Malware Analysis Report

2025-01-18 23:51

Sample ID 241114-1qe4ksxkhq
Target https://cdn.discordapp.com/attachments/1256902874084933714/1306737952679788726/SteamtoolsSetup.exe?ex=6737c20d&is=6736708d&hm=05030b0bc27e7574bd1b3daa017ab26c2a63354fd5eda9c6cb132f8379c39a0c&
Tags
steam discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://cdn.discordapp.com/attachments/1256902874084933714/1306737952679788726/SteamtoolsSetup.exe?ex=6737c20d&is=6736708d&hm=05030b0bc27e7574bd1b3daa017ab26c2a63354fd5eda9c6cb132f8379c39a0c& was found to be: Likely malicious.

Malicious Activity Summary

steam discovery persistence phishing

Downloads MZ/PE file

Loads dropped DLL

A potential corporate email address has been identified in the URL: Montserratwght@300

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Checks installed software on the system

Detected potential entity reuse from brand STEAM.

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

NTFS ADS

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Kills process with taskkill

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 21:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 21:50

Reported

2024-11-14 22:05

Platform

win10v2004-20241007-en

Max time kernel

855s

Max time network

855s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1256902874084933714/1306737952679788726/SteamtoolsSetup.exe?ex=6737c20d&is=6736708d&hm=05030b0bc27e7574bd1b3daa017ab26c2a63354fd5eda9c6cb132f8379c39a0c&

Signatures

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: Montserratwght@300

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\SteamtoolsSetup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamtoolsSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamtoolsSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\program files (x86)\steam\config\stplug-in\luapacka.exe N/A
N/A N/A C:\program files (x86)\steam\config\stplug-in\luapacka.exe N/A
N/A N/A C:\program files (x86)\steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\program files (x86)\steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\public\steamclean_korean.txt_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\broadcastviewernotification.res_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_subheaderright.layout_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\PayPalReceipt.html_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\gameoverlayui.dll_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_ukrainian.txt_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_swedish-json.js_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_x_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0304.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0337.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0528.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_l4_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_share_lg.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0334.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\cropped_controller_config_controller.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l1_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_right_sm.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\settingssubstreaming_advanced_host.layout_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\MediaConfirmationDialog.res_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\am.pak_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0524.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_left_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_officerStar.tga_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_touch_lg.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_share_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_down_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\1493710_icon.jpg C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\radSelDis.tga_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\mini_shrink.tga_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_left_sm.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_down_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\1391110_icon.jpg C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0313.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0302.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0304.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_polish.txt_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_right.svg_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_l1_sm.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_steam_sm.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_banned_tchinese.txt.gz_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0190.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\x86launcher.exe_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_options_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_button_y_lg.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_x_lg.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_plus_md.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\gameproperties_betas.res_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\steam_monitor.exe_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_touch_sm.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0337.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\cloud_cloudfiles.tga_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\inbox_item.tga_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_button_x_sm.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_lg_sm.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\1042420_icon.jpg C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0311.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0080.png_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\Steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_cloud_disabled.tga_ C:\Program Files (x86)\Steam\Steam.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\Steam.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\program files (x86)\steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\Steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\Steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\Steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\URL Protocol C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\"" C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\"" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\URL Protocol C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\"" C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\"" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\steamlink\DefaultIcon C:\program files (x86)\steam\steam.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\Steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\Steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\Steam\Steam.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 559540.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 739346.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe N/A
N/A N/A C:\program files (x86)\steam\steam.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\Steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4856 wrote to memory of 1668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 1668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 3936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1256902874084933714/1306737952679788726/SteamtoolsSetup.exe?ex=6737c20d&is=6736708d&hm=05030b0bc27e7574bd1b3daa017ab26c2a63354fd5eda9c6cb132f8379c39a0c&

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe485646f8,0x7ffe48564708,0x7ffe48564718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8

C:\Users\Admin\Downloads\SteamtoolsSetup.exe

"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13700" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\Steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x280,0x284,0x288,0x27c,0x28c,0x7ffe3775af00,0x7ffe3775af0c,0x7ffe3775af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2200,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2204 --mojo-platform-channel-handle=2196 /prefetch:3

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2d8 0x3d0

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2768,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2776 --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3168 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3832,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3836 --mojo-platform-channel-handle=3828 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3820,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3984 --mojo-platform-channel-handle=3828 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4104,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4112 --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4524,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4536 --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4540,i,388389456530735768,2113704792001257085,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4508 --mojo-platform-channel-handle=4672 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\SteamtoolsSetup.exe

"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /IM Steamtools.exe /F

C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

"C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe" -- "steam://launch/2211170"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,1563389715031943597,16054012618937488621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7180 /prefetch:8

C:\program files (x86)\steam\config\stplug-in\luapacka.exe

"C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/252490/252490.lua "C:\program files (x86)\steam\config\stplug-in\252490.st"

C:\program files (x86)\steam\config\stplug-in\luapacka.exe

"C:\program files (x86)\steam\config\stplug-in\luapacka.exe" "C:\program files (x86)\steam\config\stplug-in\Steamtools.lua" "C:\program files (x86)\steam\config\stplug-in\Steamtools.st"

C:\program files (x86)\steam\steam.exe

"C:\program files (x86)\steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13028" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x270,0x274,0x278,0x26c,0x27c,0x7ffe490daf00,0x7ffe490daf0c,0x7ffe490daf18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1592 --mojo-platform-channel-handle=1572 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2328,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2332 --mojo-platform-channel-handle=2324 /prefetch:3

C:\program files (x86)\steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2812,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2816 --mojo-platform-channel-handle=2748 /prefetch:8

C:\program files (x86)\steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3180 --mojo-platform-channel-handle=3172 /prefetch:1

C:\program files (x86)\steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\program files (x86)\steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3884,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3876 --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4100,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4104 --mojo-platform-channel-handle=4040 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4448,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4364 --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4604,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4596 --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4748,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4752 --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4712,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4696 --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4536,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4540 --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4140,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4212 --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4200,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4488 --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4756,i,6797471224410003477,14827316416147660450,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4784 --mojo-platform-channel-handle=4768 /prefetch:1

C:\program files (x86)\steam\steam.exe

"C:\program files (x86)\steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=14020" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x270,0x274,0x278,0x26c,0x27c,0x7ffe490daf00,0x7ffe490daf0c,0x7ffe490daf18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1592,i,6152598711377456260,4047307348888950059,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1596 --mojo-platform-channel-handle=1584 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2368,i,6152598711377456260,4047307348888950059,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2372 --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\Steam.exe

"C:\Program Files (x86)\Steam\Steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2764,i,6152598711377456260,4047307348888950059,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2768 --mojo-platform-channel-handle=2020 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 43.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 95.101.143.202:443 www.bing.com tcp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.195:443 th.bing.com tcp
GB 95.101.143.210:443 r.bing.com tcp
GB 95.101.143.210:443 r.bing.com tcp
GB 95.101.143.195:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 8.8.8.8:53 195.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 210.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.98:80 r11.o.lencr.org tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net tcp
GB 2.19.252.134:443 aefd.nelreports.net tcp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 23.73.136.105:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 105.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
N/A 127.0.0.1:59571 tcp
N/A 127.0.0.1:59555 tcp
US 8.8.8.8:53 cmp2-dfw1.steamserver.net udp
US 155.133.253.52:443 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 cmp1-dfw1.steamserver.net udp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 8.8.8.8:53 cmp2-lax1.steamserver.net udp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 88.221.135.115:80 e5.o.lencr.org tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 88.221.135.98:80 e6.o.lencr.org tcp
US 8.8.8.8:53 cmp1-lax1.steamserver.net udp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp1-sea1.steamserver.net udp
US 205.196.6.132:443 cmp1-sea1.steamserver.net tcp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 36.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 115.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 cmp1-ord1.steamserver.net udp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 8.8.8.8:53 cmp2-mad1.steamserver.net udp
ES 155.133.246.52:443 cmp2-mad1.steamserver.net tcp
US 8.8.8.8:53 cmp1-atl3.steamserver.net udp
US 162.254.199.165:443 cmp1-atl3.steamserver.net tcp
US 8.8.8.8:53 69.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 52.246.133.155.in-addr.arpa udp
US 8.8.8.8:53 103.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:443 dns.google udp
GB 172.217.169.46:443 tcp
GB 74.125.97.72:443 udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 72.97.125.74.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
GB 216.58.212.227:443 tcp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 p2p-sea1.discovery.steamserver.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
GB 216.58.212.227:443 udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-fra2.steamserver.net udp
US 8.8.8.8:53 cmp1-fra1.steamserver.net udp
US 155.133.229.20:27019 cmp2-fra2.steamserver.net tcp
DE 155.133.250.4:27019 cmp1-fra1.steamserver.net tcp
US 155.133.229.20:27024 cmp2-fra2.steamserver.net tcp
US 8.8.8.8:53 cmp2-fra1.steamserver.net udp
DE 155.133.250.20:27024 cmp2-fra1.steamserver.net tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 88.221.134.89:80 e5.o.lencr.org tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 88.221.134.137:80 e6.o.lencr.org tcp
US 8.8.8.8:53 20.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 4.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.250.133.155.in-addr.arpa udp
US 8.8.8.8:53 89.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 137.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 cmp1-vie1.steamserver.net udp
AT 146.66.155.84:27018 cmp1-vie1.steamserver.net tcp
AT 146.66.155.84:443 cmp1-vie1.steamserver.net tcp
US 8.8.8.8:53 cmp2-vie1.steamserver.net udp
AT 146.66.155.85:27018 cmp2-vie1.steamserver.net tcp
US 8.8.8.8:53 cmp1-fra2.steamserver.net udp
US 155.133.229.4:443 cmp1-fra2.steamserver.net tcp
US 8.8.8.8:53 cmp1-sto2.steamserver.net udp
SE 155.133.252.68:27021 cmp1-sto2.steamserver.net tcp
US 8.8.8.8:53 cmp2-sto2.steamserver.net udp
SE 155.133.252.69:27020 cmp2-sto2.steamserver.net tcp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 84.155.66.146.in-addr.arpa udp
US 8.8.8.8:53 85.155.66.146.in-addr.arpa udp
US 8.8.8.8:53 4.229.133.155.in-addr.arpa udp
US 8.8.8.8:53 68.252.133.155.in-addr.arpa udp
US 8.8.8.8:53 69.252.133.155.in-addr.arpa udp
GB 88.221.135.33:443 www.bing.com tcp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
N/A 10.127.255.255:27036 udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 199.252.19.2.in-addr.arpa udp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 steamcloud-dub.s3.dualstack.eu-west-1.amazonaws.com udp
IE 3.5.67.221:443 steamcloud-dub.s3.dualstack.eu-west-1.amazonaws.com tcp
US 8.8.8.8:53 221.67.5.3.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 avatars.steamstatic.com udp
US 151.101.3.52:80 avatars.steamstatic.com tcp
US 151.101.3.52:80 avatars.steamstatic.com tcp
US 151.101.3.52:80 avatars.steamstatic.com tcp
US 8.8.8.8:53 133.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
US 8.8.8.8:53 192.8.249.13.in-addr.arpa udp
US 8.8.8.8:53 shared.steamstatic.com udp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 151.101.3.52:443 shared.steamstatic.com tcp
GB 23.73.136.90:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
GB 23.73.136.90:443 steamstore-a.akamaihd.net tcp
GB 23.73.136.90:443 steamstore-a.akamaihd.net tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.89:80 r11.o.lencr.org tcp
US 8.8.8.8:53 90.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:443 dns.google udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 23.73.136.147:443 tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 147.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
N/A 127.0.0.1:27060 tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.67.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.134.137:80 r10.o.lencr.org tcp
US 8.8.8.8:53 update.steamui.com udp
US 104.21.30.139:443 update.steamui.com tcp
US 8.8.8.8:53 cdn.wmpvp.com udp
US 8.8.8.8:53 139.30.21.104.in-addr.arpa udp
GB 163.171.129.134:443 cdn.wmpvp.com tcp
N/A 127.0.0.1:53847 tcp
N/A 127.0.0.1:53849 tcp
US 8.8.8.8:53 134.129.171.163.in-addr.arpa udp
N/A 127.0.0.1:53852 tcp
N/A 127.0.0.1:53854 tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 8.8.8.8:53 new-service.biliapi.net udp
GB 23.73.136.120:443 steamstore-a.akamaihd.net tcp
GB 23.73.136.120:443 steamstore-a.akamaihd.net tcp
GB 23.73.136.120:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 120.136.73.23.in-addr.arpa udp
CN 116.169.184.177:80 new-service.biliapi.net tcp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
CN 119.188.86.133:80 new-service.biliapi.net tcp
US 8.8.8.8:53 steamcloudlondon.blob.core.windows.net udp
GB 20.60.166.65:443 steamcloudlondon.blob.core.windows.net tcp
US 8.8.8.8:53 65.166.60.20.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.25:443 th.bing.com tcp
GB 88.221.135.25:443 th.bing.com tcp
GB 88.221.135.35:443 th.bing.com tcp
GB 88.221.135.35:443 th.bing.com tcp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:443 bing.com tcp
US 8.8.8.8:53 25.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 35.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 steamdb.info udp
US 104.22.73.111:443 steamdb.info tcp
US 104.22.73.111:443 steamdb.info tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 111.73.22.104.in-addr.arpa udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
CN 42.177.83.87:80 new-service.biliapi.net tcp
US 8.8.8.8:53 shared.cloudflare.steamstatic.com udp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 104.22.73.111:443 steamdb.info tcp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
CN 123.234.2.61:80 new-service.biliapi.net tcp
US 8.8.8.8:53 clan.cloudflare.steamstatic.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 202.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
CN 211.97.81.63:80 new-service.biliapi.net tcp
CN 101.68.219.60:80 new-service.biliapi.net tcp
CN 122.189.171.106:80 new-service.biliapi.net tcp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
US 8.8.8.8:53 vinoland.net udp
US 172.67.158.11:80 vinoland.net tcp
US 172.67.158.11:80 vinoland.net tcp
US 172.67.158.11:443 vinoland.net tcp
US 8.8.8.8:53 www.vinoland.net udp
US 8.8.8.8:53 11.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 vinn-web-tools-dandys-projects-bb4af0ab.vercel.app udp
US 76.76.21.123:443 vinn-web-tools-dandys-projects-bb4af0ab.vercel.app tcp
CN 42.177.83.225:80 new-service.biliapi.net tcp
US 8.8.8.8:53 123.21.76.76.in-addr.arpa udp
CN 113.201.158.62:80 new-service.biliapi.net tcp
US 8.8.8.8:53 94he6yatei-dsn.algolia.net udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
DE 51.89.64.92:443 94he6yatei-dsn.algolia.net tcp
US 8.8.8.8:53 92.64.89.51.in-addr.arpa udp
US 8.8.8.8:53 tmpfiles.org udp
US 172.67.195.247:443 tmpfiles.org tcp
US 172.67.195.247:443 tmpfiles.org tcp
US 8.8.8.8:53 247.195.67.172.in-addr.arpa udp
CN 125.38.214.65:80 new-service.biliapi.net tcp
US 8.8.8.8:53 p2p-sto2.discovery.steamserver.net udp
CN 61.240.220.6:80 new-service.biliapi.net tcp
US 8.8.8.8:53 client-update.fastly.steamstatic.com udp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
CN 42.177.83.115:80 new-service.biliapi.net tcp
US 104.21.30.139:443 update.steamui.com tcp
N/A 127.0.0.1:53406 tcp
N/A 127.0.0.1:53408 tcp
US 172.67.172.248:443 update.steamui.com tcp
N/A 127.0.0.1:53413 tcp
N/A 127.0.0.1:53415 tcp
US 8.8.8.8:53 cdn.wmpvp.com udp
GB 138.113.149.153:443 cdn.wmpvp.com tcp
US 8.8.8.8:53 248.172.67.172.in-addr.arpa udp
US 8.8.8.8:53 153.149.113.138.in-addr.arpa udp
CN 106.14.24.113:80 tcp
N/A 127.0.0.1:53571 tcp
CN 106.14.24.113:9999 tcp
N/A 127.0.0.1:53585 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
CN 106.14.24.113:9000 tcp
N/A 127.0.0.1:53591 tcp
CN 119.188.86.134:80 new-service.biliapi.net tcp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 23.73.136.138:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.4.4:443 dns.google tcp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp2-lhr1.steamserver.net udp
US 8.8.8.8:53 138.136.73.23.in-addr.arpa udp
GB 162.254.196.80:27020 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.80:27019 cmp2-lhr1.steamserver.net tcp
US 8.8.8.8:53 ext1-par1.steamserver.net udp
GB 162.254.196.80:443 cmp2-lhr1.steamserver.net tcp
FR 185.25.182.20:27033 ext1-par1.steamserver.net tcp
US 8.8.8.8:53 80.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 20.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 88.221.135.105:80 e5.o.lencr.org tcp
US 8.8.8.8:53 ext2-par1.steamserver.net udp
FR 185.25.182.20:27022 ext1-par1.steamserver.net tcp
FR 185.25.182.52:443 ext2-par1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ams1.steamserver.net udp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
NL 155.133.248.43:27018 cmp2-ams1.steamserver.net tcp
US 8.8.8.8:53 cmp1-ams1.steamserver.net udp
NL 155.133.248.42:27018 cmp1-ams1.steamserver.net tcp
US 8.8.8.8:53 p2p-ams1.discovery.steamserver.net udp
US 8.8.8.8:53 105.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 52.182.25.185.in-addr.arpa udp
US 8.8.8.8:53 43.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 42.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.4.4:443 dns.google udp
GB 184.25.193.136:443 tcp
GB 184.25.193.136:443 tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 136.193.25.184.in-addr.arpa udp
N/A 127.0.0.1:53601 tcp
N/A 127.0.0.1:53599 tcp
GB 23.73.136.147:443 tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 151.101.67.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
GB 184.25.193.136:443 tcp
CN 116.169.184.177:80 new-service.biliapi.net tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
GB 23.73.136.138:443 test.steampowered.com tcp
US 8.8.8.8:53 client-update.fastly.steamstatic.com udp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 104.21.30.139:443 update.steamui.com tcp
CN 106.14.24.113:80 tcp
CN 106.14.24.113:9999 106.14.24.113 tcp
N/A 127.0.0.1:53599 tcp
N/A 127.0.0.1:53601 tcp
N/A 127.0.0.1:54158 tcp
N/A 127.0.0.1:54160 tcp
N/A 127.0.0.1:54168 tcp
N/A 127.0.0.1:54181 tcp
US 8.8.8.8:53 113.24.14.106.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
CN 119.188.86.133:80 new-service.biliapi.net tcp
N/A 127.0.0.1:54190 tcp
CN 106.14.24.113:9000 tcp
CN 42.177.83.87:80 new-service.biliapi.net tcp
CN 123.234.2.61:80 new-service.biliapi.net tcp
US 8.8.8.8:443 dns.google udp
GB 216.58.212.227:443 tcp
CN 211.97.81.63:80 new-service.biliapi.net tcp
CN 101.68.219.60:80 new-service.biliapi.net tcp
CN 122.189.171.106:80 new-service.biliapi.net tcp
CN 42.177.83.225:80 new-service.biliapi.net tcp
CN 113.201.158.62:80 new-service.biliapi.net tcp
CN 125.38.214.65:80 new-service.biliapi.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_4856_ZFRIMMEAICKCQZVT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\59bfd046-51d8-4f1b-bf0f-acbf3062a90d.tmp

MD5 9985d6965fd4d93a3a7e549483b352aa
SHA1 1dfa4856269492c94cd7076e7ba4a1e184a067cf
SHA256 282bfdc28f92cdca9ef61c7e0857b0727440ce0a24b783ac4a450eaa182bfdce
SHA512 3b2c7bd3e7ee74f5fa222c8f0b27cc351eb25422ecd55ee00c0de8f3c4673b1cff0b790d1571b2696b9f089a736ca7d9467c8871fa224419df39e9b7d676897b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 739346.crdownload

MD5 bbf15e65d4e3c3580fc54adf1be95201
SHA1 79091be8f7f7a6e66669b6a38e494cf7a62b5117
SHA256 c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304
SHA512 9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d31a5a7480d614be95cf999d963e5a3a
SHA1 80b53205e1d06c34ab5cefaf9aa15da0f21f7ece
SHA256 d1af66bb09a39e1f2b1e3caa603e1b54ccc3b6ca0b17a59a482054e3e1fd4208
SHA512 e04be1d4e214ec58e26f488cd69c468e6ddb8d522c2e44c375007721f6bd4a0b3d98ba2e942796bc973f83223270fa114e9afd870bec5281cea6adf06501553c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f2f78845ef1ef6736987ea316df43c94
SHA1 2effee602b7060d7699afba46b44a816cc7ee3dd
SHA256 5708c40b7aa50f292790576f5068a5af117d36235da98641524ae42d02c54e94
SHA512 0b2c99239db3fe8a3d35990932715d446752ecb57672ccf922227998e9840e8b67aa16e7cd819338531ddb411bd7655ce4e1445080cdb5cba87f2c01fd5f4cf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b96c7dffb6984376f73f3eb11af2f0ee
SHA1 f649eca4d6b9da3f07ec8a5f24c228cdc0d6a38f
SHA256 c00a67f0574f14d4019d8dc2f11a55a7966e1e9cb8ea1414a5b07d80d2b929b2
SHA512 f98a502dbd82c733aa512e026e66856b6260a4bb89e665eea2f9c85f0b300d391708072e4faffff7d52396f88eecf823fdfe84be745017d11d193ba11a63bb86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2fc9ffa7053ad17ed447e7a2a7fed4e
SHA1 831a390bd2aa6e269787b648347c1e5f9076832d
SHA256 8c2a30ea8c9a8e902cc7984d5c62b10417e5a7ed25494894889b32623804430c
SHA512 31ce80ab9acc21ad1fa0a81185eafde741bab15e00062a2084ad40bcea1835a2083f71200812f083bca2e241f150fbfebc9ba9f6d1ecd2e92632261517a3d2c5

C:\Users\Admin\Downloads\Unconfirmed 559540.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Temp\nsx1819.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsx1819.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c33dd192fd58f37692904c705c99f391
SHA1 10e2756c94dbe122110558e1cf4c9fd0c8970a9b
SHA256 cde32fc17913acbff606995d7e5b110b1e664789239c5b36347cffe3d046958c
SHA512 1fb1cf838c5708420bff4ce2c6c44c54e0c08bbd609eae20ade0fbd0a66f819d5b8dd520cc10e4b6270844d8901f993855aecf644820fdf9bd07903425c3f926

C:\Users\Admin\AppData\Local\Temp\nsx1819.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 90ff152c339ad812163fbd33a66bce52
SHA1 a936f6feca96c32b5d2add7d22c0b23470fed478
SHA256 bfc663cedc63080ee9686beba17994f896ba51230dc33553661a740c63689265
SHA512 1f933eecd1714eeef0b09acf48fdd2e3ce50dfac90ec6b998c4a473707d71e4ee8510e1fe0d2fca6d4286071040fb5258e955b1ab6c63aa0197998c95d1675cf

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsx1819.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff37af3bd90ff2faed2ccd5a277e0189
SHA1 20dce765c188b3a3b51365e510e93d8f713aee0a
SHA256 287741b9ee79911ce89832b443960e0feffa929b124ed1e5db561d74a6b05a86
SHA512 42edff9bd3b9795d896593417f7d0ff9e0fba334b3cff4af7cd3fc4d4e840a1a02b383f931403c04b56f51a1d4cc2cb8ff13341b5cf28d42f8071c859517aa14

C:\Users\Admin\AppData\Local\Temp\nsx1819.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Temp\nsx1819.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6bbb76d6e8735eebe46a6ad94ab83412
SHA1 b968186364fc22f341cb6c54dad5038141403ca6
SHA256 d9c41d8fa9703ee61cadcdd8f2f2fa1587ddab52c95eb8e60447f94dc288f074
SHA512 2b54df56bfd077de6f188b093dde9187eacd8ae19f69fcc6fdf34a96fce2dd1e8febb80639e55b991b29a72755bd238488f6930cb2209d126505d56321e7cb29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bf6c9da79d6ba067b88ada4ba0065be1
SHA1 104d542f550c1abf349803c76c7cea9047fe9d1a
SHA256 efb3664c1dbdbb266ea0f91765a72ea9382cd8b6b48342e26d967ce15111eaea
SHA512 13b614d1f17146183fadec8e14ff492453a5cee0106981bacff41e2a4db1fcd21c340088ecd0d6b8d9b3243347d5e1e72dc9ebf2744ec0a9af0aed11d3b64687

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 14cfc64ff412f247d28db73f5ec47068
SHA1 147bb217725ee85e7fcd03e42bfc826a368dcbde
SHA256 6ab69a5f40d84b2d68a8d461499edd8c3a50227569e644f799c4706f9e05da33
SHA512 b732a2eb20f76677ea3f0743d474ee6f1d7ebf2e2b184184634655a41e28091a3119c2cae081326a493cdd17a72f3372907fe5e3afbce510608de73343f848fb

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\steam_client_win32

MD5 fe5170d0df394c0f68f44b56c5dd9954
SHA1 bd8b3761e204f4190120a2d0ba8111fa6d4b8007
SHA256 d9128bf6e56002320a8fde94681a3a4614b44a960d4b2578571deeac0b6a9aeb
SHA512 a91b3bc4d2dc3b258c5e12f946fcc2a1fb3f5d55d720c4b000c2c1a78c0f6497611ccc8c5d0d3ef2c6f96a933b0fb09c85acdc46acb47af31d143081811a4ce7

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/2936-12694-0x0000000000510000-0x00000000009C2000-memory.dmp

memory/2936-12700-0x0000000000510000-0x00000000009C2000-memory.dmp

memory/14584-12741-0x00007FFE574E0000-0x00007FFE574E1000-memory.dmp

memory/14584-12740-0x00007FFE55A30000-0x00007FFE55A31000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Shared Dictionary\cache\index-dir\temp-index

MD5 dbab585ea953116c1838bf310031934d
SHA1 23b7cdc7cd1bc724b961a58c53ec0af2f97035d2
SHA256 5552a6a92f8c5ecab6feffcceaa98fb597068e0dff4fa186794ea2c5b4dcf8c3
SHA512 c848787c60459207c911a321b37648db04ee98f3ea156247d43557239a713e749c05c61e42328351ebfb1904aa405215be5213a309923adf12efdc9b54bad807

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Program Files (x86)\Steam\config\config.vdf~RFe5b6a20.TMP

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf

MD5 7476f85c2b7525522fbdf09a0fd26212
SHA1 09546ddd183a27a19718352b2128540e96222755
SHA256 e2c436064eee38e6c1eb75eedc2d5ab55332e14d25455165ee61296084025761
SHA512 9e5f5a2ba16651a828cfc16a08084f69e40980bb8d44d1424ee52ae1584b1da6afa01ea2abd4ed0882a05f7665093105c56bb5664020f8aac2567dba02034d33

memory/13700-12844-0x000000006ED00000-0x0000000070040000-memory.dmp

memory/14584-12851-0x0000023B9A490000-0x0000023B9A498000-memory.dmp

memory/14584-12852-0x0000023B9A760000-0x0000023B9A790000-memory.dmp

memory/14696-12854-0x0000013E5E610000-0x0000013E5E640000-memory.dmp

memory/14696-12853-0x0000013E5E5D0000-0x0000013E5E5D8000-memory.dmp

memory/13700-12859-0x000000006ED00000-0x0000000070040000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 8ccb5906a568038bd4f60d090c14b11b
SHA1 29d8b376c694fe2123e2abc33f7dfe0e7b1bc147
SHA256 9d7457caed45e03b1eee237cf2be04bd4623ffbc81b6e0fc2302c49bd9a53b66
SHA512 7f2899ccc58f4d14964e776b5323d8e1ec7c70c31dc76cb1986ad02fb7dd2e0de2dcd74f61c1a9940d7e7f3a6aab1cd98d38a3db7896fc42b1cf921a9af38d44

memory/13700-12876-0x000000006ED00000-0x0000000070040000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 602c49f9246967bdcff45b4f43cf2fb0
SHA1 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d
SHA256 a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114
SHA512 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5be607.TMP

MD5 68b20851ccb9834d21fb32615e42bd43
SHA1 88fab935f0b9484994097c08f785e9ecb7d68127
SHA256 a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f
SHA512 dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 3bdee379b97df1072e5a1d0c7c4321c6
SHA1 a50e46c32600baa1bb8bb6edf9d79eac7d575031
SHA256 7c4c94c5c88425a20683823d4e0095bc773c2054389e0105f380f09f2ec8a0eb
SHA512 09d2e946fafb1c517b801e775a1ef38324bd72cd9c76de4d6f74eb13308ee5eaa82b438ca9b50badc7e7f29036d5e4fd36d5a3e750228aa82b97d66550d1bbca

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5be636.TMP

MD5 cd83b5d73fdb1e62df50ff855cb75bf3
SHA1 16cb3caae7e2229018a4c56c6228546bfb05e5a6
SHA256 6ebf310a3176d470402adb513fd83a83641c37f873633b0b8f41e7c866fba23c
SHA512 eedfff3d4806879e340bf856dfdafed731b61458ae4bc5f4e5432733563f3ec60fcd39a174c468f98404a9e620150d6d9e6b45e3ae29fb76339d7e83ffa35926

memory/13700-12899-0x000000006ED00000-0x0000000070040000-memory.dmp

memory/13700-12904-0x000000006ED00000-0x0000000070040000-memory.dmp

memory/13700-12909-0x000000006ED00000-0x0000000070040000-memory.dmp

memory/13700-12915-0x000000006ED00000-0x0000000070040000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 6684155034d626bb1168447bc62ac37f
SHA1 9c23cbd1474189fa4f2b5ba42effbb8732b03b80
SHA256 548acf7bce168f382576bb4e41df994b6de22e1c31b652f99bf1323bee260375
SHA512 1c1fdbbc33e8bdcd3f1bbe2bb5d4e23807177da4f2a41f2500677596e06ec387f77b69da976856887e434f2bcc05c8b03d633df810d5d05cc4bb5498528f0979

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5c7007.TMP

MD5 83dddd4c04f3b15e2b802b67e1487f62
SHA1 575bc6b38860e4b373ed18586e2bd7add2d4a5ad
SHA256 b388d994204a1e22e0598f014e668554c8ae4a538b4bac99847db086419d8e3e
SHA512 fa912812465279bd3ae34dc34fb28d8030c581872121768dcb9ec635af0eefe58e5c56931f83eb630ed5147df623c767b284ac5813d6262b0cd528043c38d5c9

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 2ab5ffe04989c9dfb5b99d077706d99a
SHA1 d2c7f9b4c3531a83274df63375937d87be385f02
SHA256 fddbd393deefeccc93ce8a495f977cc91f9de455637c671843e8aa402380fd55
SHA512 38cc1be91017051f0bfdf21bfd4346e9ef2f23c3b5189fea148a8c822b5426221cd68e40c72398d4ca196a05ed3b52e628a87c12ac69b95ed77a66e9daf5254f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5c83ce.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/13700-12938-0x000000006ED00000-0x0000000070040000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping13780_903348521\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Program Files\chrome_Unpacker_BeginUnzipping13780_903348521\manifest.json

MD5 2ff237adbc218a4934a8b361bcd3428e
SHA1 efad279269d9372dcf9c65b8527792e2e9e6ca7d
SHA256 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827
SHA512 bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

memory/18088-12963-0x00000183509D0000-0x00000183509D8000-memory.dmp

memory/18088-12964-0x0000018350CA0000-0x0000018350CD0000-memory.dmp

memory/13700-12982-0x000000006ED00000-0x0000000070040000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 f1f913e1b37292839f9eff928c58709c
SHA1 44e709d740c0d7ee4ffc89d53887e981b562fe63
SHA256 babc4714186be82b744e388d48c699d6fdca68d14db68f6666cd5a5a96cc4516
SHA512 d93ecfe728b7d1fcda08a5c8885acdbb25418a938cc132fceb511b02f6fd8077f3ba5e53b18dfb1432b060628928cebf3995b98d1434e9cd62fbb7665f54a804

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 d9cfacdb68c1af2b2adce8d2235a7568
SHA1 8a482a9b065f18e0d6e97be49eb1bafd23e04840
SHA256 e2a68665af42893cba5436f5f81168695edab6e504b644bee1254155708880c8
SHA512 0e4ce459aa063a0f7b07ed251b949dadb2f92b3198fc059ba0ffca334a99795d4addedc1d0063abb7fe3e71b6cebe3e910b115779c7d53f174dabd658470c109

memory/13700-13030-0x000000006ED00000-0x0000000070040000-memory.dmp

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 52d8f5ed90b6a49e0ac276aee9a45fda
SHA1 9e8cf2cf935668b1b06b3353136cfb0ff7be4443
SHA256 4128cd24119058cc20215871ed9d6198bf67156ca816d2b755331222f1e6f7b2
SHA512 452d9d8eed166d749e6202153c1c151eecda31741f2723c2d75ca92a643a1b03b7a016eb80bcef34ed62a368c03cfd45d83eb9c905485040832468c900f03cf6

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf~RFe5cea0a.TMP

MD5 7ce96f31457ea509bd34623cc6815361
SHA1 48fa93bf3c79542aad5714b9253d52a8fdfce041
SHA256 d90fd4c944b773fb2739354c035c3b4348c966728a3dd4d3d0ff005fb5c0acc1
SHA512 7bb87bf013a2508b275650db8e21ced145f5b74c9def3b500ed9e91799bc22e82f411c93837aca0f19ea80ac0f7080be66e117e47b4933a2c40a47f6ceed1152

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 8a59f9c5f5504274c9d5fd8118941262
SHA1 9d628213afc90fffece00d0ad5d594d628992130
SHA256 8ef6596a6e6c9c40fc9a51668f9f43d2f416974ce495f5c0e599c05cf174ad27
SHA512 7f6de7eaa0555678a22d829083205ccd29f9d6614d558a3f9f68bac034f67aa57c273875b2f5f1a8c6c04e4234ecde80243a3d0500616a6f33dea0cdde0913a3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6a094b4f42edd1fe81a8c25b4fc3420d
SHA1 ff5ed326953c2b46091fe709d38f07a6bf64d9d4
SHA256 94ed0d55160889b061882ba86cb1ff8158047b645fcbf5beafb36782a1383b0a
SHA512 2604a1e5e82d2510ebe126e660e326be5eaf09800e374040532816786bc73e74158c2d75d5794cdc3b8627f207810b5833d4029b9ba3a35f2f0635175ccc8bac

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 f9bd98dd047cbc1ab6f5950441d3f8b4
SHA1 6a5469b899c66dcd525af73948aef9962a938030
SHA256 d5b95bf66e3714939e0aced8a7037226e21011f657b9229cbe6674c99b137907
SHA512 32dd4e54c7b23bc6c24f7de426899d831c55c68f456e71ee76eaea9f85277b38a7596d4d9dfe127d33d535e88d136395ea1e05852afb230684fa904445735dbf

C:\Program Files (x86)\Steam\userdata\1214517055\7\remote\sharedconfig.vdf

MD5 fa1befbc47f05f7067043849df33b888
SHA1 9052de89c1a2f0deb5a36330b2722d16ade52ccb
SHA256 daa3fa3ec27ccfd56539149180a99f570cd306f584884ee1c962a6f6f4df8368
SHA512 dabca2f5b8fe8a67412df26efbf5840d3c7c5e069532904677f389b19e18e32356b12a59522d99520c868d7af00afb651dbb0e75de44cd8664dcb0a58d31482f

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 9491d6223245b2740f93d7f0f9565541
SHA1 65a5581b40818ce81daabe3f49d4d1d8f2ecf903
SHA256 e755cf7551fabe331bd6d800676951b89738a13d2356942c35cd1ebbfc3b8504
SHA512 8990680bf2d59184770271fde561cd5ee6e07257b75b4396f9c4c8a01fb55ab3038550ed84cfb8d90a840e2fc83a8b6a14a3cf45421f5e7afc124650155344b9

C:\Program Files (x86)\Steam\userdata\1214517055\7\remote\serverbrowser_hist.vdf

MD5 20dceaaea1f4b32d98edde0878fd22c3
SHA1 08bdd59043f3828d9b7959ad3fbd3339535dfb02
SHA256 cb48a9abf88a52d81f7b9520b1d97896d4dd7c8a1ae15350c322c7654b781497
SHA512 667b912922df3e52031255ac21344372f8817401e2106b17291a5f1c6f98b0ebd1c4a40e35512900bd858f0daab729994bd9e7b2cbc53f5294bfccb46eae1398

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 79d39efd77414a08847370dffa34d216
SHA1 8f4c4ef444b308e07be321ddfcb1a53a8eaa60d3
SHA256 8b12fce6661fdbeaef469d444df33454c4638306e331f57a8390ba083ccc7551
SHA512 de51a7c8212bf2aa236d0ce000a4aea69107f11ca3e7cf1e1aebc0dc6b8b2643fe30dcf7cc4358e66b38c3b87bd9fc16d2c889b54ba2567617cc9dcff5115aa9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 c0af1396f240ac512a67aeccc7ef0a41
SHA1 2ff70c8518bd2413716856c030d07385359389e5
SHA256 175f1a817d78674d98d03ce0258123be90c4aad7790f8001441bf8a095127f7a
SHA512 56fd3bd61dae43dc9aa3dc12d4fe2d8663d58013e3726300befe34f3109ca5124eade98c306b640574b140478948c6501d3a833a8e7d2e874e77aba44ac458e3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6561e4aa389c5de7239f24efc09e71de
SHA1 f4581fc460c2079340ed6eb4f4fbc56f15a70547
SHA256 90beb953deb28bcc586a6186e2dfd832bc028ba2b3a7eec5c4542a73a5e80836
SHA512 b81fd699ae09c1d1266af7978965700fa7ad5e0ea6e063d02aa3633559491d882462fb8b7af604915fdf6e3295865d45313fd065435bd8278394afdf16582e1f

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 7be09674d0e2faf2e9cfe23b5b76ff3a
SHA1 4c62b668377565e09ec488003b35635e1c4293dc
SHA256 f03668c70dd3efac5d134569aa87a5a2699485e2716fbfe31679c1da6de21950
SHA512 1f18b723e7b21578a460406c0b2e665a2044d4c20c68a859a215db5d484ac87df2cb87b5f082f1f1296f466803fda59cf383140f02d9ac1ecf246d0767ce1e6b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 0274c57820809118748c6b3cb896aed5
SHA1 2392b103d7730b8519845545c73ef409a6aae806
SHA256 c8c4e4c3162578ad1b5700de075e8f79c6003d13dd524ba006b0b6b40c358171
SHA512 62c8690a34f580ce7d3988e3108c68965affe086256832bad21bffccb56d0e3deecb2ce8c6db0746f439084c14246025e4800789c5f66f10d6763de305695efd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 5123fa0274dc885f1bfa6e1695672c4b
SHA1 2915514020b6f4f99abfa3db1d4acccb098917cc
SHA256 0faa85f86ca628be35486556f4e64edd37cf833ac1907ea3a47b202a1059d11e
SHA512 0d0ee2af43f7190412c2cd42c148ff296ec7d9ca785f68f453fd50d60a376616fb602faf95e23667e5cbd6b41ef42c261e8d23f2d02ae2c5e1b4e2ee624f8c9a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 79b9125ba2f85c5a565da22abd594118
SHA1 d6ef2f179a7c9a9eacd8f84d7d9d5b810a62be89
SHA256 2976b2507d57469a408f08fd23974859316079993e9b59fdaf290a2434e76eb1
SHA512 f18f6c819b5710a3c1b08a74755f861cc2481037432e075d145a441cbccf4d7a1bdc16226112a143d684cca6e720a8208667511e40531c27f4c1a3400e4a361c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fb7970ef3438d588f74b751877b42ed9
SHA1 5abe246f8593ec6d1170b168099ace5a9a4c1b28
SHA256 79fab650e9205bf47505a0884c556cd502546502b9eb88725fca0495ebbfa01d
SHA512 c1d442f5824465149d7ce2441b441210bca8c8651a42de4e3cb75bf357329066bf963e982c48db185ea194ce6e2b1c52735a57024404e868009374f8382f564a

memory/13700-13333-0x000000006ED00000-0x0000000070040000-memory.dmp

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

MD5 9283e8f3984c6c7b87d772f36721a0ad
SHA1 864f9fa32988fb72d919de12b93e7f56942849e8
SHA256 9d8d4f60565654379c5096e62b0930fc9e87cf49259d31af0a9034fb790a7d50
SHA512 9858a8ae89a520eb5ba0126fef080539d7b849498243b1b30f72b915b3b12a48e13712eba8f87e2939630ee44b8c55f894092e38390e6094b756422a784de087

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

MD5 0b8f38d6f219adb6af9a46e34c8b55c5
SHA1 abfb7eea3e2073ef536ef4c020b79dce54028174
SHA256 c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8
SHA512 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

MD5 b63db6116a515c8ec16b58bbb1a0db89
SHA1 c8b53c1566bc23bf614f3faf2dd0e2be49aae50b
SHA256 58cf7a378014be774e0348655722edbf63b5470f6a4e84b19bb46e10349189a1
SHA512 b114bbb09dab653809bc63b9b7ce66be04b4baa50fa4ae938b1cafd86eac94b7742ece421fba8c491ad3b95980960acc9d30dc6f0c5e609f1494571583641ab7

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

MD5 944531387ce01bdf7ad736937b9b13b6
SHA1 df6268ebe74638714887588a1f43506b915e717b
SHA256 d6c997210287cecf290cc7c5cc99c13a46d874786d1747cace5f00713069e2a7
SHA512 25cbff327f7af6013476a5453847a5f0a4354a8efe773a4f7f8e29c4b8c12ba8105ed344109cf0a83ee6fe986468c2318b212d2eddc1dc2a6fb4ad9c7f9fc4c2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000004

MD5 8f661b8c2dc08d06a2992b1006fbf95d
SHA1 51f7614ee218ca027670a3bb0d7cfe1f23869602
SHA256 8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a
SHA512 80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00001d

MD5 f222656f7796794674f732c474a033ac
SHA1 cea879731968ace9befe205c55679924f033464e
SHA256 2d9259afe79e20ac65865133ee69f28563201da61bbd8142cd964fd0097170d5
SHA512 9a2b31a325d8030a2aa6b5a932a8c56476a7bf995ac61d419e81477a0c7ecf5e92d5d4884a3d3fd9a67bd33dc619665d5e3bc05c3784c3bc51333abe4332b449

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000029

MD5 38aefef2ea44c17d501cbb38cc0c7e54
SHA1 55dc9404f34f790e42508ea8d74d6ac87c8d6a94
SHA256 29f8a8da900ab06670e7e9c437bd27528ac311b4995d50c702972b29440ab194
SHA512 6cd0e45c109d9ef0e0a3419246af71b9dcca214775116bc5c318df53ab906ca33197d831d0b3c05ba004fd31889a5086454eb6e0ef12e594035d3b89f1d1e157

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000028

MD5 757750902210ff3c0d12dee4dc5165c6
SHA1 a3599ca4bd5da9fb9c83e26813ef62327c541566
SHA256 72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67
SHA512 ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000027

MD5 4d9ecc70dde56858a3451017cd7fd8d9
SHA1 88189cff695c454384884888ea46d9c11060c811
SHA256 e10acc2425b736f904ca0ec762a77b516ce7cea7391354841199e55750eee287
SHA512 dccdf161353e3fbd904b63f646ebf616e9eb977d23933575a307336aed6bb044902e11dc5990aa217f7b8cc16e190a968fc9077fe74f335c195c72de46c6f60c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000026

MD5 487b3b54635e5e78cb40f06019e3d266
SHA1 5f27d3247d223035162688d39b8ca8921d662c38
SHA256 6ee6a4b5156c04085388db04e54cd35f0b77f68902545cdcbda5367503c0979b
SHA512 64cdd50b84d9cc6a8b39c70bf7c442e11af54401a02fa745d72f0a12fb9e72a64b9f2772bb8a98c489ab18a8d5fb6ff753e6c6922e2fe86117eff2fa63efea77

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 f0f5714a7c80807180555712f9d6f9e5
SHA1 29c49390195e5c0c109d1ac08d47c3369b0326fa
SHA256 d8a5f3d82413c5de8b18f33fafaf59c4f8d48ec06faffd0fe0eee3d2edd711eb
SHA512 2218f84e984974fb358875730cdfc787fc4dd1a376a6199563f6d9b67be8558af7c39ff8e2d7bc954f1aba0752bab48600ad74136e097492ea9fe60ce5f7286c

C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

MD5 1a475aa5000d3958df447de17e0dc14b
SHA1 8a45a8a2b38a524633a99abc7994aa0ac46c03ce
SHA256 1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e
SHA512 e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 5a68ee13d602ea19f1f25aaf225fdc95
SHA1 cac22068071a9032cfcf37604af849d9231b9623
SHA256 0c116a0799648b68c03fc409c3e2d26185ba9a22e848dfcb7b74e585eab17596
SHA512 fe7dd4ebcdb42baa011fa351c112d7d674f06448730f9cdc461b1c9aa7b9a43ca9e50b2185309a34e6242d3801cde12862bfd158531ebb807e4116652fcde8fd

C:\Program Files (x86)\Steam\userdata\1214517055\7\remote\sharedconfig.vdf

MD5 467ff4ef6845e69e51659d5a739efc69
SHA1 d957ab9cec596b486a4e035499b1a13f8ca2e861
SHA256 b4af4e93bf34ec749ae2771c1f5728ac65fd8ec5600569eb1514746fe402955b
SHA512 577361b87f05d600c4c9cb88e3710fc5eb883322eb4a73dfeac28feb4e0acf8bec4662583c303dbb5985bae50f1a42d71f7a6a3b1df77e0d44d3dbd6be001728

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 25ac7e6b1cccdea794d7e0037064fadf
SHA1 e3b5dacaa1f609546a9afde0818fe750a9db198f
SHA256 4223011aabb05d2e2e0cdadf3b15463d3063de7f07806ffce1f2d5aa6f954167
SHA512 d8b257d9cdfe3453ec86480e6be698946a885b8cd4ae5aa7403eba06e40111590de7bb07f15286c1691e42f3449178b10653c829d9b245f4dcef51be627c1ab4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 98eaf699f517ff88bb2f595bddb2c5d8
SHA1 eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca
SHA256 7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582
SHA512 7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72c2bdfd4af400b2d5ba115e1e010121
SHA1 bc49230c4a61d899505b0c3af1428881616e21d3
SHA256 7a577a4975e77f38c50ed4a46e2efbc6ffcf3905756ffc8bf7024100a0d14dc4
SHA512 e59ec9d7394bae91f070c4b44c1b4f4d73a1c5aabda8c0c585516e21aef62602d71c447f73218b6f239812cc87983853d7632216d214fe2a191874dfcbea81de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e13d4.TMP

MD5 5f4a206a3e2b2140606de90a455e5b0d
SHA1 eda1c03b8d6c270538677dd977cd3a5b3f202bb3
SHA256 dd3f306019c20e857282bee12fcf42c5d88b88d1a8e2753e71399948bac31626
SHA512 d18db7b6e2460e285eafba4b2f0b3dc3402264196d0e243f6b3230191d88be1318933ec8ec9a869773dc9a49917ce230a68d1e017528fecdc3eaaf51c5e57d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15e5143d6cebdaba01f7d96388d5c63d
SHA1 601f19d6d55877f3fd9e4b36db42fdb692b29444
SHA256 626f4f522b81d2d574d9e40aae0dffa923e121ad088ef8ef06f55d237b1c1ee1
SHA512 d11e86a4f4e2fa85d3b18e6c68b60d0772862d9e28fc0b37c30fff5ead9f2137daff00a917ef4a0ada3300ae33cea0f86d22bbe8b5469914db2b75e4eb008286

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 0cb33a656ad2b35b1d95f4958b5ea3c7
SHA1 c307aaec71ecf499b16b9acbd30fe0074284e31d
SHA256 7a8a953e9efda6b76350c6cb267d61e82d196b2332538d54e238217c8ba67657
SHA512 08f85e4b8c35df58a01184aad72f79f80c39af31811145f4f88ae20a28289b2b8b5ad5e92980e1edf44b122023447ae19537efa1b9275eaa7a6268bae1084183

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d2fba7dd8186d9c81007c4f9007806a
SHA1 0bba4ca3d44b99c7748ec61ef618ec5107db4d22
SHA256 747967cb9a5a39154d60e43b608609c1e12dd93d82f5a37219abc524b9aa34ec
SHA512 411c20d03b226ea3467ffda790a63a08cfda0e74951e4a89437e6f841f7405a5f1ed2c5ed7051997b27a815b53f785a0ada72ec4b709502bd84a1b47d555080b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c6e4c00b4e4c2b63d83012da49163738
SHA1 a4aca8b5624a86ebe722ba36c91880f7756f46e3
SHA256 bc91bf7fbed23cb490b26643b5e56a627f3286d38c27acbfb43b21f71fb927a1
SHA512 cfab37bf78254b1e5d49a22a5f83c77fbd06e6c60613af64b5eed107c353a67d3dbc411819e67e8450a4c949af9c4484e7350f645083b14b397b9f9ff6febaed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e5774.TMP

MD5 be24f6e2ccc93fe3b386816b3f9ce802
SHA1 ddbfeedc379cfb0d7caa11bbbb78a02a7eff6d2b
SHA256 5c6fb0b2e0db1783230f38e783e89f610e3da9c57733233f2d903a2b917ece2f
SHA512 a64505e36ff43cad81407889fceb02c0898f8b0533785656fe6f25654f565da974f9bdadeaf484ad91c57d82a126b3f6b82b179b7f230996d06062dd5dc3ce27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e60a1540c77c197dbd5c125cf7c442f6
SHA1 6e6e379df6b4f081fd7d1d2b0070477a039c5a00
SHA256 f2162d42fb1a04bfa09bd7437896670eca9d4b7b4a545c6fdcd0b61af7961e9e
SHA512 82f825536bb80324c0fcd0cf300cd17c9c5e88cdd16cb7a71a532406e0201422258d5fc3c54b3febe652cc563cd06c54b1337c2ddcd219eeff1f81245e761a29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5970bc3f0e2e31c2514f3d8bbecc552b
SHA1 3e50981c8f7436fa629bfbe195ca1aa29784007b
SHA256 b4744fa7e4b6f9c132da2dc2d66a8d271baa1f15d1bc31bf08964bdb040d74d4
SHA512 f3109abe69a4f057d79fad15a59f1ed8e1beffc490ad24aac2f69e33e1c61c21c9a2c3b7ee9fc35b07fa247d862ea15629e6dfec069e7e83b38739029b2b8d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 393fc79fb75d13633320067230a98fe5
SHA1 b2bcac578d9f0e6f67b8bd0d06ba68c1dc86339a
SHA256 a683305c47a9027706d2cc0dd0bb9c3b8f7945a58d2af45cab53ddefc42c4ee6
SHA512 7e9343229dc6651c603e86e12223cf75d29ce60e6d8192f8f2d1a1fd06f083cf158635f6659382c0df6eb81f3f8bbf0c1be16bcad667c9db31dcc3f5ce241dfe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 9a03e6c387c88efe44f09a95bed03ccb
SHA1 0fed032f5ad72019c98231a2595e7effc82b8859
SHA256 c5caa7bb9c99dad1377493876684fb2f61ae2e86ac3afae5f65c8c9be40861f9
SHA512 5eaba3c933b22804b7b2cc1e01f848112f25cec156d8c0600bd63b82b5299b5f58a02209748dc69655f22f069eea07aa24919839d3692c93e1a0b21bfdf032fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f52231dda7fd5496ef73219974ac554f
SHA1 3b855748692eb58823e8dc7fbe8ccf6ea8f28ca1
SHA256 7f733169f1ddbc848fdf2bff7e0008adfcc081b8732429dee2943df31599077f
SHA512 08b4957fe2bb130d96e2699e3b97a28c79d29e81ba0caf92352bc6234a4418bd37c5185460b3efcd726188d3d9d1fe5cdc31b722de222a817ad53f1958235e33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8040736339b4c7da9eaf403fdef65220
SHA1 4c23b74ad875c76d7a77b3b860db140b44cd124d
SHA256 e79aecf1496150a4a2eb0ce46faca5124061446080f176621c60ff1da5bb2a1f
SHA512 b5f224089b4e4774be48e5209947159d8a81fcb16419f0ff88783fd6e2931815e471376006c568d07c3fe85e732c0c13f00f93bdf65a522aba7aab4b4977c052

C:\Program Files (x86)\Steam\appcache\appinfo.vdf

MD5 1f370042ea5cb8c308dd5d194cb8b03b
SHA1 3a4acb8adf7589ef620330d2863d92145d91b8b3
SHA256 037041096d7f0575432b667a32a67090091988a6ba3db8e876330524ebd799fc
SHA512 93e8ab5ce7159682b0d9c841fb595902d5087fb2f1320cb79d1b3e238e62863dd0f2fc62da591752054271ca0c0918e998f1f86707fef2a92631b6db144288af

C:\Program Files (x86)\Steam\appcache\appinfo.vdf~RFe5ecee7.TMP

MD5 22c6f4196ec8f4adb98dd7dc29309173
SHA1 d3f6ddd29e6391a163c1737ee5a15771717a840e
SHA256 80ce409dd17cd106665a3150e88d86d7ac204e9a9cb1a9cf160b887b3e8f02c1
SHA512 1f5224a9c72ae5155c39cc4a24f34c23c25ab8ffd2610f17e1c9acfade1374f3491f70cfcde29e3c203c748c4e5521c1a1e8dde8ea0bde47c3f176f1901b7803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5624da8e565bd4ce21ab2bc9cbf52f5b
SHA1 0654cda7e74fa4a8f42a2d64462a3382a68f05b0
SHA256 050b04a79435e0d1e28768e3af5884a525dd8160fe8dd64f36ed5981ad97487b
SHA512 e97babda28b8af3a2008a5bacc27e64cbe54c1bd92d705caee4941a0089b5db6dec7dfb4511c689cdf8344fad6b4787ed5ac8be291695cc382d628a3407b2bef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7a5256f-e313-4bc1-9017-b9a20f1e09ca.tmp

MD5 621aa0ebcd6300eadd061ffd56733f4b
SHA1 48a4131ea61366cc007361924fdb7f708da8e0f1
SHA256 c3754914281de40e7b0de33887a27796358e7310b2066e9e82269ecd305cedf4
SHA512 52f80e6d9c58977ce69024beb7d44421c67702413719e8a5468e708852457f90ee52e42ffdb9ea881b68f5ef8fad8b401b8dadc1fb780ff7f9d16e27c471d8fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11e0fc64c85b2675c28c9958f4d88807
SHA1 25eb001a12c4017ee7228731aafaef951bd0d73f
SHA256 e51d0f311596d73934c726284458171acb8d0474f17bbb87c1cdb30b70a8f554
SHA512 d11cfdadf28661da6c6f16396e46ccef2afaafa51d58ccd889911d716d518a54186a4c46465fbae2748c8874497d6a4ad1d3a754210ad277b55bc59bbd027cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9dda0fcec9e76a72485ac1a2958b7e3
SHA1 92912552d7c6057e84d2af07d9403509eb33be83
SHA256 5acb71ba5fe711abb992832e9d387a82d4c69a74252c8eaa6fd75ea840642ef6
SHA512 106b6a07028d2d4c021c82d04257540b661e71de04a6140b6b609eeffe0aeb83a520be171656e65af065d5bce8f79c6d65d0a79e403de7424a9f35d9d46f6981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b2fa82383cd3376998c4e7457227ffe
SHA1 d02358117dd4031dae9a32aeb91b507e5fcff254
SHA256 417ab071b334840dec68a6a242c16279e6e58b438bb7a41f01c826a838a5f71a
SHA512 3787d651f0fc7c3e1be13e6034403cee53d0090bee1e0c6e59013545c08634aad215cac6538773c21f7bd1a1f46ad43af583c3f53cc51db87650d9669f3acabd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 1fdd9b5233fe4ae71391ac3fe2cdbecb
SHA1 1ee460659813b1233c3553723a233145912d626d
SHA256 bc98a2b9b20c0f13f09532201a2c9d07c9a01186b061918f00357e36ab637b9b
SHA512 d195c53588c2facd7bd70b9806a10330681317a249555dc9872bb5671bc95a4255b6d86a85a6ba3ec202b106df09ebf29528034e7088615956b86abd298ecf50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e6058314076fde1f3ca1b66b72f2c930
SHA1 a343f3a8a999c918b76fbc252798af0cf11820d3
SHA256 9f9076a7bf01cbece85c20d24d643e2dbf575556411b952059ab95da21092e46
SHA512 c569e81cddc10ffa2eb9566e1ae875f6ac9dc8ad9309d9e93fe92d58cf500437d3e6a17436595976115ce4ce20414d845284ef29795bd48f6139a509a1f62e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb92e4b970c27d8d24d4a6fb733ad847
SHA1 c2c5430f41c4fd31b01d5f28dc66d9621b5621c4
SHA256 16e67387909e1329354dc6a8068fc1b4597887677dea79d06de1fee19a231fce
SHA512 e10f68c345a355e1b10861594e1cfae88756bbf2c61b0abab8a54dc56fd3f1204dec69bee47cdf36a3bf2610ec0830f639ae189fa5d83b1eea8be63d3790c670

C:\Users\Admin\Downloads\252490.zip

MD5 669e908054f25f8bdd5feacf00dba944
SHA1 13f517be354065501500e5f39c0257c1845715a4
SHA256 ab0bed8849f04f0a163df33424d93117ecf67e94bc3b4b483ef426c421e9e420
SHA512 edc7c85036a4488797e44bd5203462697528dc7971582f00d35ad55b0c12940136211aa380c3881abd60c457c6247899a24580a079d417ba8803f846fb71cb14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e0c938264ead4cb09eb48ea53b1fb58
SHA1 004df4f291a8937bc74da342972b24501ad0b4d5
SHA256 2a3e1b3be148907711798072314a39e85417d463a5c0e954e22a0ad656e4a99f
SHA512 3621d1a629908a69b6740c4484fbe56600656b28de9760fd9cd2d61da6bd1c94dbdb6688401b2094a416de52167cd0237211a982d219b50d4c406b84501d6228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96e9a9404ef3056434f43f2d7084cf6e
SHA1 b4a6ac2edacb2a0ca08910bc9558caf007d472c1
SHA256 412ab189724f5c3a4f40514e851b91407f33b069273a5a303a44533059bcff66
SHA512 772925bfb6c2d3c5e1bc60f45155662d76e5991eb0feab29b69718758193c9d7a94974b6a7be745d18dfae4f8d200c8326ff1b2ac6a591350ab7f0d74710dd8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22e09a1a7cc9d4e32e9a3b0fda3c1b7e
SHA1 8d15a988842067f3a6285028414acf0132957f70
SHA256 7f119a75cf2c2fd2450645e72ffa85f3d9316038c031cf921aae54cf520ec281
SHA512 144ab2ceeb7184c9516e9d72067e00f21eae238990e5527f8a35d1dc9bb5090b188d3f8630cada56dfe915eaac4e3fdc7f4aab5a1c6d7e70ff7a98d8b131cc01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 615ab5f8d2e79694a32c7f8783fdfa3d
SHA1 bb077bbf298eb8d9cf86c16581436a29073e79eb
SHA256 48bf0f4eabdfbef672bfe8355000444b2781c296b092f58f83f323f4cab5e311
SHA512 b2238493fea9f4fb8e59857a1d7b30018b58c36f89c8ce44014e8965832611b48770e18d1046ad6c3042b5488294c8d138166b770df494b07774c0077c239df3

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 28e59a237914bbd8d3b07a0a35cc2c43
SHA1 fa7f8725881565377c28d9e8c522b70ba548ecd4
SHA256 9333adfaaa399a0a7724ade7078254b4c8373869a00da9501643647f7ca1ba8f
SHA512 1e65e5cc39b56b247d84b8951244e9ed4087aa14ca237089095620127f0329267759655bc3ca58e3dc77137e87c008c05ac1d51e6efc43e9ae99fa533016e634

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e00cc9b5ec0b46b80865f7fb6605429
SHA1 82510d5a09c45f25594d510c6746e1db59997048
SHA256 d3929e540c17be7c46b0eb193d88ac8c2cdc6e5acc8020209eb26ccaf20c47c4
SHA512 8507341b664196f5bb6c346f17db7e43366c0e5e80d3596ac33a2f00c5bb68135b7fbf295191d91dc8573ab076b1f1e26dfaec5c4ba8f1db6cf51d8f6b6e235c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 54cab2985089407115a7a3c11a6fad01
SHA1 faba5c14725ad84539d095a765af6f3b0f802edf
SHA256 ac18dfaf3a2d12b808c37947661de0b018646f895abecb68398521546615a337
SHA512 1ecd04a268f46857b95acd12e5c30ddab09c31e0d58ac4899628ed588c6d3fe65176e74e2fc63ff05f631ece95376074e4caea50f9951453bc8184e64bcd1c6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 468be29adf564ce78cd0ae635154f55e
SHA1 76ed95a6f5361543a017d452013900755a084272
SHA256 8d3b7b2252aa05e3307b33045da91cb8eb00c02e03707efff4dbe25610963f72
SHA512 06434c5c1dedb3c70730a5d9879fde8b5c0a3f62a884331f7e85e17a7e84a23a7d758d869d8bbc6fd29398ef42f46a5179a269e543adf8f19c9902f6c12172ea

C:\Program Files (x86)\Steam\dumps\settings.dat

MD5 14ac0ec78f9d615c2ac38a54d83311d6
SHA1 ceb36553dfb00f2076b79d4ab0da7455d171e4ae
SHA256 b97d40886167a1326f8e2a0d9c64c7a20344c2538aa0b6b8affb1354a07fb611
SHA512 27a637c4a22a7c5d1ae215ec5ae07a0e2a9fb15d1132753516325de45784c00d6ad0fa9a872f6ec17b50bbc6d53b005e44158c1cb35c8fd03aa70a393a200dfd

C:\Program Files (x86)\Steam\bin\diversion.dll

MD5 fb59f7262848e6c9413d76494d88e1c0
SHA1 9fcb582deb9e69b8b8f36522a859d206633010cd
SHA256 32dda887447b7b5fe74d7745cb6c2d28c677ba479435b4e4bdd8b7ac36379866
SHA512 1d2960b7549d4ce63041dd8e20f73a860d8ba32d7a70671a9ded5d539d364a68c621c6f95fe3c00b586cc2ec397d25211f832b5a72414d70c08b6cf6bf644776

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 32551d4d9d372bf63475d3f2b615d6f0
SHA1 205f5028814fc6eb9f63a6a4651014c67bb4ddf4
SHA256 f8def0e87d14168008dd7c772b7a95bbfb8c11f6abbdc182d79fb4432b9833ee
SHA512 cc9de5c0e147e445a7a31a92d18f455a6b0070ffe6c866e24ab65d7952400dd8e2f0d4887710cd4b4f5bbb5f907280a9e75d65fab3a72a8417ba954e5fed52d1

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\acac4ec4-b2a6-41d2-9748-ca6cf6720ba6.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 ff6c4138b45e22553b5ef3f28c13633f
SHA1 5fcb83ff10bbad9d5c4deb95bd505395b20fa278
SHA256 8199cd57d950d8d425883b15c962bb1f2443da3ca5f89fc76e067a77e53b3ac2
SHA512 17ab1495980c3f392afc8bc46f7665ce84547f2df31cef9123a931bef4b41b1f533ea53cfbe8121c6ec235e82ed69ecffc4fddeedb1f25b08d7bca53ec378b5d

C:\Program Files (x86)\Steam\userdata\1214517055\config\licensecache.async13028.tmp

MD5 cd19f18b50c81987fa7a22c9b693a87b
SHA1 00da052ec18eddf0581e40cf08c0b215c4bcf838
SHA256 8fc2dd3ba2c8998b44c6d7b7756004d3db8523a802ee7dc36a194ba212a62fc7
SHA512 0adc5dade7e967aaa91f7e3bc7b06abc700e8aedad96a37d91afc1f562b9fb05992bdd9f1d0329e17718f6ed4dc51d6c95600122d5430a543e37ed9109fe5869

C:\Program Files (x86)\Steam\config\config.vdf

MD5 62194196f0891d5fdef475e38f771a03
SHA1 b6779b816414136fab34842280c7f3cb9681e36d
SHA256 ad4689acc920dac5597e095a32c5b4ff03c69cdb6140c43232e4140077e649aa
SHA512 6d0a3b40913b7d7eadc663f62bf6d6709403189f7cb968f0d98f6566781f1ffb0609c6473cf4fb1c5a7b7b30fccc21a09e444bb5d74e90e14dd1e48b3d02b570

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 0e161cf896861d41b51a262dd210d23c
SHA1 d04b7e7849f76874c51b6cddd8a2653e5cd5d5e5
SHA256 c54ba9522d25b9ab2d21434bbeff381dc4117934e6d7e367445beca27b9822ff
SHA512 0e39f02c3466236a79edcc90afb331ef3021480352f4f1606e055d2ae010c1497079d120404f73a6012513cd977de287a564c68c8d5ffc4856b6178d274e1328

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 8b3568f9a47cf898d373bddb5f77919a
SHA1 9eac5e4a02c06bafc67210a74f9a5640ace856bc
SHA256 78445951921ca1209673b9fc0eb4384df65351703c3cb2f8f13cc96dc7c579e6
SHA512 f29faf108e32ce1ddc45b13f65c64ce7166acdeca55f8a02ef6cf604910e6489b04cb7d6569ff3f649f1792babae1906ebaa58cce3aaff2eebad6cdbcf7f0e00

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

MD5 009ca439b8e68dbdb83850d51b07c736
SHA1 b8dd1986d15aef3dcba09c954577c780b549c582
SHA256 4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43
SHA512 25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

MD5 3dbfab45dc5699ad008586e555592bfe
SHA1 75481ecccc3cbe1e04dd6bcb215f8a76907a9e08
SHA256 a668b4e84f298c8b29bef63db15421084a41f7eff163e7812f6a06efe1f706ab
SHA512 2fffabae1674d33d9199f47864b5eb42031ee47ed5bfae4ea57d986fb586572d8d6dd15a567c761e00788ed912e1d58bf3256df3fd73bc117acccfc0a0135a41

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 f9431a923b1e127af603d7c480b7f12b
SHA1 ea7bd609ddfc801fc059e8cea785755393bc5936
SHA256 19cf446204fa4a7833aee531b16c2e89dc5e327388fc05289fd34d61a2d69712
SHA512 60ee268296b8d87e6d2a65bc6122ba955e7d2fb25c9c280a6e2f53eca22505647285478a4564f8b5eb2e9cbea71f96f9dd8c61c360d1ae071dc0c34c856dc712

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 d04aa4e56e99f055ce52f2adf648b074
SHA1 ac4f424c1748b25b4d3804815c49e613440b68c7
SHA256 d32fbbaeebb6cd262027d30ecccf40b9f8c122751b6d79297ffbd686ac91cea8
SHA512 65e5d0fc7689255856a28406a6f37b7f7a5a48e003f7081cd146ccba622a5e335c8c28d6728b3c98efaaa0d54fb44cbec3c902fed9488e7bcefff61463467859

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 2bc18e4524a0a07f53b71ee7f1e8d3c6
SHA1 a66548d0e06ef07af6009c751023186439896362
SHA256 d1a91ff2d8508b204f051c85b6646f2c97b0a3db03adfed6d372fe86bff63c9b
SHA512 abf474ebf5ebc2de7887cf1cb842c40ac00e1a6baae7d36649912a4a0acbab1db2d1e132b3aae6a55563b692c0cf66e9d6284e4ed3710f0fcee8c66a63f83527

C:\Program Files (x86)\Steam\userdata\1214517055\config\librarycache\1977530.json

MD5 83e116280797c50cccb1ded159026469
SHA1 ab7a67f644fd764c046a4212196694aea6b950b2
SHA256 5dabbbfaf9d109090b6081ecdc5ced56475bfca19d5f3df4693eb3531c120efd
SHA512 b3f41e5adddb1409e81dda2ba0f329692bfa5422cfc55ddcfa36e5a8c933dd392150cbfb0b9a7c3fe342c461906dfdc1a0258d1d5323995569fe67f7798328f5

C:\Program Files (x86)\Steam\userdata\1214517055\config\librarycache\730.json

MD5 ecd70cc2f0cf1e0aefd0966155a0e770
SHA1 51fb3070225d3eb82c150044db9629ca29a02b1f
SHA256 7bc12011de6460ddcf76db1cb8a6d4e40330f1c87ae170c0d860cfccecdb55bd
SHA512 746d1fd3d8a4452157f34c7eb956d1c67fed61d212353f861c1e4e20bea271eda12225663b97d95abff7e42a8c70d1c8a9031b98c17c159df99c294088f42940

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 847c41385041ea050c04bf1f43ed70ba
SHA1 d2685ef6ed5ac964dd315b1b5e4184ae42e4ec22
SHA256 befe6390f02da19f1abad3c77d2d953e9f2f4419d983d6249d74278ed13f14f4
SHA512 da8b4fcd4af81a954fad2ddbd945df3c08e6313ff5bb30d9294fa5e3ea396b957c7198b13646a77560fc29e64be9a26e8b6a16fb92d8fae61280be92d27e4381

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 f5f958c563682b5747f9f08dc2e01e83
SHA1 ae914186a3766e0ba1c7152124aca9e7f4397328
SHA256 8e89328f17e24908409b9d863a977499eb2bb8eca62c8593e1ce825e6a66d778
SHA512 e90ac8ee8231366b780b88b42064295467c6278c584fe944141460dd5b2e16f01034098f5470f67d53a2ecadd765f81fcbf6e1f64424248f5eb18b508ea7261a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 53a0d38a7eb713ad736702f9080bfb7c
SHA1 4db7e87d5a98306ae92d9abf6fe1f069a92f1ee9
SHA256 cc989fb5f3a621c03106a415321f93f2ef854896c08922ab4fbed55011a3913e
SHA512 a043506d696f2acc9e0146955242343bfc32fdb4b66476375556e35c6a05490b86cf2c981925718fc7051aee7b78fd30d6799fc9c19e7a0f0f7bbaf5009ee548

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 8fc561ed1f1a7bbfc3ff44abecd8cf22
SHA1 5716ca04d3702baada66061b24e79bcfad98b4cb
SHA256 944d2fe51b7c68933537b9c033d7e6d8d434c700e42c2225606a800879f0c694
SHA512 e78ec05059051a78952a8a6c26fb18e5089b27ea631b8e960be7f4edaba69d16fec4ee0677e22832ebb7292e3ce6b7f87199142be31ac36c93e2de941a48d10a

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 f4805714e4c00d40e74c8e75be8fc1d3
SHA1 6888ea9adcbaaff2faca307378b2b1a90b394f3c
SHA256 476c8176c212c63f566bdec4c88b6e948a801fe0ce7b8af7f8a50c5cd400382a
SHA512 5564e43c26b6c7821cbe0617432e6fd0b2402aaee991e52a00311b5041a4ec5cd2e8eeddb1d4b6813007c1608d74924e6668361832fd1622f52da541280444d8