a2a478 |
| SHA1 | 0c3e49d4417c84e4a2cb46d112494f732ff7e3f4 |
| SHA256 | db2b27a615397722dadb45b5ec3a5e5ae21c84be8898cc1fb18d7f63cb4ad7a7 |
| SHA512 | 5a72f32043637d28657c779cbc4f6895d5745a9a8c10aa57194aca59b73da15a899948886e5d76c0805fea316e8a0e407bb4ba02ac57a5d1f89a9176613e90bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 7421132d80da039ac6f30c319f9efbf7 |
| SHA1 | 462263ff25a550f8aa12bf2a7c034a8b2d1d58fd |
| SHA256 | 9c2840117f3cb5f59d224850105f277224d84d5aab3c095f3d0c215dd02e4d09 |
| SHA512 | b9693bb3c5953bbf762e07eb8092b595683c8534de4743aad51dd4c7b903f3695551c76849e2a2a489f88937a04d80f32410c2424a4a6c1374171f31616a56a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | c8bc05c50695bfdf6b2ea44e01796b6c |
| SHA1 | 136015f5cf77a06e79f4397eae1bede13b097d05 |
| SHA256 | 4912af5ed436e27d0901467c7aa2cb64797a76661416a451cef6babb06c1a54d |
| SHA512 | 0320838147d2d3be3381a676663047f328741b74588a19c21457011efe88c11e76076fba29620d4e1d3186c10fe01a2c3c8e4f50117d5540bccb16555de9cf19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 3e870364c5bac409911b0ce4c78db92e |
| SHA1 | 859e28f1e7b5391f9ec4ac5539c096306f61bbf4 |
| SHA256 | 2cbea2ae59d16bcdff33bc49e819034427eb6c2f6f0eb218f6ea50af1eb65e6b |
| SHA512 | 5d75c8915db91ee3d1ab40423ae5c39272eb9109a05198bdb26832ed04bc378b698d7dcfc2d4971888480748ad749e04d5e70d1ec6a4a2efc969f678d076ba76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 2e736440d2149040c17b8be61169b983 |
| SHA1 | 76f77ad024c1dfa80e6ebe16e418b2bc205862a2 |
| SHA256 | e183a3b6e5172def3114dc388858583f6901ea05106a906a292890c2b012bb1d |
| SHA512 | 0742cadbcb778be6c1ae87d83f7517d21e757ae5e485bb11100b0f7c7220a920d8835ecca31c3de734dbb801fd502ddccc92d41eec750a8d0b057213cfa015d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 0430ccf2e081f07bf1b7754634fd55f6 |
| SHA1 | 590dc99199b88ac410fe4fa11f4ed5eab9ce04d7 |
| SHA256 | e7abd598636542d67f8fdedb2dd6f4976fa1e61b932d606a5d7193a3eb449c47 |
| SHA512 | ee62521d554781883f602c1327b1932a3113cdd5c2c85e3060eda0c40ff32d4da07f7245f5f544d322e093f2e8ceac6cb259206122e77b2128315ffe6a7d60f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | d5dad6e88967b18926d06eefb3ee8e99 |
| SHA1 | 429a243ee31aa39a57235e715d86859d74097129 |
| SHA256 | 73b672255e219773b1b407723a68f67b02ce7f6d0b7f30b6a389a6ebb8d2187c |
| SHA512 | 73630dd828e3d0dfe8d70374910c394254ea862e2690f14495b6c5e632033b8353a646459dac7d9f16abc09f00f753f1e5732e503a306c1372ca68960177c7a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 4f19511c03a1ecf8b4f023d23e94fc72 |
| SHA1 | b9dfb43b2efeb884ad9755e7c0050034dab896fd |
| SHA256 | 4e927d4ce777ddc76b4acf7f47c0e144b81d200eeaaad6ae76fde8ed35e6889f |
| SHA512 | f7b02e631bf7eb6bd89d3684f03e3c1608a93d5f514a8fe4f96b0d6379dbf9c2bb386dfc560e19255565ae373700f307bb0482d9b0304f69e52a2c697d1ccca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 09cc742ae466fe669e38155eb9b2852b |
| SHA1 | 905e475b036b2157ac9f62c3008e1837e0b97fbf |
| SHA256 | f98fb9cca3f05391c346459a77efc0f6753cd0cf59352ed54482842dd0961df4 |
| SHA512 | 8726cbecf571c41bc69b9fb2d99d524f693e2e6d69b7f106185c0251a06a37c8fac4b925ec58997c05241d89aef9ae201beadc661203da2ed9b2d79bb69584cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | b38101851780fc3270031e8c60d48b33 |
| SHA1 | 565752688af7e018205809b75387270ae58c1cba |
| SHA256 | 85af84e0ead27083f0b6e4be6ae398f39e9c9d6ccfadbb09d9c8b34d591c69e7 |
| SHA512 | 89910bf322c6c5bb1aa61d9c5c08aebb9e0b6f34ee67a363b04be3f70293a4e412128b0ec9b6c83fc6f9b10c184834efd8ffb55a6ea4227891dcaba8a1c87153 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 690f978b22a3a2d058f438fdd5ba4748 |
| SHA1 | cbc12daef50604780b2c77cce829340466866043 |
| SHA256 | d881c7e1befe454f118ed8a8e8b4848921802007a206598e98761ca969a1948f |
| SHA512 | 4f08a4b40c43002bb15d907644348d7e88c12793b29f9e5b915e635cae06215fc8effdc66295834a59890cf5ecb082a93151568cd9655dbf93a78216eab62f53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 962869be140e50d94197120e727ea58f |
| SHA1 | 012d312035f9926ce43da2daadc0e383dbd1f476 |
| SHA256 | d25948c6c3825d5bac7fb8a3f5684992ff81430b7eefbe439e2aef9ad7d65167 |
| SHA512 | 1b4e03de3037cb3c4d469f8f3a1460d07a218a7c559e677873fb467c173fe4cad0ad97268a9a1b7870bb3a6dfd535e02d899c3911c915fed6e28a114a205fca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 4a3cde582e30e291d2c30bbbde0344a9 |
| SHA1 | 971cb480f3f3ac1a490fb25c112724ade254239a |
| SHA256 | 3263ea26a411f7137f03929c2897589256f6abfb53c532bd35b73b5d3c162baa |
| SHA512 | 762144086c9db975fc38c9144160e26d77d580808d61b32bc69126c9a3e5334334767c77f53d3342952dcf2be9d0aa7ab2652977f9268ded1f120d03a8f73ae8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 10d6d3adc3f4e9b77d15827e33ae11f4 |
| SHA1 | 0d0cdc2d4f2b2d8236704ef8470f8d62982d69c4 |
| SHA256 | ef957ca70d4a413518428fa0d069623db728cca85381822fbb1337f640535c64 |
| SHA512 | 2e12a97d26d6c95a926670f4c8691c0d863d914fa83432894618ff021cabf55433860b5e0072159c5d814342821f1cadb7ffc1230523ec490e429fce0244450a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 990b69388a5ea22acf589f0b6537ca15 |
| SHA1 | 0d7691dfc15abc15786f42e42f9fad603da973bb |
| SHA256 | ec4e0c3abe1815782521a0d671d0e1a9f76b1555941a772c27ecfe120cebe56c |
| SHA512 | d102430728709548d178f64b7e8a272eca0b34a8d6873f88069928579fd9a4b1b0647bc508d043df778be9e5c9c1f379a5459fe919e9d63121c6655f893d0350 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 5e77f4d5c22104d3cd7bec71d9060636 |
| SHA1 | 81282945e14028d2f472cff0bf41cc51f68d3e02 |
| SHA256 | c2c675997f2b4e81bd444797a5a15e8fe090a52ad0424f96b615f8d87fdb8b97 |
| SHA512 | 9c159d45d985103603eb3b8e9a47a28d7b0122bb6996502016068a790a409df5fdbda92bac7ea0b7d6cd6e272fe21eaee6b7f6c163d0b716f5a33072c541811d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 747815846bec693fe81907db70d9b503 |
| SHA1 | 00e3cac5479835360a2c6f9b42b4a3af224385c6 |
| SHA256 | 577fe762f6443dc930a86dc41f591821c338bc26a01cb234a07fc7377eee4c6c |
| SHA512 | 119608db0f76c6c5d71f38aea6391aea5034e9b280a964914f5c753df9603b1a273d909fbaef680567cab3bbae44c144abe8386acc2d85c77026615ebaf96fd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 759c5635357a347ab287e93dced598f3 |
| SHA1 | eb36625eed8c425bd82c7b49eabe5354473588ac |
| SHA256 | 673ba60cb056593bde7fe27818894909721160bd001122662b3cca707cf494bd |
| SHA512 | 6206335c40d434aa0df62e2152d464cfda6194285c0b8e285c9523051eed15da4cb719f0193a7f4849f537db96d9b5239d337d63a2a2b6ebc89d211b061ac930 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | f50baa8a3ae0c3c134111a53dfe3e663 |
| SHA1 | e08c9531ee2081416437ec135f20d2a39132e1a0 |
| SHA256 | 6864947e53fd10e330cc38fc2005f8dd6623665d8d5b3a07080446807e57e43d |
| SHA512 | 9cf649cbf7831bc06f3564079351925985af5d9939f83bee37228fe8f521603cde5cf6082f353f70ca416e3163210746c4489c3adcef0a49be9aa53a2dd61b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | eb601cff5338463630cb56b2a116b12f |
| SHA1 | 97021488eab546405262e81ff61e49b4adba1a22 |
| SHA256 | 0e6c6765ce1f27d2fa2a401c760b96b8d876f4a4680813038309c2ebf45af76c |
| SHA512 | a6e317905b28295c53365e684c7e9dbb2f443d493e840cc040e440b5ffebe31c9951a445dac784006c6630279f844ade8a0d087c8089dc24eb16da03890c3221 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6336b6a1148c6b3fbcd4024cbac66f6 |
| SHA1 | fedda1147270b065b03b164964e9d6e9b6038a19 |
| SHA256 | ef01d751b3c8d7b2c0d1d1817a40532a2092b8cb823a7dae5049e9421ee1ba7a |
| SHA512 | 38b1a3ea58133a776f0cb1c921a70a9c567c1f8371e742d9c8f89961487dc8164c31393e7344ddebe128b0d45ef0c2b3790f002c036371331c376104f07c8e9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a06eba9e19f86b9632aac7cdebf338e0 |
| SHA1 | 435c182bfcf7bf9727f75b975192d0849acb4189 |
| SHA256 | eb9a156eca32a9390f0bb7ba849a8105b094f7df4519fbc872d6a7c13cbdd382 |
| SHA512 | 7539cd3583812db9b2c22516e81b148702ef8bf7b37119129a45931baa16dd91a361e4adeb9af15bf92e00679d7e86c3bc669213cdd9c184c3b96f3eb2995fb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 08589cf72a3c67edef8112aa4debedb7 |
| SHA1 | db1716b774abc8caa906e27dddda28631dd2edbb |
| SHA256 | 83f52879698b269354f3770a547ecdbc9d842749cf9ee02fa1ed850d05b7ffb1 |
| SHA512 | 469a158f1507e1d2cb3aa36a7ff15f794264eae244e5dc0f9c73dc378b525d651a787692bb0f6a815ab47a0ed04517cfd3583a15003e52c4a8b4f9ef841bd6bd |
C:\Users\Admin\AppData\Local\Temp\nsb7A1F.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Temp\nsb7A1F.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nsb7A1F.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Users\Admin\AppData\Local\Temp\nsb7A1F.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nsb7A1F.tmp\System.dll
| MD5 | a36fbe922ffac9cd85a845d7a813f391 |
| SHA1 | f656a613a723cc1b449034d73551b4fcdf0dcf1a |
| SHA256 | fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0 |
| SHA512 | 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b |
C:\Users\Admin\AppData\Local\Temp\nsb7A1F.tmp\StdUtils.dll
| MD5 | db11ab4828b429a987e7682e495c1810 |
| SHA1 | 29c2c2069c4975c90789dc6d3677b4b650196561 |
| SHA256 | c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376 |
| SHA512 | 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88 |
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
memory/4088-12857-0x00000000002C0000-0x0000000000772000-memory.dmp
memory/14100-12892-0x00007FFD1DE50000-0x00007FFD1DE51000-memory.dmp
memory/14100-12891-0x00007FFD1E510000-0x00007FFD1E511000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 6e6a2b18264504cc084caa3ad0bfc6ae |
| SHA1 | b177d719bd3c1bc547d5c97937a584b8b7d57196 |
| SHA256 | f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53 |
| SHA512 | 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679 |
C:\Program Files (x86)\Steam\config\config.vdf~RFe59710f.TMP
| MD5 | 3cdebc58a05cdd75f14e64fb0d971370 |
| SHA1 | edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe |
| SHA256 | 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7 |
| SHA512 | 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a2ec2e91c3ef8c42e22c4887d032b333 |
| SHA1 | e2c738a2e9400535b74e2263c7e7d1ecefe575f2 |
| SHA256 | 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3 |
| SHA512 | b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | fd74c3026af4c4fa0badcdfc4801bc86 |
| SHA1 | b62b1e98ba0146e198c4210e12dab5cea5109be5 |
| SHA256 | 5aa4372742035babb3b9402d578c859dd7e36fa955de4f239a026df53d61ecf9 |
| SHA512 | cb7768a37c6a6671ad970e7deb7429dfc2ddf5a7e3800dd442fea4424d460375ff87e36a60fe2fae3e15276dbda839e4a493940f77f53a368d44db81418529cb |
memory/12612-12997-0x000000006EC20000-0x000000006FF61000-memory.dmp
memory/14100-13004-0x00000212017B0000-0x000002120181F000-memory.dmp
memory/14252-13005-0x0000027D34440000-0x0000027D344AF000-memory.dmp
memory/12612-13010-0x000000006EC20000-0x000000006FF61000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 2c7c33949465a7a51c686c83468533f3 |
| SHA1 | 2d09f323bba319bd06d9132fd6e3ece4acd19406 |
| SHA256 | 1d36178d955a9ae5dd7542b050d0303daf118525df8f0afe40beea8e07375138 |
| SHA512 | 3198d07ee5d5dcf22f52e3e818b9f7713ec3607a55697fa034de1b8d92b27d3b4cefc0095e0d38bb54385e8b1130e6deb22ca7085a06d923d3dd53997d5f84e7 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe59c460.TMP
| MD5 | 038269de6024453f9c98755898622947 |
| SHA1 | 0bc3cb231b8ec608085c5c7caaf8519f3f33c887 |
| SHA256 | d45a26a5be227e307e2d89234c8ec57bd91eb7b645426cc0ee270776034ab818 |
| SHA512 | 1c9857c33cec15b5772c341b6330dcfbaeef4e07bf2e2ebd601a0cc58c55103408da17661f744e4dce1410f7e516665635528880a24512cdf3582ae814a4f192 |
memory/12612-13034-0x000000006EC20000-0x000000006FF61000-memory.dmp
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | cf45d48ec77956cffc7ad6767cbb88ef |
| SHA1 | fef6aa238a51e3103cd73f945569ba4886cc8670 |
| SHA256 | 06affb07202feeba525c6362ea5f398a8f4bdf106d9d018577932918ef24fcbc |
| SHA512 | d8740156a4bc302741cc1385df9c7847de315f0a67b09ebaa0201a4a2405c0caa32ab0748c8f417be722a7e1e04f8986e0c91afbb83dbd3bc34498001ba4df9e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json
| MD5 | 602c49f9246967bdcff45b4f43cf2fb0 |
| SHA1 | 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d |
| SHA256 | a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114 |
| SHA512 | 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe59e882.TMP
| MD5 | 68b20851ccb9834d21fb32615e42bd43 |
| SHA1 | 88fab935f0b9484994097c08f785e9ecb7d68127 |
| SHA256 | a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f |
| SHA512 | dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe59e8b0.TMP
| MD5 | b349ad4d14ca70eda5922e90c8d926b1 |
| SHA1 | 5b286cf2d16ef87864d30089d3268c8c50b54668 |
| SHA256 | e25e6d12a1e1261e42d74d4256277dd7796130365bc36eeef366f0e6623cb501 |
| SHA512 | 3f09c86c0b3864a19b5a100a962819d2ac09fba4affa1ba14cfe347034df55b1f7551e4f322cc95047bfe370fb804cdda87f1c6b6b9b0973d81f7717e3934fe8 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | d33db241a984e1fbd323ae41ac5a8a16 |
| SHA1 | 2649524f69067f5bc1462d682d9c4cee6f9db44b |
| SHA256 | 69c6bc6145c26261803013d3dae91c0cbdbe6c275cd2176411570276de94761a |
| SHA512 | 63e7b18c84789b47183afb1e7c543f03be9d3464b674056e55395c1c512aebffd95ae6df22390c004fd70d7cc69e728a791b765b735c996b9f82f68d7ec6a971 |
memory/12612-13070-0x000000006EC20000-0x000000006FF61000-memory.dmp
memory/12612-13073-0x000000006EC20000-0x000000006FF61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1715f9a1-9c94-40ee-9288-f8696c730a7e.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d56a6a38e7a100046f7454dec30681d7 |
| SHA1 | 5b323e82ee3cb9a9e611b3ea728c75db09421510 |
| SHA256 | 7de3f732016ecb21962e62cd8a8a5fac6fffbe8f07ca20dbb7232b0a6ffa594e |
| SHA512 | 6c5207ed2663a3c7aee920886e57b11220dbb660af2804f4e996332b043fb81e35ec3a863a5139456198d88574c5dd1a97dc54aea2cb097aa8ac7929a4e2dbee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 809b2752671ac43c70d352037fe898bd |
| SHA1 | 957c82a14f03a3e6596234b908d9cbac84a41221 |
| SHA256 | 2e048b62e1f42cdc1853f332099107c7f9c8fb513cbf9b703947bdfc11f65d23 |
| SHA512 | 61e2ed6d59472e5b0791f74a103e5dda45cdf1d3f6d551281d9975675819daea70794af423f01873116c824eba8308b0f8fa7b973e57d2ad38cac6b092c5d929 |
memory/12612-13098-0x000000006EC20000-0x000000006FF61000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | ff7b4395ea1c15609e5bdf7c67364e3d |
| SHA1 | 701b18bf9c330a90b80ef59c9b5c2438f117a8a2 |
| SHA256 | 0976d555af7d6d670d02aa60b10096ed7eceb6cae5c9d6d62aeb1e46412d14d2 |
| SHA512 | a848f4851b2d743a05a3eab809b371e323e9a6caaff117afb2e05568cbe4a115c4c1222801b3626fd22e1f4a81fa01c6f3f91dfefadf74b8e0b9b9b054b800f1 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5a5c3b.TMP
| MD5 | c9691dafdf3e59fc9aadc6caa16d9d0b |
| SHA1 | 064cb6278013b7ab721d9086060a6a5671a28a08 |
| SHA256 | 915712a45bfb3028f7a148f4baf83652a9ca1dc1fbed001612031f77168f2112 |
| SHA512 | f75416b27348522ea2fa25af511e02e81724301d328f1cf1069753a7f515d308622bb99845c1326659eec7d147e4c334e95ed97876e521bbcf6a3320d8236a73 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 56f526f7deb2455b15dc55b5ec47b814 |
| SHA1 | 715025206abf48ab07d063b32b20997c5a902453 |
| SHA256 | da7919ddcfd33e35a27b591d066e8490d01009bf0ea17f8f34f52bbf5c15de63 |
| SHA512 | 6f9c4f29c7c6cba47eb0d2e058a1c05e0946f517cf9606ca439b26f4d388ed3a600505d0ba1fae7d047ee2b3c31b3b105fe5484572f1670ee0dccad1586da941 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5a5c5a.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a7d96e4fd76dc961f8a474d65a14b63a |
| SHA1 | 919e97c91ceb5ccf14d8f799d6e46659f7e29010 |
| SHA256 | f370d94e3f83ccbac1eed023dde2b44960dd4213b28a07fffb79e802203f871b |
| SHA512 | 264ffb5820e45bed973cfcf785a506cd742c523bc8993b1201e9d54eb4b93fd2c6cb1867e7154b27c6ead10cc4248cefd62306e5d312dd4be3ff60271c4d0485 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c086d3306819a70b917c32d06335cdc2 |
| SHA1 | 1ba83feb06c87b4291e45dca931166105339d21c |
| SHA256 | 68669ead8f7e76d446abd315249e0b7879a6826063da4866863b7997ae6c1ba8 |
| SHA512 | bc6821bf381e5e9f18256b5bbd81497d360131f63240ba31d2aa04d8cfb4a6f2510e8cae9e284fd88beed39b5c681e022e192d1a424c12cf762bf181580ecba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 28bd3400b3eac67e2ecb8630e1251892 |
| SHA1 | 3c1422e8ee8a6e238075a6a0d7b474858f327f33 |
| SHA256 | 6774c3661e32aa5e9a0fdde09fb6c8a358b7a328180195b1594cb032706610ef |
| SHA512 | 4c952ef817a011a72d8ab021e49b52ea1b06f2b70773ebd60db1ec1be3edc5d11a19059769f6000a55cad0aac869ec299cf830f9ef00d0ad1ceb7660506538d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 95b77058dcbd327b6dc02821c7f0c477 |
| SHA1 | 63033d7743c0e4cfce4729e423dc240ec92e3f78 |
| SHA256 | c6dfdc880bac103b03db2b8d036234715b257c43d83eaf4ff8ef6b0e2bdc6476 |
| SHA512 | 42bec47acc5f58f816b969bf697b1e79996f3c42906dc7fd78c9270db6394413cbeef46fe337f803837e970c2a9bea4c5a4c5fd70a062b1dab442e2082f7fc10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f59b1063e5a5ef6ebc3acd9bfdd3a828 |
| SHA1 | 824fd8180552ca5341bc79ae7b3ab98829582365 |
| SHA256 | 92ee9736b76d6b544dbb4664344e6bff38dd0398eeafadb2679f60dc706f63bc |
| SHA512 | 94aa36e75cd2d74d54942b49714a47451b26b6a3cc63677a3c852efd3d85115f89652fb6584c12f39e5f1ad83affca608b0d1f646b4f2cc2ef410cc4bc78aba7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 614f530a98e85a33658c4a2f6c907973 |
| SHA1 | dfdbfe342af8600457f04fec40d53a21cb22ef1a |
| SHA256 | bc86049e549500c65dfb93bfa058a012f59dea8735d1323a8b767e1dfacacf76 |
| SHA512 | 9e25af6915218ddb4acbe6a774054cf7e7e7870f20a2131ad6a74589a9fa7eff32e7ac1b312140bf5e593c0baabf2ef73fbf5b421b75775db038fdb8aa7d063f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 88b4ec7ac2a5a0d3f083f8cc049b2148 |
| SHA1 | a1761238192ab7123baf6bc7019c2685c8432fa7 |
| SHA256 | e287ac6376f9c8d848d080e5f7c91a76cdd83604fe120661bc29123ec3961064 |
| SHA512 | 6f7f11f880a9411c25b515b0aa7134c92180e8cee7bcfe95d713618bed52fa4c7ab241fb92c3fc81a20aee7435cbf58816b2c54ceefd62888f6697fdf4185800 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\fff0233b-3ece-4907-bcde-8521b001330b.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 6c005d39fe777142f0b7d7272b8ec632 |
| SHA1 | d9100fbc8c59a1a7be55a3b22c283506f91a0cac |
| SHA256 | 4e8fa695d0463c4cb2aeea1a208dd46ef5748caa5d0743572b5572ad3c3b80b5 |
| SHA512 | 1ecfee1da59339d3564009799aa78dc5014ddef939f056339a485c60a1749a54a58efb94421864faf4c0a4148134ece0ecfb3a5bc434e43088b7993553461f3a |
memory/8888-13375-0x000000006ECF0000-0x0000000070031000-memory.dmp
memory/1688-13382-0x000001F1751D0000-0x000001F17523F000-memory.dmp
memory/5108-13383-0x000002C0C5510000-0x000002C0C557F000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003
| MD5 | 45886a6a9aace3fad669a79bc3191ce5 |
| SHA1 | c24b4a569c0fee533ca9db199feea061ccda03f9 |
| SHA256 | 99d8caa7d664ce601c1e90e2b94cd63c6c5ff70f3d9871223f356f89341a43a5 |
| SHA512 | 2dfc402d0c3f39bac280ea49bcbf9edcf7d849c23ab97422ddc0c46d2a18250e90bc66a6a407e437defa1eff3ea745ea657fc2a21f6211525e35a560a31c59ff |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004
| MD5 | 9fa060a599b0ee1912f2073ed59df3c8 |
| SHA1 | eaaeef616747d09506c6ed1d96901d2c8d1ad4e0 |
| SHA256 | 7924474a8f327264982347dc932997ed49890ea4114925024ba678fba2d4e90c |
| SHA512 | 93837c0d1bf848ff603073bce6ac252f770a35fad094b294609682e11b04b463292c74c8440891e89741f28fa67a888ed6fdc1575fda99a3c2b6065ccc4e7b47 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006
| MD5 | a811a3ff668f292e0ffc7c848a09676a |
| SHA1 | 4c6a4d94d12482c5c7f1c2403e006206ef947b8a |
| SHA256 | f3a83093a773179dddc431837f36aa374610bb11c0932c36a4924b44c4f98971 |
| SHA512 | 60a48bb4e787e7c34e1b5a38126d032170fe5c2ddebd272f495fd5fbc7e6b32d8ed752eb86e960f1f338bc99dc9b294c9a22cba1057407055f79173fbf7b20a3 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011
| MD5 | af5256dcf1ad35a9c186d180372e992d |
| SHA1 | d3f93c5db0aa41589e9d525624ff518c9343b459 |
| SHA256 | 035328de83fba90fccf87a4c8ba797fd4f841b08a7b5cdd8cda582a396daeb86 |
| SHA512 | 2934d2de8cd9fbe94b0b179d7a460c2e671f726c1f93e3a04cef15c52ee437f6c3810c2402caace0fba2225f1d727dd3178630ddde83c51b55a3fae8b49d3637 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012
| MD5 | daf4bc548bc47e46ac4221c35e57b3e6 |
| SHA1 | 232e6919b20457c5564cfb4d5510582a15073b27 |
| SHA256 | d2efa5f3652a92740b4f9349f4fdcfa550c0564f99c8eec357518b6ae8c9ebae |
| SHA512 | 45125729ef6cc2fe403545f096872b0470be4d932da283aa708ff9323fa0da18157b586efe7243aaa30480c0d7d2bd0606ce78644beae976ca81c350e134ff36 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013
| MD5 | d285b525b70a051564f76ca71504e368 |
| SHA1 | 333744cde9de37b4936c98e90f5a38b1d90af845 |
| SHA256 | bce39f57831630e2ac08ef2cc9bcb6cf6395149ebe4c487bd136cf8881591637 |
| SHA512 | 5739f18afd9c2f07723e4e1ed9526d90ac2e541284a57efc51b464e0eb3f9ac7ebb58304d453d300e98110efb881ef0d3f8673847f01162bca0b02290c1cdfdb |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 8746dc6f6cdd22e6fe10841ba5f310d5 |
| SHA1 | 039cc20b2362a37080f6f47c3b487693eab29f82 |
| SHA256 | adf4a67f2278e4c3a27abe01295c91a0e3cc9c022b55dade042591c83307af09 |
| SHA512 | c022d73093e69d420ed5fa3b02fd39f2310cd42fb1bfae79746599120e4532d55568b8a562c88f010d55ec1343b09b43a3d584ccd191f9c619f2bc8a4956adc7 |
memory/5080-13489-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13491-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13490-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13492-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13498-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13497-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13496-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13495-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13494-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/5080-13493-0x000001F680AC0000-0x000001F680AC1000-memory.dmp
memory/8888-13499-0x000000006ECF0000-0x0000000070031000-memory.dmp
memory/5324-13500-0x000002767CB80000-0x000002767CBEF000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | a500e5a99f7233c0bd62d89319961245 |
| SHA1 | 733f9eaa289166266024f9e83d8db94027c9e084 |
| SHA256 | 1660b16393498a650cee8b1f9844775519c2dec965d85a8a13c1b49a5fd0cfb2 |
| SHA512 | 1133bc74b7b7fd04a556de33788c3ffdbaa4b9fda9e67406db1a1c7cfc8833186f96c541ae30308d22662437d6e6263a5e0a2d99700cbbba63807f78af0be2ef |
memory/6192-13512-0x0000017B211D0000-0x0000017B2123F000-memory.dmp
memory/8888-13513-0x000000006ECF0000-0x0000000070031000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 72a7e53732f2b74115b1cd3629d53842 |
| SHA1 | 0eb9b839a279a90fefff0ce2cb9164e1dd0cf226 |
| SHA256 | bedcc5d0249143d7ed9d93bbbb8a3544ec5d69dc4e0bdebab63c06fd3c51b47f |
| SHA512 | fbf9d6c9d443ca15126de2f6ce1ca93595514d44682ab19d630f83861ba0486436d0da21f1439f3e92c9a376ea16f4edb85a7358d042ce03e9a77861d13dc235 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | e68edfee793aec86ac3faf3c7f972ed5 |
| SHA1 | a8b222457bfa4af5449586adc8fb82b6f2ef373b |
| SHA256 | f058c03d7c7a731baaf64b3e9f1be48f817f994bbc201fd3a1746584dba827d9 |
| SHA512 | 7a2387ca7749989e17e608fb1630ad9a339115b9e088246e330f4c9740d6c5fbbc509284ede303c4440efce4026edd494e3b10b41d3a1039d805702066264e9f |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 25d0d3a25d54fda56d4c680e6ac96112 |
| SHA1 | ae70e6cab81b595696321c4e96fb16a369bd4710 |
| SHA256 | 8806c41873ff6d7fd5c029122861724ec77115e98f39e9f0375ea429e9e3ac3d |
| SHA512 | c8b054f979b80cb9fc40f8db8cbe8b8998945488b744093c7e8858134f2a3b69118ceb0ca02d7dbe2076745962e1d1dc872afdb6fd89477b1492d15cc0c0977c |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 6a9e10cdcf67df9304acbf51c51df5c4 |
| SHA1 | 5973c17c85fb0b68e715b03983cf99feffd0c5e2 |
| SHA256 | 9a5081cd86419703814ca2f2ef51bde952701e6e2dc962a9847f620532354ccf |
| SHA512 | 900bea0ad344703f1a24b566c19b4e051e727cb799987de1d4a11026e2b3ea3ac8d943b7931cbe33cf2d25b94ec6b745e68a24088f6d91f928a37193c418da08 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 016134d49423b0f722c5ab29e800589f |
| SHA1 | b1f6512f6c8bd47a554ccbef3a41663e47fa93a3 |
| SHA256 | 2f0e8649abed82b4173b7b1db2c7f3b031cbeb1c0b70bf19ae071b97d870c363 |
| SHA512 | 7a0aea7b1ed56bd6382315dba0f1be0154a9e3dd407ffb920bef4195560589afe77e2a8314096df314bf86ebed6d3b9ebd949a003b91ab369b7bcdb65fb2c218 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 79f88184ac94352e16a0964fea8c4be2 |
| SHA1 | 551755cbf85ddd16390e39f11da6a24c940c629c |
| SHA256 | e85234ed5a62b584c31e5679172383874c931f5c6b5ab1641ed78e2d348d1631 |
| SHA512 | abee41b82e9905b39fe3c46691ffb687720ae00dd2015246dd906ccefbb4a476cbb8c79078fb1fb3126a63b5b85af0bdffb84276c5a1bb3c2bb2795ef7dd7552 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 0cd9778046b36d2c9aa98223ac89e35c |
| SHA1 | 67650a6a8a54b409f0e5f05b3bb453d912f20c35 |
| SHA256 | da091b11f0f88bdc1658449a6ff5897ad1a018bafb3fc26ab56a2e9a035c8b6a |
| SHA512 | 6385709a9dd657c812850d86312da2382595698382fbc032a2b442f14a4820c258446d3cbf5d637a3f461d2c422dead23eaa8c7c536d029e3e9eda2b6755ab10 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 9dcf332856e2c66a33b81ef7af76c758 |
| SHA1 | c6feafafc92ccc1576aad4d49f1e586685f6e8dd |
| SHA256 | f67eef96c9d7b1e5ed9ceabff3e6097884dba46bf354a6c16c7d8fea5ab19140 |
| SHA512 | 6a02d0dc9652d34438ef07d255796657673273b5ed35b15e92e856e7923600cf4736653397fa8e1488e18381ad4c3a79b1e3288e110979a79a750eb07a75542b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 51aa7436d49f76eedb96db2df90ca7a6 |
| SHA1 | eeb26f3051e06ce5d8f7b9471ab3d0744abe9964 |
| SHA256 | 2d67b7d7584f95045ed004256de0becc0a5c8235b48c322f6f0ab6a680eed963 |
| SHA512 | 2c6407733d5c149622f348a9cd2d650c4a8ac0bb8aea840c52ddf85cf30a9cc043225d8152b46120bba7778cdad30dd1c00df6cbe4276699b5468c2daf4fced4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff1e45397f71872e14db1f40e8b55ff2 |
| SHA1 | 2704db14aebd6beaa58229bf7be43e9b0a87405d |
| SHA256 | b5dd30f259f00fa07f06048cac29dab14e69c7b6b185f00cbeca7be6b4258b1d |
| SHA512 | a0feae72c270122af4f367b272aa1bd39e6adb030d346c6801029f9f9d04a8b4c7a988be3f45a4f9c1780003dd3c720b8ef757d6ec94b6d864a44376bc85e227 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6df9e217cb795d2ddb62a9cd8f3fd32 |
| SHA1 | 0b701bf98684a6ea03a7757efbd72a4ec4d26ef4 |
| SHA256 | dfd7b30fc18ace73e689fc273fef8c89e4062ddfefa697488391f3dbe7dfb4f7 |
| SHA512 | 0e8575e0c78a3719e0ddf39c02677f9023da5bd9df23d9389c05f31c3d657b768863aa214e43f11b466b717a18d21bc7e26decfcf5b66d777bc24588538fd29d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7b15aeb084f3e30452317ce7227b757 |
| SHA1 | 4c6464ef13317ba5ce9fe7dc21616d6776b6b076 |
| SHA256 | 43276347892b1e2063be34916c6408e6ffb2aa040845972b4a8b8704e292a3ea |
| SHA512 | 62c333f5d5fac5cfa491c1df67a244f08ddc4b894b6dda9c02cd0201408f7929317eaf693e8851e58a6684c5b5b6ff2af8e8ce84ad78eaf08873161f0e9a59c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 75debce12849387d11ebb20576fe85c2 |
| SHA1 | a9efb07d9af1d7e6a1594e432aa4b8bb6e197fbb |
| SHA256 | d2e650078e2136ab4b2ba9a7035d6723de1c3b90683c30ff547660118e55a40c |
| SHA512 | 305132caaa234a6ababd04d855f541121ba33295b2fee5c02c1c9e808e073862a7251a1e0b906b89af388eff9c4a5076cca8e27bfadfae3710f3400fec754b9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | add54afa80c695f7c09365b48f05fe5a |
| SHA1 | 70b09d7b1115a17181516895721748fba7c4b38e |
| SHA256 | d915a3f58ce503288ec956c2521183e1617ad1a102bc834bf6fd70b4cf97bbcf |
| SHA512 | 788c4356e57646c240130b4eb1d335877121900e25ecb8f1eb955dff50a52c201e3c021201aa3459f2e6041061ff8494f389877ad021a3a6b9982d2a6126fc4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fe5a34ca4afdda9dadf123a778f8087c |
| SHA1 | e17842b9c8f9b52b719998f4e36690ef93f4ec69 |
| SHA256 | bc8d844f3a61cacffe416dc94a764578980134aff82527dbab622f8a74e1c63b |
| SHA512 | e50e49fd0a891d89ccacc2ece7097a452c900fee559c7a29e3a5e5822878e246431c915e5f396756702d53a9048aaf895d799acfbf59e55c4380333fd53d6591 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9ccf8669073c1d00c33177ca3b4805f |
| SHA1 | edfcc1b5824bcfefb9a00b8c5dc464418453cd77 |
| SHA256 | 05213a084080e9399a6470afdaeec450ed3bdaaaf39bc8b43b21db453658fcd1 |
| SHA512 | d8d112307fc6c9b98c0c7f843feedede76e9b4d72c295c9bedfb3d00edbfc5e35c76ea8b40811e26751580f276f625b48c38234f1dd47053be6050826468b7cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e230489918a3f1bba099a355a64ed1e3 |
| SHA1 | 76d690fc554e354bd920d5098d3edd00b1698a21 |
| SHA256 | b59d49279d70bbadbc9c2052d65504eee55d4b8512cfa587262e0db758e7f3cb |
| SHA512 | b5306aed1adda9d2642eda624b63e5495ae47c4b3e34b21dd2397816429202b09b6fa2192334bf3441520045db70e6efd051814553c44c3837bcfa127d636e91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0c77bd4c6ad738d6c4d701260e247af4 |
| SHA1 | 3414f03ffa7a1e9ecce8290c43f1562905af6b7c |
| SHA256 | f726062b473b5a09f3c8197b485fda6cc57792848ef6cb1155d61a6f6f33d9ad |
| SHA512 | 8f46eaad05e447ed2cc50e4d1d42d3445e35025817f7a189cbc6a483e1348097f1265bd5988407ec469138380bcd8c6252ff78f2a8bcad3a65b5553d0a1da55a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e501eb3781ad92870716a182348258cd |
| SHA1 | fc4c62565d72730fd8d2ffbabe6ab909fcadb059 |
| SHA256 | 75a84ea78a41829d69800af4b89b21127fadce5e27ebf2166b6f0c8f67b66f71 |
| SHA512 | b0300c0b620051d9bda8e5ec70ec838d483bc1c2a2d3f4c3ffe2cf70557edea0ef2441b8355f026cc46ec5e7cc0753e271c4da8eade228affe56c56c9e9e8ffe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dca600196d734ce267eb32ee1cedca25 |
| SHA1 | 3ed74a3d10e0ef2080a90f1aafa0536dbe5d2e22 |
| SHA256 | 08e42e40872a2ba662bc741893c9f76e9dfaae142a429e70b177138371b42496 |
| SHA512 | ca7dba71bdd26e4ff0966280862abb4c533109871abcd5adc70146797c9cbd0d33f95bcb0de755575613b13e889441021bbf05fd11cc49ad54b8f50e3f7d5957 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7764d295-6fc8-42b9-a4ea-9d3a8b1cb3b7.tmp
| MD5 | 3e0d37656146b5d2ca6740866eba806a |
| SHA1 | 8221ae1509def5bb385d88156e1b04e50a18d9db |
| SHA256 | 3b56cc9116b2f3d77ff8a80e92fe766e931a16e396c6c1eb13d2d8dddda52b75 |
| SHA512 | 0ebb9d3d66a0f349d72ae4bc317ffe631f6332b8febff89ab43550b1fbd835043d55e7ee1cef8d80aed860c07c65aeeb801b42113bb2ed42e2d671922b24bae6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09c65db1bb6812c56f9cc618013ba6fc |
| SHA1 | 7c1dc96b8ca3ba8707fc1e120566ce5034e9bad6 |
| SHA256 | bd0886ce6186efbc5ca4eca61d4e409a40bfde67284ffe57fbc697871d493508 |
| SHA512 | c6b8e359bceefe0ac6bab95b1a2bb4c5e2dc36bfc9d0f22b4d5078a8ed61fdf74cde1b10036a7b385bed0c016439afb2509253e98c92b6f7114d2886f7f09135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ede6b87e2c865f62d25ff0d4b22298d7 |
| SHA1 | 9ac02278b954409a1d413bed67b52b49283651d3 |
| SHA256 | 36106cf76a1d578e2fb8a8c4a27faddee9196b8bb35cdae3010fbe4dcf0e5dbe |
| SHA512 | ee9ffae86f1ffe1e1a89b9adeb55b610ef3e8461796de2b41c2bf507db184799d36cddc63c207ccadcfb560f153978c581751f95a1e09832ffdc85f95eee714d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 28dec76a9d25a8257abd9e52f75b0e07 |
| SHA1 | faf73c192c751565eaed8d510adb53d1c4be2bf6 |
| SHA256 | 24f979e542da4038de4cd9d2a81e91494e83445c805a3d61ee5b0a385b7bd6af |
| SHA512 | fb0af8c310cca08b1008a5c60a136a79f2ad7e893718ec6b680ad5292f57b87a4d8fd33dbd03f568dfa1f3c1952ea316300f329613d127f9e7398c549965fb7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4186d840150f5ff643376fd40d10e835 |
| SHA1 | 0cfa2f03831e3d2b2f0318338d6652763aa2cc26 |
| SHA256 | d8b9f8ec44356f115c098ab0ca67ca345ad2d09a14c5dd6db8d9423ddf4bd098 |
| SHA512 | c7a971b82adb4439fa9955486d0c6c180bc2e5ac3df2193ff403e28447ed83631bb89563378e08d2516247ceb3a538e2d9b6ccbbe8e58aa7019f2171665cbd76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 605a177e3bb144a316bd92adcce4ea7b |
| SHA1 | f5861774f605c2acc60ffb4d889d3a9596ae99b3 |
| SHA256 | 4e65a9e9f2266cbbd67d9344917fbd8e3e6a0b07bf27281724ad12b4130ab555 |
| SHA512 | 0473ecaeafe2ac7a90639f311c4a02d1ae1da40d99f686deb5cc824ee6b61403843d1ce0f270a02a22762f560f48c2e3575196c36628009336f7efa49bc57b72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a6de53594311be4d40d02861bffbb653 |
| SHA1 | 47b257e70879a3356be6b2249bcde4ad83f330df |
| SHA256 | 31f6eb2cc8404239ebc1d0e0f566f0d31e6c6e4677cd66a083641f7834ac7e44 |
| SHA512 | 208566354bcbeff97f357db82d200c2fb1bd8859107658e95a5f37f01b3be45f288fc19404d9f002d6eebe53d779e3b34fad188ae6bd8b3f499f7a39c035b112 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1222eddcc98945051a63c79b6eb4f058 |
| SHA1 | 2b524808643bc3251d60e5316fcb1c9f5b987260 |
| SHA256 | 7bf272153b7ea4662a1567d9ecb238f4c82db7744a9d9bfd5abc16dfbf0bf9d2 |
| SHA512 | 3b75e892c4ffc29532aad619141c18530378ca73830a1a0d3fd6c2590ae69d0623f72afe36d90107bbf72ecb42fd755e47bc15a555415db93a2cc094cfb4f0a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca8dbd65322ff99a57b90deddafbbef5 |
| SHA1 | ab6558bc6bfebf8e94cf3082893f6c616d8197bd |
| SHA256 | 1a3282659d54f351d20840839794e8898002eb839cd5a2c3d14bff04c55e3ca4 |
| SHA512 | 126655736baab4e949ed51594f15ab17d03f60ebfc2d852207e8a515bc5b98b23841d81aec9c8cfedd13e45eb63b91698067a6dfcee5d1be5072a696d3324138 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e1a6d3becad24d1826a708bd7268d990 |
| SHA1 | 1f53ac38d9de484903db08271a112b0b8aaab80e |
| SHA256 | 9ca5a7f568729b3eca6d910f047d0325c39e45b631b5e1dcab8c7815796dbbd3 |
| SHA512 | 4170716cd66d57a13f2d6a744531b25edb569bd872d7298320844a8ef8e1630d5784244d9656d7cb1312ee141945a5d2864054eb47e7274c3f0814243bda7268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 57708246b43459622dace81e10f5ff37 |
| SHA1 | 71404340b1bbe1f9cb4ddef8c032b0d2e5d15221 |
| SHA256 | 22b73a71a4ee36f447cce56b43da7cd5d52698398e1b7e5de433cc25a45e9561 |
| SHA512 | 15565df00384ec9e520a7b07a6365cba711fed70b26b5b7d73493fe5f5f3602e159851dd37a143d4172841183e3ef355f89121ec60c4048abd9c117ddfc64711 |