Malware Analysis Report

2025-01-18 23:53

Sample ID 241114-vgjshs1gjn
Target http://google.com
Tags
steam defense_evasion discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://google.com was found to be: Likely malicious.

Malicious Activity Summary

steam defense_evasion discovery persistence phishing

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Drops desktop.ini file(s)

Checks installed software on the system

Adds Run key to start application

Suspicious use of SetThreadContext

Detected potential entity reuse from brand STEAM.

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

NTFS ADS

Enumerates system info in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 16:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 16:57

Reported

2024-11-14 17:17

Platform

win11-20241007-en

Max time kernel

1199s

Max time network

1188s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A
N/A N/A C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0319.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\c19.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_plus_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\overlay_koreana.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_down_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf~RFe5c4d2d.TMP C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0312.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_dpad_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_gyro_roll_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_button_plus.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_ps4_gamepad_fps.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\beta.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\grid_top_focus2.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_touch_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_tile_scroll.wav_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\httpcache\bb\bb1f15a9008b558dd2b37f67cbcf5e283cb3befb_da39a3ee5e6b4b0d3255bfef95601890afd80709 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_finnish.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_mouse_scroll_up_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\win32_win_min.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_rt_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf~RFe5b3361.TMP C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\tabStdBottomLeft.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_right_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_rstick_right.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_tchinese-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamclean_spanish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_ring_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_xboxelite.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\gridview_shadow.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\downloading\3590\drm\common\scripts\Default.luc C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_button_create_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_r_click_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_stop_down.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_r_down_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_color_outlined_button_y_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0110.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_l_touch_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\config\libraryfolders.vdf C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\drm\common\fonts\Arial9.txt C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_right_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_gyro_pitch_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PreorderCancelled.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf~RFe5b5e88.TMP C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_r2_half_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOffTopLeft.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\joyconpair_right_sr_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_button_square_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\updatecontrollerfirmware.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_button_l_arrow_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\crash_reporter.cfg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\httpcache\e4\e4e481819d48e5baca9bfaa37abdd4cd4f69cc6e_da39a3ee5e6b4b0d3255bfef95601890afd80709 C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_l2_soft_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_plus_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_l2_soft_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\LICENSE C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\manifest.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\_metadata\verified_contents.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\manifest.fingerprint C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4249425805-3408538557-1766626484-1000\{F18D6780-F33E-469D-8EA8-E293FE834C45} C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4249425805-3408538557-1766626484-1000\{390AD83C-BBC3-4587-AA29-91CEBC96B920} C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\steam.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 784853.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3d9f3cb8,0x7ffc3d9f3cc8,0x7ffc3d9f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5016" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ffc3d34af00,0x7ffc3d34af0c,0x7ffc3d34af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1560,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1564 --mojo-platform-channel-handle=1552 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2156,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2160 --mojo-platform-channel-handle=2152 /prefetch:11

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004D0

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2760,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2764 --mojo-platform-channel-handle=2756 /prefetch:13

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3132 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2472 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3748,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1128 --mojo-platform-channel-handle=3744 /prefetch:14

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3796 --mojo-platform-channel-handle=2080 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4212,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3928 --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4392,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4396 --mojo-platform-channel-handle=4388 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4480,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4484 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4208,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4288 --mojo-platform-channel-handle=4220 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3888,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3872 --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4496,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4488 --mojo-platform-channel-handle=4504 /prefetch:10

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=2028,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3596 --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3916,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3872 --mojo-platform-channel-handle=4464 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3796,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3836 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4396,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4528 --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4192,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4168 --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4620,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4476 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4248,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4276 --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4544,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4452 --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4416,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4580 --mojo-platform-channel-handle=4332 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4168,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4652 --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4064,i,3956826314282079238,12312038032393265787,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4324 --mojo-platform-channel-handle=4676 /prefetch:12

C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe

"C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe"

C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe

"C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe" -changedir="C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 6880 -steampid 5016 -manuallyclearframes 0 -gameid 3590

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\helppane.exe

C:\Windows\helppane.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528882

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffc3d9f3cb8,0x7ffc3d9f3cc8,0x7ffc3d9f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14836504535950992237,5408848833725583046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.187.238:80 google.com tcp
GB 142.250.187.238:80 google.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
NL 20.190.160.17:443 login.microsoftonline.com tcp
GB 23.73.137.233:443 aefd.nelreports.net tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
GB 88.221.135.115:80 r11.o.lencr.org tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
GB 23.73.137.233:443 aefd.nelreports.net udp
GB 104.82.234.109:443 api.steampowered.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
GB 88.221.134.234:80 test.steampowered.com tcp
N/A 127.0.0.1:62527 tcp
N/A 127.0.0.1:62506 tcp
GB 104.82.234.109:443 api.steampowered.com tcp
PE 155.133.244.34:27032 ext1-lim1.steamserver.net tcp
PE 155.133.244.34:27025 ext1-lim1.steamserver.net tcp
CL 155.133.249.164:27022 ext2-scl1.steamserver.net tcp
CL 155.133.249.164:27038 ext2-scl1.steamserver.net tcp
AR 155.133.255.164:27032 ext2-eze1.steamserver.net tcp
AR 155.133.255.100:27020 ext1-eze1.steamserver.net tcp
BR 155.133.227.50:27036 ext2-gru1.steamserver.net tcp
BR 155.133.227.34:27023 ext1-gru1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
CL 155.133.249.164:443 ext2-scl1.steamserver.net tcp
AR 155.133.255.164:443 ext2-eze1.steamserver.net tcp
US 162.254.199.165:27018 cmp1-atl3.steamserver.net tcp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
GB 88.221.134.89:80 e6.o.lencr.org tcp
US 8.8.8.8:53 165.199.254.162.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 216.58.212.227:443 tcp
GB 104.82.234.109:443 api.steampowered.com tcp
AE 185.25.183.52:27022 ext2-dxb1.steamserver.net tcp
AE 185.25.183.52:27019 ext2-dxb1.steamserver.net tcp
AE 185.25.183.52:443 ext2-dxb1.steamserver.net tcp
IN 155.133.224.22:27029 ext1-bom2.steamserver.net tcp
IN 155.133.224.23:27025 ext2-bom2.steamserver.net tcp
IN 155.133.224.23:443 ext2-bom2.steamserver.net tcp
IN 155.133.225.20:27030 ext1-maa2.steamserver.net tcp
IN 155.133.225.20:27031 ext1-maa2.steamserver.net tcp
IN 155.133.225.21:443 ext2-maa2.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
HK 103.28.54.100:443 cmp1-hkg1.steamserver.net tcp
DE 155.133.250.4:27020 cmp1-fra1.steamserver.net tcp
US 8.8.8.8:53 23.224.133.155.in-addr.arpa udp
US 8.8.8.8:53 20.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 21.225.133.155.in-addr.arpa udp
US 8.8.8.8:53 4.124.10.103.in-addr.arpa udp
GB 88.221.134.89:80 e6.o.lencr.org tcp
GB 88.221.134.137:80 e6.o.lencr.org tcp
US 8.8.8.8:53 137.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 p2p-bom2.discovery.steamserver.net udp
GB 216.58.212.227:443 udp
N/A 10.127.255.255:27036 udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:80 cdn.steamstatic.com tcp
US 151.101.3.52:80 cdn.steamstatic.com tcp
US 151.101.3.52:80 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.89:80 r11.o.lencr.org tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 steamcommunity-a.akamaihd.net udp
US 8.8.8.8:53 steamcommunity-a.akamaihd.net udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
GB 88.221.134.216:443 steamcommunity-a.akamaihd.net tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
N/A 127.0.0.1:27060 tcp
GB 88.221.134.216:443 steamcommunity-a.akamaihd.net tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
GB 88.221.134.216:443 steamcommunity-a.akamaihd.net tcp
GB 104.82.234.109:443 api.steampowered.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.131.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.134.137:80 r10.o.lencr.org tcp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:53 cache2-lhr1.steamcontent.com udp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
US 8.8.8.8:53 cache5-lhr1.steamcontent.com udp
GB 162.254.196.5:443 cache5-lhr1.steamcontent.com tcp
US 8.8.8.8:53 5.196.254.162.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 151.101.131.52:443 client-update.steamstatic.com tcp
US 151.101.131.52:443 client-update.steamstatic.com tcp
US 151.101.131.52:443 client-update.steamstatic.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
GB 88.221.134.211:443 tcp
GB 88.221.134.211:443 tcp
GB 88.221.134.211:443 tcp
GB 88.221.134.211:443 tcp
GB 88.221.134.211:443 tcp
GB 88.221.134.211:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 211.134.221.88.in-addr.arpa udp
GB 104.83.1.150:443 tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
GB 142.250.179.251:443 steamcloud-us-east1.storage.googleapis.com tcp
US 8.8.8.8:53 251.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 steamcloud-us-east.s3.dualstack.us-east-1.amazonaws.com udp
US 8.8.8.8:53 steamcloud-london.storage.googleapis.com udp
US 16.182.70.226:443 steamcloud-us-east.s3.dualstack.us-east-1.amazonaws.com tcp
GB 216.58.204.91:443 steamcloud-london.storage.googleapis.com tcp
GB 216.58.204.91:443 steamcloud-london.storage.googleapis.com tcp
US 8.8.8.8:53 91.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 226.70.182.16.in-addr.arpa udp
US 8.8.8.8:53 5.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
FR 3.165.130.26:80 ocsp.r2m01.amazontrust.com tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
US 23.192.21.216:443 store.steampowered.com tcp
GB 23.73.138.209:443 aefd.nelreports.net udp
GB 88.221.135.0:443 www.bing.com tcp
GB 23.73.138.209:443 aefd.nelreports.net udp
DE 20.209.33.1:443 steamcloudfrankfurt.blob.core.windows.net tcp
GB 95.101.143.211:443 www.bing.com tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.3:443 th.bing.com tcp
GB 95.101.143.193:443 r.bing.com tcp
GB 95.101.143.193:443 r.bing.com tcp
GB 88.221.135.3:443 th.bing.com tcp
US 8.8.8.8:53 3.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 193.143.101.95.in-addr.arpa udp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 p2p-bom2.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-bom2.discovery.steamserver.net udp
GB 88.221.135.26:443 www.bing.com tcp
GB 88.221.134.129:80 clientconfig.akamai.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
GB 95.101.143.218:443 www.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d91478312beae099b8ed57e547611ba2
SHA1 4b927559aedbde267a6193e3e480fb18e75c43d7
SHA256 df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043
SHA512 4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

\??\pipe\LOCAL\crashpad_5076_RIEMKPOUYBBHUKYI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7145ec3fa29a4f2df900d1418974538
SHA1 1368d579635ba1a53d7af0ed89bf0b001f149f9d
SHA256 efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59
SHA512 5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a24e1570fee15669627d27568469c68
SHA1 4f960de60ed0b01eaf8fd7c9c2eb8c133a0bec11
SHA256 e69aac78bc5e457752aa6c4679ae356f36e75e5b28ed601bd1c690c129bce6dc
SHA512 c82869492492429c1311e64c16b130624cca666efdd07fb649aff58fe7049912a68722d87206f8458811a166a5a1c1115d24b0177b705de49d1f9d4b4b24dfd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ae62fb24997dec74cbd76f79c097cfa
SHA1 56121ad047ff4afc3578f3c6d2fd5462644b4342
SHA256 b467ccea3b45ad08f95a6ac3278490dc066317a2bcf50f71cacd61abcefd0f21
SHA512 2284b2d4d5d01de47ae680752a198a10a2bdc7db0d89d01d6ac737912dcb8e6d03c07c561e27056b1f3d9c219fe9a6a27948f9107c35aec97be76a916447eefa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1e11e8fab609e6cd08a2d15ab7b51ab
SHA1 0951daee04157aa6b3e3f47fbd76eeb5b83ad4e7
SHA256 5064a67b14e42fffcfe0e78b1b309dbc2521fc5b7941eef681ebbdb6ad6807c8
SHA512 7fd5ab927d4ee4cdf6d594f5a240d73db9d2a704dae5abf6c3c1976d6d8d62de19f81c1c29e44ab60e92616acd116814120e489851dcf91017dfe5ffcbe5721d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e53c3cabeb9ff05d1a74810144a8d825
SHA1 f771e09b61bff16a4216699f04586a796903f0c3
SHA256 1c1b41bd2e9aa7f4eacd74b6f8096a61593e94bd7e2370a60a66e45e6e6b1d11
SHA512 33d301e6b1e1d50e9ac4b52a12c5ac72797b80c932f76581e2b4f4452a85e06c31ca5e50558ac05d88e94e89e836bfbe70918bf468b3f7f736cf433c79adcab7

C:\Users\Admin\Downloads\Unconfirmed 784853.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Temp\nsn3E3F.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsn3E3F.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa5131a2314aaf0eaec61b3e2840d986
SHA1 de06ba65926a27ca851858e058b3c0ddf1465d13
SHA256 00499318101708d18f9fcca0582209ca57a4dd539b9b0387c2a119f9d3aff7a6
SHA512 2c422cf7f2bf545e90e8a4a31ff0401a03426cb0f8cf7735ecd51b1a806c591553d95f6d76989bae40bb51890280b2940278e82617bd26b20bcafd8695a86bab

C:\Users\Admin\AppData\Local\Temp\nsn3E3F.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsn3E3F.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt

MD5 f350c8747d77777f456037184af9212c
SHA1 753d8c260b852a299df76c4f215b0d2215f6a723
SHA256 15b6a564e05857a3d2fd6eec85a5a30c491a7553d15ffc025156b3665b919185
SHA512 efb86809a0b357b4fcd3ba2770c97d225d0f4d9fb7430c515e847c3dd77ee109def4bef11b650b9773c17050e618008fc03377638c1db3393ac780b5b0bc31b2

C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt

MD5 cadd7a2f359b22580bdd6281ea23744d
SHA1 e82e790a7561d0908aee8e3b1af97823e147f88b
SHA256 3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99
SHA512 53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt

MD5 29f9a5ab4adfae371bf980b82de2cb57
SHA1 6f7ef52a09b99868dd7230f513630ffe473eddf8
SHA256 711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f
SHA512 543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 53f7e8ac1affb04bf132c2ca818eb01e
SHA1 bffc3e111761e4dc514c6398a07ffce8555697f6
SHA256 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83
SHA512 c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 194a73f900a3283da4caa6c09fefcb08
SHA1 a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA256 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA512 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2c845f7609fd77497bd8a11b7993c567
SHA1 3d4383514d588e6857fa237b754a1aaf5ba8b7a7
SHA256 630fbc0127b23792678a711df5b6f4496801762c7e28b7ca6f2abc06b577af46
SHA512 d2e609c1673800460b89cf4c5b851a34c517ea0cc7c1bdacc5548f97d1fc04a30ea24690c8cb046f090c56876b7bdcd1d7329118066223079133b491aafed5ad

C:\Users\Admin\AppData\Local\Temp\nsn3E3F.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Temp\nsn3E3F.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6d60e3ffdbdb9be70c42dbbf978b8982
SHA1 c766b9b094cd61c5d300db510027f0c6151a201f
SHA256 5c1e96cc380aa23ca073afd765141de08211dfe2a6f9a3599bf10f895dc9e72d
SHA512 e02a3e2ba6408b3d225c7adc66f6b61d048bcab2edc222be2264c36b92b95ad9d0dd323053800c479d158ecc044fc150d9678370939136f70ffd7aaf46fab773

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 948d4c00dbb46efd4be2d1689d30937d
SHA1 af5eebaebf8e2c0e16f0167a62d57dd4bfd66785
SHA256 a61ff7ca823cdc78c2f379abf632f574ed65cf15be2512b4b73f5b046e608d3a
SHA512 ad4f54d8f0fb8c302158a2dd8cf1ba86170eb2d59bf366eeea9b4e15b5d1df354af28030ea219e50dca29b03d92b049d669127486a29d6b261f0b1ade4e0f8e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4273a781af3208770181efa538874bab
SHA1 5583f88d38fbb100eac8bf4e9a0e4615f8adab5e
SHA256 6ffa87bce3daef9aa2d15b8c4764db939dbc886ee5248260044c166d5fc6fe86
SHA512 9f073b52d647669630c9b340a9e2372d104c7c48db20b065ff376a5d86262d4969cc5123b4f49453b1499ea9e6bfbf16d6710127e82f15dde7556bc555361367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595a3c.TMP

MD5 6b2d868c316cd58d6222c71d60ff8914
SHA1 d776c509e4069cf5238beaaafa986e91b3d263a5
SHA256 a287a6a6610ba3aaffdb90118ff8f670092b9a0eff0a9b25de6917f10eefaba1
SHA512 91b1bce7fa8a96e4119e428e33b793edac383eba9a771e52db20fcf9264adbc136c47058501f8debdfc0a7f5530f19f155546e7c58284f37fc7d31b757c061fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 867e2b042cda68a31316528201d9ee14
SHA1 52d66148231b79cdcee2d96f45224517938c7d3b
SHA256 b7d5e28efc786d4d168e5515fb83c88aa547c3c60a56ba9d2bc30700622f36b8
SHA512 01221e6ec74fdecf25ebf4abd44816ff92d8072f556e16327ad9443d5624e35957c0dc30e3618ffa9a8e5caf07941e1e8ce8f3324c30af15757fa52669a903ae

memory/1876-12703-0x0000000000AE0000-0x0000000000F92000-memory.dmp

memory/5744-12740-0x00007FFC4AF30000-0x00007FFC4AF31000-memory.dmp

memory/5744-12741-0x00007FFC4BE30000-0x00007FFC4BE31000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Program Files (x86)\Steam\config\config.vdf~RFe59843a.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Program Files (x86)\Steam\config\config.vdf

MD5 d051c6f0d29a3d267e63cc49cd1adf04
SHA1 53f6b36e2fd029ead2d3e5c20fbeebac0cc23549
SHA256 a5cea719e341e1f22efab05ac27680fa50dde046ee3a01d0cccb123ac0b439b4
SHA512 59b250285c728270091ef386472f10baf93bf4b1d72e6e38be0bf868bc51d8064f083eb02924ef0f846361b46348a31a956845511dd1e46b6170dda0288ad8ed

memory/5016-12845-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/5016-12856-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 04edb84c5b00addce66cffed67a87f97
SHA1 96d9e0cc0fcbea21daa07e4ca0eac9147cf3b90f
SHA256 b64f60c46198feff0d1395dedbc7bb62362e0e5b4d5be98fb75464dd2e7c7b70
SHA512 43d34166dc3be327fe136a2e423fddc0996e049503b89fcfc9743c3263469bf604d60ccf36135495c2af7343252e8b9bc9564ec13179857016fe804051639cca

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe59d6fd.TMP

MD5 3f0c80be3a68de79e1dd6835f842964d
SHA1 cb011c4399168dab969a408f024f6000f23411a1
SHA256 d5e086e7016e2fe097408d11af25e25ec071b944b687bce1f47ba6050860cb55
SHA512 318fa5a4b32ca137a5933a73632752308cfd0d4badfc1099d2b6fba72592e59d8b4752d0ed5034ebd65874054a6ffd318843b83f03788305aecf2ccb44b74978

memory/5016-12866-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/5016-12876-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/5016-12877-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/5016-12878-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/5016-12880-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 efff9b6721a22601ee28c3dfe17e5e14
SHA1 9e1fb637b01f6a8dfb9c52db55aee1e79aa4b7a8
SHA256 e6723a57a355234aca689ba1c84c53edbeb2ceef404b9627e2ef8a98612748ee
SHA512 5aad04a6cdad1e1be092b0484264557ee4dcd17ae5677937344452a2cd3bc895328dcebd7b9248cbd80802685fd6723284847bf2bdf027ab71b4016b539c70f4

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5a928d.TMP

MD5 8b50b3fa30624c4a1be30941646c0519
SHA1 cd509ce39ab5bf2c134953b4e0740c58d31c0f6c
SHA256 0a316049b391e69d764c26c93a036934920d729d59b12d29823e01e6b6f51e14
SHA512 686628563b3a50f11d5b8b5632603c7235e1eccb99cadf076dcb5f646a2f9efa5fc3631ed08dad2b1a3b4d524bd47ca10f31ccd1927b97740a142f9a439ce6b4

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 cc2eb7f5fc2d66df54c73fe2db2d6255
SHA1 bdd24121812378e51518f4ec401867b342ff9871
SHA256 3e50e699b2d06ac0c56a3a53f5457f997a66e3f72f2d18b711bd3d5e799aaf9d
SHA512 0ce4d22a151175cc1f0fe382735d917e0c930f28e7b0b18d838f6b93024b875760fbdabb8f3ba9e42926c6cae19a72b3048cf3cb047f8504a5d01ce7a2ea8d42

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5aa5a7.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/5016-12905-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 0e673297c99122d580a889602779886d
SHA1 86bf4acf8c3f6df236904cd543d597df26d285c5
SHA256 adf657a4ff966c8a71058d83eb7f9ffd96e6bb6b2a9ed56194a4ed9604157d70
SHA512 fe31f2de10a02b25c5526cfa245cddf81d4034b7d63ca78f4ad17b1d57a5a8a2c6fea89da9e30164a9583e2027b572624191aa71544bf38af570d6a3bfd0db64

memory/5016-12915-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\manifest.json

MD5 2ff237adbc218a4934a8b361bcd3428e
SHA1 efad279269d9372dcf9c65b8527792e2e9e6ca7d
SHA256 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827
SHA512 bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2804_1920861025\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

memory/5016-12969-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Program Files (x86)\Steam\userdata\996293921\config\licensecache

MD5 ed15edb2be0cb0e99467a1166ba4e6ec
SHA1 6354b74cd12b2c9e175e0ccd598a563e274ecc29
SHA256 0e9f95fe884efb76ce04a55c0c24f21f04ea27a96d8c56c28a5b3c91d683419f
SHA512 51b80160b6ebe23b176565ac4eae4fe8a7060ee72e1697965ca8f07ea1672c8a09f7e99b2a7a32c049e50f00a351eea2386e345fcbb8391bf02fb38a6af2711e

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 78d60950d4c5ee9db95e3170fe901c45
SHA1 72641db7092933334cc0c912f6a7fab12567e14c
SHA256 92a3ddcdf3b9b78f9a0b6af3604c2567a2a9cae023cf53962abab88cbe06cb33
SHA512 a544b5323e16a0e65424a780753a5e503da80175e391940ddba1dd553e0ec85035a05b26348b4578bd0b6faa774cd934620a2e0c24524d2bdb409bc355ccd602

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf~RFe5b04ee.TMP

MD5 5cb6ac16df0600392beae7a5e201ac4f
SHA1 40ad9ea812229d42a0eb23d45190cb850e1c8a77
SHA256 4377ee91feb66388cf34d3d2cf42f9eebda553ddcc56912df90037152787811c
SHA512 9f106f01c146a5a5f6aef1176c41ea749e59be61deed8f3811058b623f3d6716693d4d375d6be723f5b0eb89901e1dab77232eaf67cbe8b0e6b7e6d270988160

C:\Program Files (x86)\Steam\userdata\996293921\config\licensecache~RFe5b04ee.TMP

MD5 b34922bebac7789d6be9a65c7bcd373d
SHA1 20cec4f88715c5f4ce075c91846da60ce8e8c218
SHA256 9336e2bf253e1a96328e1e47714363489c95eb780ac94ca560d177da86e2459b
SHA512 866283e2b1bab2975421ab1cc0ff73158a988c64319b55b139dedb7075a9e423777a13937d2cfc64708a94df20ef14f4b8c2f558b145b83b0f6431bffaf1c53f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 5eaba6131b5d03b43e4665a5844ecad2
SHA1 5b6611293b49b67553c1634c3be4fadb21be74b2
SHA256 86bf2702dc6051ca421d262c8be43039f35ba6c9fd2b179f0cf07209fd9aa070
SHA512 c7aee324040cbeba2b9947132a002db593d19c53c0317a2d0a18b02b7484bed4fa1c48861d18c1a6a4fba7a680624fbbdbaa4b196860d300f5946d77edae00aa

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 df01aed476cfc6c79d7a77ae00e11043
SHA1 45a9b69c39029ef20376a0ef296626160e243924
SHA256 36a6d1e5fba9d7fddb9d964ba5568a526fdad0219ba2f01e2bb35d51cb2f5a5f
SHA512 bffc2b9eaa5914c88b11200a644b8ead15f5638c4129691beda65b60dd422c9a87e532792cda5962e0deb328a9f02a36f194a548e755995524871dff2f4732a1

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 06568a5cf64ba4a22d1faf5a8d302576
SHA1 0ad7803afee5e24f5200c7bf1a365ddccf957d26
SHA256 c404680d1a9cc3739580e51a005c1af4b67b68bc27573f9f96b8fbafb046ae60
SHA512 d2a8aa181c5c0365ab8163ee9c9a9260b7368ce5cb23462f1e8ec2a6f3407da476f9f8c69205b06684db03a756cfb35a2b9db2632a73e3487355c1391115aa4a

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 6f3543cbe86f1bb6a4f4798977a9abef
SHA1 771b4e8ac028697e0b55af97823a0f60a6134027
SHA256 f3685c9ff884b970f5bb8f2ecb6cad42a97b17768c253153b9232e9929ccd042
SHA512 2cf4763219bf882b0843fcc5876fa40d4966048fee7fc75bd8cb72832cf968dcc4df7248cb85f985f6c5b38a19ab6df08923cc7f75177a2966cf4710d138b041

C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf

MD5 b0f83f7fa83be9f13006982393a0bd83
SHA1 eb2b942b2ecb38e5f99372cb2bd67ee7fe32ed47
SHA256 e8b94ff22034c3f2730029a49e953a58b69d7ee4ec9f2b3cfe2cbf1f3bc29ae3
SHA512 1d93cb6b548106b9fedffaadfb95bc7e7fa39c4a7ee17422d326b6adf82fc1aa9ec569c0e26a99407f8876672634ddf57ff0fcef9de5b2ba0361f4a8363a7869

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 755090ed19788422d02ce869b0c07827
SHA1 8fee0de9bd62d342fb88cefa1a4dda4587bff912
SHA256 a24ea9244f0de0435f7654c6911ba62055e7d407efa70eece0b39f1df86c64aa
SHA512 02b3e6f528ae39624afd997bdfcbe25d0aca7d26522fad8879538a810eb6e3cd2f5b987b4bd8d343c689368d01aa04e5350714c0fe9ffd3e06c052a0516331b9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 18d1491e3bdde9a7134c3e9fae00b23e
SHA1 cbe3059015b390aaccd5bcbf41b9de094c9c0ee5
SHA256 4a18a53e22333ea934f7e867080aed916e4316fda6f3b87b856f976da47ac48e
SHA512 e291dd255ed9a0e022b632557c4690f46f93dda4d20955e73739abe1722e7dc2325dd902b9b392e8155b3fed11de4c0899cc6a5078b78564f302e29fdb94aef0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 f3ee3dba930c2cf10f61bc733a05ab2b
SHA1 854f8012ae99a84f627ca8078810a0dda8ce2fbd
SHA256 c8035745988936c5b6ec5a35e518f072de208eef362ed010daab79e010097ae3
SHA512 8e99ab607c6c5de2624a2cd4ee71d07e41bc10b6cfeb3631c0b92c5b57d40f214a049d5d1bbbdcfa7dd079d775d305061a6664faa3eb82a02a87dc6764d46728

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 c5cc32c07a2b7df377c2414a6d86e423
SHA1 2ea5eb3439c4f092d3b3a09ddfe2a4ede0d98dd5
SHA256 fcbb28d7ab86e15233a07aacd88cb7aa9601a52ab60ff4fe3b614854d585328f
SHA512 0ecf8a5fc60e4848e8f8cee48c47230829db2e3794bb6ae8495da5fd0e8422dd29ebe2f6952b4c097e0d58d21bd5946dd200048296d7708122ad17e4496e1ea2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 ec6978fcf94e0610b3ac406ef61357fe
SHA1 25fbaa80b09e904479004558b5697a7c9a381999
SHA256 c413e9804cda963bc225aa2ec061755bf66bcf9f8598183e1d455f2ce62065c8
SHA512 e79309633839cb394fb2cfcca17273c8b8be0ff7233f73838b6d585e4ec5301eddb70f23804448c7429058c23eca4d1bfe6a135e97a2fb251709b48abd059a04

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 ff7d3d66c6dd8e7acb1c79453d94e650
SHA1 8c3f5e07cb97a14c7284cb8b50c58e1269d7d6fc
SHA256 b51cab4835ddff62e6f010718ca7205046faaaf07780a217214836a4b684f675
SHA512 648ef5238fa8fe580ab455969fbb777fc549c1c54b5aab400a5079ad8488dd8ad08f2bc58c6d8e66454900cf55d6d3e7917fa67340b7630d598f8c46ea78c525

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

MD5 6a7660a9cf075c0de18ad8bc08391407
SHA1 73436fdc5001f7c3e12caaf06c376a820f193e4f
SHA256 73d2a72d46d9061d6a9e409a615e7390f4b5d300bfeaa167db4c3d749c460bca
SHA512 bf833403a920cd6fbe91ce043c485ea92dcbd32d09fa658e4cad900a2d92b748ad5afed62b8f837f71b3fd7c977a1600da9be75d2930ca20c32fdba1d92f0d3d

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

MD5 0b8f38d6f219adb6af9a46e34c8b55c5
SHA1 abfb7eea3e2073ef536ef4c020b79dce54028174
SHA256 c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8
SHA512 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

MD5 a17994636b56a94bd1af32393abef9a4
SHA1 0aff963386bb563bd870c57f56dcc42bd1612927
SHA256 8ee9a35d2a678bd99c85b2976a006799e39b761cfc1f678a0d97294caeba9bc2
SHA512 caed297b0b385c9639f1b2a7cdcd9c011567312600234a4c15fbcd1f6f6370bebf36838d26590ad826cf0bd43927941d12de11cad525a172a62f170e7feaa6e6

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

MD5 009ca439b8e68dbdb83850d51b07c736
SHA1 b8dd1986d15aef3dcba09c954577c780b549c582
SHA256 4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43
SHA512 25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

memory/5016-13244-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 1d4a3952328b3e26a4651655e4eadad6
SHA1 9fb7b7fc94efcd4241508b217075ee083f6a359f
SHA256 0380b357eaf89bc11230aecaeed9861261e58e1f003c96212938291c79e9fccc
SHA512 ae4c3098684ba78e3b30e68d83dafd3da0cb305fd0172036a82243c8fc9149b81a4331a2bcca2794eb361d1647bb48a4ed6d88a62eb79269aa79b56fc251b380

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5b4b9c.TMP

MD5 a099d4d5fecf17db902a6d7d24c97299
SHA1 0d7cde2af2b9ae2c7e5e37d6cc6757f7d8516b71
SHA256 74bc9bfc92c792827d003a8b17e44486051a9c455cff66b076a39cdac6d943c3
SHA512 3e2a10f1be96ac40b5824184b6d5f11f559e85f73f18f5e55544cabd41212caf7e88420d9a69c468a428580ef7d53ce2a214dcba1d06b28a3fece4aac927667e

memory/5016-13459-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/2736-13492-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13491-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13490-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13489-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13488-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13487-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13486-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13482-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13481-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

memory/2736-13480-0x000001FBA50F0000-0x000001FBA50F1000-memory.dmp

C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\3590.json

MD5 658d77ff2d828af4ab88302cfc020b6e
SHA1 8a030053cec643018a10f14deda873e738081a9b
SHA256 20582644c5e03de65b7108bf9f20bf50adb1acc190266dab89ed8c9a9d634357
SHA512 7177422da8e4e09be090dd0faa3ecfd9274776c00954e4f803c4c786c324b7c95959ac02997c593e03615ceca5014e3d4c6864809ce9a4d72ea15447a4c085c1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 2c41aec1e3247c41b33a5da4e09fd816
SHA1 d0333b89dcf02976bcc3689440330107d518d76d
SHA256 e09693e0ea69aec2bee13f78b0e64ff66572766031a3c7a2f2583275101dcc33
SHA512 13b5f02831caa9d93a7ea0e528ee29605337d55cfa0aea1a0f8b460f9fd1fc7c43dd2bf2c78a336e4bf2aeaeb9d9d0ae8b38bdabeb387b4dab1a1fbc75eb2565

C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf

MD5 ecdd70e5f411c6a9da4c302f3cd476ed
SHA1 b2b85a8a953924c7f85be1ae48157e6719028e01
SHA256 0308e98823c3a209f1b7c6103d2812ed886664d3425b37d4bb752a369625b3a4
SHA512 6271d63600428f75492b38f00feebb93f0038b46195c4e652545d6c891dc75b6d62b9d4a370355e5aec5edf5d45343a5b5358aa817ccee343aefab88390dd065

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 be9e360498e9dcdbc2edf2542dc3e84c
SHA1 90f23a11153d2b1a35eebe6552e9f5c8523157ff
SHA256 7e9645af5f012a37aed1509768683545c5150c42eabaae64201e12ef9ed29752
SHA512 b32eaef536f3f53ba8219c45e24fd2649b25b76ca0b631a0a6235ae4a16b12bd41cd623ac28679163a308792a0165be90f0e878d5bd01e58b0d7564baaa8b74e

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 854a83c8c567e8ff8ac2076ceb9c72da
SHA1 aca92841326c78f513518b31be49ec49f9b816aa
SHA256 53426f3632c8afda047adb9be14dd80da34ff59f5171712af17af0fcf924be74
SHA512 acc0a500ed21f4a5daa4492db8187b47cd6deea26a359ac1e151039ca3c5958703271f41c686f5cc7e06182e4dc1efa23d5a7be31338bd33556504d9bf3981e5

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf~RFe5b6f8f.TMP

MD5 c604e73d9df41f5974255dd41280898b
SHA1 4bea8d9d103e730f153c94da4a8548b11d420d26
SHA256 c1c1d4150e206f9fdc2c59f18de77fde1ec3f5e6fc433f02287b28c2f38d3438
SHA512 51436b082cb2b122983d88dd5f675a8ad10fb6f70eac5497208f9c09a11a0de39a1f484e3476f1bafc215fae03a1fa9e8085111902f2be0c7f078c6d7a639415

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Plants vs. Zombies Game of the Year.url

MD5 198556e3ffef4796f784f22a56c22085
SHA1 9652ccc0d67839037cd041fb21aec03105be90ea
SHA256 5fb684fbc8d04ae409cd81c2bc0267fda53ec97f6256249f33b816857d690bea
SHA512 dc9d26fab77f2ea46dfc40442500bffd107dce713256ef531de1d344e4606572fc94b8410e317c8a4064e33bb4ac35e7e1295308cee41f35ebb3659cb90b5589

memory/5016-13663-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 1136f22ccb1158ac1a6d462a6a92374e
SHA1 9a11b3658b527248a2380d245b40af9caebba208
SHA256 256c1ba9c17178c9919715a0ff74ed3fbd2366075be17755be35c930dbd82ee2
SHA512 40bd9bab557d98ebda48b09b5a0e1b98b14322c4db7e1afa55321942b3d426ce818844c5e221c90a45fa6d3b253cad7e9da8ad506296e838cc0c1e3507108a46

memory/5016-13721-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/5016-13739-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/5016-13882-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 ac3c55b989d9db42f81d76bed521b54d
SHA1 81d39583d5356ef8a39c92a26f3e796f7330c5a4
SHA256 e313c61ffbc20a063228c03b8a61a3f8655c170179b09013a5e95bef870762de
SHA512 e4ce681dfe2cd04f414e4bd1e1598c14dd60b8491c5f6ab4450803ad739f0e559bed61573b435f295c80ca57679200cc733f6a61d1f8946ab282e7a6603a50f6

memory/5016-14029-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\730.json

MD5 5216ef382c2d09e344ae46f2c073acab
SHA1 91040770b2b51d00e6b7c32a37315eef249a55bd
SHA256 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617
SHA512 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 ba1260ed8da6a4690844c11007c4450c
SHA1 93720e362b4007c75218c78af1b13001f7f3ca5b
SHA256 424cd3660d5444281c40e4abefa508d6308cc1d7d189a1092e935a26de4175a4
SHA512 3a585b06e051c807417061c55f0594c78d15137d7c7534aa0f700bb185112e9f8c07bc74dcbf4a43b3049037882448d003f186f5dba10f20fd89791aca671db2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 bb0855ed3ca048b79478e97b27031d56
SHA1 58e9f95d923bba12651645421e7a15e342cf8bfc
SHA256 1ea49243d4f13bc56b4d5e1622677be6dae68ae65ef03ff538e57a908f822090
SHA512 d6b6c89f669b66585581eea6fe0d0747d232e40094b98b3703b7c652fced2d63392e797b8a689286b1f4265a0a6161bdbaee6c6df4ebaef5bee89c860d3aaaa3

memory/5016-14221-0x000000006E5C0000-0x000000006F900000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 039434a35f40cad0dbcb6a43999e2a51
SHA1 ec111cb1e022ed495bde683aa478e0a59d7290b4
SHA256 feb41cd141d9bc5810f1d9608ee5ca3fd4d96b4ca5f25736541f413b0f0f52ef
SHA512 b01cc50dc21ce4e683f506fdc35ca84469eeafed0dc7ca997d09ee5140a96ce09a2f3b3218796566ef2de2df5fad75adb866c68ec19b4b7c4e91e75e13409dad

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 f14de1b502653e497900d6a3f9e6678b
SHA1 c41323f37b764b0c131e093dd4eff9e36998ccdc
SHA256 8046a8edecda40f191b01e1712512b8b5f9147e908ab4c87ca6e0979f1e19cd4
SHA512 0299698e248aeae66f77ef4f76917864580a88bb0db8f7c017d0b3adbf840781166df448445335602f153f3baa1db17cc6db2b83860a1e38f807140e54216aa3

C:\Program Files (x86)\Steam\steamapps\downloading\3590\drm\custom\images\bullet2.jpg

MD5 26e188cc0cb9c995e2c73ada142cdfde
SHA1 089024b112d3fcbc147abc2df25e92ff1630cc70
SHA256 6aaafd277264cd1f395e1212c458159cfa1ae8cdd27ea786f4bf194e11dbd4e5
SHA512 4bf9cdca5677a4446378935a4778cffc34484db72c7e676047023b47e0d149f6b9667ba19202158904b45d55fa5163c33fd89ed1720ee53c31a058c5084165af

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 6ff2505932ab39fabe3f72f190fa5d7c
SHA1 859cc6709adf16ac0f79bbf340980a2c6f12b895
SHA256 f6875cc59989b8df22169a03770033ba0640a30f6433753ef7f4dad9543919c4
SHA512 7f72151285134988ee1e77cd894f04f0e2c5a05416b1b94f85a940d87978eca313473cb265175d89a13fd80f8803a060b425d22814d7edb885e20807114bbf78

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 2f160831c57ccebaa39ba83cde1b4a9c
SHA1 92b21970ea38006de2bdb8a9f94155b31285d68a
SHA256 040eb04df77089b35fd06fe177230351606b885b3aafdde506127c9880cc9a08
SHA512 a903fb014548a69603575bebd140bc2fbeeaaa4c977e8e1f616177f011e78615e3e1dafc1baafdb8203c18c87e271b32e84c17c779bee0e437fc256a7f45cace

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 d62f0cdeca910d25ac736b92be8e3658
SHA1 1a1819b775988f3aee203a566fae62809dd03a3d
SHA256 35268a6f731bac0bc3cc945249e4b721d2aa700fd0844701dcf29f0a5f2e4008
SHA512 df7ade33331743ce59b9147e88deb8e9b04247c2980480d1b19c58d377bba8e9d0d4f82a9523bc67c2e8307ffc6bce29d5bddc9383ac76ed03d9785f312302fb

C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe

MD5 c79e7580fcff978afab35caeacbf3ba6
SHA1 2316559c129882a74eb5fcd66de56588d8c45e1e
SHA256 868f8e2bab0d6a7ef8afc4c5960c608eccef82bd086bd6e0c0e2670199a5ca45
SHA512 21daf1f05bdb18d6a52fd9fba4d6d8a21b37bddacb9dfc0fd9de539e9ea71031a22252501da5f969c97fbd5727aaadd9fdcd804cc693a8856fdc313894f5be75

C:\Program Files (x86)\Steam\appcache\librarycache\1245040_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

memory/5016-15086-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/4960-15115-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/4960-15114-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/4960-15117-0x00000000769C0000-0x00000000769C9000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 5a02a1d1dbcbb0c0d1e991dabf98eaf4
SHA1 acde023f14eae45f25e48aa019295c0269ef3521
SHA256 86e062704a98358fa78f9cc7a8801664285a8b85935aff968658bd75b4f3caaa
SHA512 2f28971ca41efaaaa2294de213217d5b7d780ada806c6418cb22ccda448e495d0d292b57f8c8dcbc58891b76da63b6ef3d38b373270407a8a7e4596b380e6de5

memory/6880-15150-0x0000000000820000-0x0000000000821000-memory.dmp

memory/6880-15163-0x0000000010000000-0x0000000010041000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 2523e6eda42c7473b68caa9dfd057684
SHA1 fda104ce7c14083edb46e8d2694fad66d1f6e471
SHA256 9832c713b01d139e13f78db7144ea505a71ed6b1fcbd260ef05cab7bd2c04a35
SHA512 1bc0a9704ccb44e6fd5b052132060e11522ebc8abc281e1d1036de5b7edda85b59e2a16c8a89b94811790346d4bced9af57190871f6a55e99126e527f748d87f

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 040bd08fc02897d8574c49678b61a688
SHA1 d5288fa19913f4c84fa0fe6450bcac3e1eb0c7ce
SHA256 6fa7ebae943e5c63374c39afe94804cdccf6bdd943b5b44aff90cd3482441285
SHA512 479a11275b11bebd2f565e6029e3eae727eb9c986961cfd44e9edab38714e9fe960b1635f91fc90781cb6caff4b7d3c6dc8468da5a97541e31f4c9e543b75def

C:\Program Files (x86)\Steam\userdata\996293921\7\remote\serverbrowser_hist.vdf

MD5 be8d06f59852d7ffa34a2fd907363cf8
SHA1 bd53835b1ce46056951f7cd3c334a8f04afaf8fc
SHA256 3d1f75064b82d8d08cca4f330ee7716cae2e850b1c38774dfb05c495c58d36ef
SHA512 7f4ad271ad90ab5a885cafe5476e20d3901282641fab426d9b7158188b0f8212bf104c61f774ad0dba13c9fda231a153205432be1c2034427a7d8a58fdf119f4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 500cc1514d6e496e8e543abba5b9f69e
SHA1 c43365238347c5034fd1254784eaefe115825d02
SHA256 48d3304a7104096bd03a0b25e4ea5283ac7fd08ed02682b35d39b37acfd02d3e
SHA512 d388774a2c99125d3c17bbbace6ee5586250dde3cb6b1c20a8781e7bc53418c7c2d91bba94f6ddc2d4840780df43eb75f30ebe544367070b2d603e5a4bd6013f

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 d50941700c349f142eb5fc2ee57c1637
SHA1 a791455a53ad1ec7575980f45528c2f80efb1bdf
SHA256 d99e1fd810b70e35bf545821be25f3ce447602425db6c6a19c60bbf5f6a9f46b
SHA512 b3b9638473e6d33ff2ca71eec57faa4463f58fb639fb40aad41667b8a288e8deff5afd7155dc709d1fdf6103cf1b005119a17231cf2b0ca866b6398de574ff0a

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\users.dat

MD5 db08598aacdc539ccd351de43db5b90f
SHA1 7207f1a1aa0f03a1bc6c58458c4f65bb79b82b65
SHA256 d4c24ffe8fde6b8fe7bb85ec03c036816f12857e47146cf6b37910d94864ceb4
SHA512 1ead383dc251658758dfd0386515ed83041e473d828db4364d4e78ffa33d6a03a3a4dbe1e2c598c55a11ff5cf43c1d37507fdd8762a2b57d78d591213965bf53

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user2.dat

MD5 dff9b3efce07f4bd7bbffad498ade49e
SHA1 867e62642aa7cdc3400046ab6526cf0e96d193b1
SHA256 58f50a6f9b75df952620d884ed5f74af1be28ac540014d820bd9e61e8ba3e8b8
SHA512 b9d6ce29428fdce6b1fc23b1b654e8dce82979075e9fa5b051707f374b889f119c7ad21b9024d41543b53eaf83bfa36e1e13f8bf62e248094d5c732e93f09125

memory/5016-15452-0x000000006E5C0000-0x000000006F900000-memory.dmp

memory/6880-15455-0x0000000000400000-0x000000000081E000-memory.dmp

memory/6880-15468-0x0000000010000000-0x0000000010041000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 acc6af7b59c7e2907c57444795a0b5d9
SHA1 89786191832493aab9cdfedee078d1839e817507
SHA256 701306317bbed386ca3014f64e6b28c62942e87e9839bec8cd4d9de2cc60abbe
SHA512 1cca7ed62c1bc2a142dbebf8998458648bda8910d73f073eea81808ec79e5d024803700f5c2f5a9c15ea1444e67bfa836be610aa75f2f7896aed992a21c10adf

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user1.dat

MD5 f854f825bfe4120a4cb7d88cad5fb172
SHA1 7c44a6dee7eac47b948c2023538fe0a0b5fb4f9f
SHA256 482a391925a396265d78b62065827a29f2d561a2e6bfccf5b6910d0ae5cee05f
SHA512 dddb1d9c9821d4fdc7b39ccaa6a211f8b3622a1d8486326f4eab3ecc03e888f100c5813bd71db776f616cc8180e01e014619d7adc21e15463b3273054838b7db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 906ce3938c017e19b9324acacf7dd839
SHA1 e5d56da3f8c66492b7e6abb869f4b3b985e663b3
SHA256 3409418a90d78abb7466f942dcb883fe353099c2491d65b0808e04c9f33fce07
SHA512 e36742c47f68043a59a5c46bdbaff02b349a1e3fdd0cef4d72c949e7bf1a1e78fb5c09eeea3f9808dbb9ac5b55cab9f828913a6be75c07b62ee6187fe38e15f8

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 9477e0125ea349ae093253be5e124070
SHA1 4a238ca8720234b7ec0f57ce03d23f138b8474f3
SHA256 8a8ed6548a9f684bdd29f8c82e245ca775994a92df9447406854d3817a4d8601
SHA512 0d7ba72864f793824389c5ae94d194c14eef2ed441bed0ff6a1eb6bfb5197172baa6572ea4d62ebd6fc3402f71b7437eacac2bcd23cbc0dfcfe78f1d9939b654

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7aaaa1bb7d7d00b51dcf26a0da6536dc
SHA1 e19b821564f0338d3e6ae9b313f717d75d62fa4e
SHA256 d96c27fd7e33fef35ff10146da31bfb6cb239e16b1ddeac1f1ed48bfa1059a52
SHA512 3c4f08496928c1fa4dc0803aeb8682bf720e0be8ed9dbfa3b3a4272e6a7fd79e177f025338d1774aa903253ed3cf72d82cc6df146aae9dda0e414e856882f272

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game1_0.dat

MD5 0f2803db96b9490b8b73fbe29aafebe1
SHA1 563edf51bfdf291447cf58cc970e084e9113aded
SHA256 d7607e2a80f4016c57fb7940aca6e2aa66f8c27c0d0bb48575e0eef5f421b545
SHA512 548cd553430e91beb98088271857c60d80daf5200bf0497a0dab7cd59cec7e633bdfaea7b1a9ba0b421a02f58dfe4a9e2fbb7c741aa141be52c6825aadb0e4d8

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game2_0.dat

MD5 69400543be1ab9bb38459530a5cbd59b
SHA1 183f2b1574776f113ef6d77b495a2e4923399bb9
SHA256 b0f74606619ae04e2cea88984800be4039088fa90439e17014425ad07ff88ac3
SHA512 e7dcba5f3c336e9ea91e9b3aef507d0c78511dd8c8eb120bf95eb95a37f4cd03833136c8a886bb1770cd9a8512b7467bf3ff9da596181ed4865a5d5cebb32712

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6c1f65a437a61811756bc4f8779f0ecb
SHA1 456b1945112728322c2b1890edacdaeda1b3079f
SHA256 7e7b03364882dee5eca361f9f51d32bc65dfaf34100f3549399819d2b4a99af9
SHA512 4a52a312fa62209842215e1820bee4ad64f1c63647ebd17ae97306bf9d5df47b993233f3cb911215878f456521b1909d2616a7c7efa2aa6aba34e4abde51f789

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 9d6216219b063fdc18f2035dd3f1daa9
SHA1 1475cf775d56c939bf17502c6d7954a46eb81c7b
SHA256 9363ae7398177322a493ec65b7c71d0a2968be68d135f5476b3cc2e7c5f1f140
SHA512 e4268aec941884970266cc647449a7d34c44540d1ced801d2716d23af1564934cc9024ca0138208a25d16dbb7e3bfe9a8a19f3ff76d7b318eea089a568d0d28b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 7ef938bda512df3490438613def5fad8
SHA1 7c5cd303a04e19056f8c9185b287a44747a534e0
SHA256 9214455a3bfdd3ebeab96f2f1a68db6cb6a2f4b38040da48810bb8408e04eaa7
SHA512 fc2d1f991835f575f73b1c6195a3effbca14b3673f3af9d0c65a70ebf66a10579210476470ee3b1bde7338b9a0c23f471e37a1299b3ae50f923d20ba760840c9

C:\Program Files (x86)\Steam\userdata\996293921\gamerecordings\gamerecording.pb~RFe600e6b.TMP

MD5 dc8bdae336a183cf7a510fc7de875975
SHA1 17b942eb37489bdd5a1e5343f2bf636d48569ef6
SHA256 deadcc16c3f9fd1bf80db1587decfdb6999902f3fb0fe2a1caf15f94426b7b5e
SHA512 8a3f68242e05a3e8358e596d0e1ecd381c59011151a637ffdebf8457195b9198c4d767a3ee89a8887f96cb18c9eba27d79623bab8727027e4e35a42006114d48

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 003536c47dfe44d1a023fc452c952a9d
SHA1 c408e4b66c0f90b14251e8c66b458f10236e9c25
SHA256 d2ffd96e19196b007df206e745afb1d69de9396414cfd798bcd39604f0eff331
SHA512 dfe88424da68facd15281dead8a3175960343097040aefb953244581edbfa23cbacd19e9594f41bc093e7385eb2ab9ba9c7b5c2a933fcacd7a1ee53c19d2d6fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 98eaf699f517ff88bb2f595bddb2c5d8
SHA1 eae1d3e4c6e6a8f9636c0efb0a04ecbabe8b63ca
SHA256 7aa34824dbe8dbfd8011576a365dcd057127406d61702634d69f0240325cc582
SHA512 7d9623ca066012a200a01bf48e0617fcfb35cad0efff091bc3b7931e98b72b95df66205cfa904ae9b84d92c9fcea421b366d9ef3023c023488cdabf91b5ef8c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 979d29c27a6a81a99609c6b7b3303e20
SHA1 c4c75984955e7e1335bd23b5069dcdb3cb75aa45
SHA256 414c9017a9a0ac1fc5d37a500443a7baa8df099976b37fc9a2bf1e3d8e203d40
SHA512 1f5c1295cb767d0b9208b8dfa148439dfa1a529d47c9b9b412f90092008c6bf303f356f99fb9fbd33fc706633c65d01b54cc29f1f192acb912946d9026c7233f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb09165d81c60a22d2e0f259be9ff226
SHA1 ddd3d99592b823d6ffa7074920f6ac2aa86b54d6
SHA256 1ca0ea014231cc2695fe473029859a8ec7e430d4a36e59d0459f6ceeb50fa7c0
SHA512 511fafa12edb0ccda3c3dc27903df3ef66095733ef6f7d16a2cf07f20e3d90d0166cc6dd3f6c55860b23b37c014efea85a0f807d6be4fa296bf3eacec7c2bd24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 175b81a1da11ca65a9205fb286727e14
SHA1 11d34dd851fb0fba55543b44b31ae3f00f8a5a7a
SHA256 cad650b6f611b77c7095f21220177d8f46b03f3f3c401a4c4e7e6ec389718ac5
SHA512 d08b1cc48bfabedcea9dc328d25688f48757627de19be880c660a4c8cbee4f0b15e8cc67fc4a7c1bc320f3ab6b21dda33362c9a6bd1794c3d699733cf3a99251

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3205bd4fb35a85d5acd44586d4ba5ac1
SHA1 a942f4c7a1d3af405bbfe1435aa534a915ea2537
SHA256 93bdbb65720d0c9c59ec5b72ce46677c6d377af6d6fa326d8daecb72877b2a22
SHA512 5c81ee63bd5d0886b6e76fa5bea0c01d9537dc77584bbcb3d53307d3c5baf3270136d88c12487ec8cf235e0b466a83dfbe14ca98d1240d2fea33b08a880f7a49

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 979130b44968d00b671db6e92e1414ca
SHA1 1932a191bb4f087528406b0d2e0a981bff3c2935
SHA256 b2bdf944dd40c91a76914f2f3a8ab0e3fb3c3e1f734693cd97a472cdda092402
SHA512 d52bb0e6cdce9a7c340b1a448472769ca10c4a9fc288188e1c1d1f1663f245ce6f0a6fb480dc8131ea6cbb0613136a1c4f4ae3755f7f5163beba1d454c52d7ea

C:\Program Files (x86)\Steam\appcache\appinfo.vdf

MD5 1c18dcaa21380e807388369b91c0c78f
SHA1 b0f42ef78937d56d3113919cfeef45ab16b51a6e
SHA256 90b58461815cf1fc0cd85f7f0eaa4bd6ad41f912eca7a104c768473414dfb788
SHA512 416799d012d08d5dae566a1ef9f1524985355d9e2ab82f8bd2c3dcdc34bc96a83dc57b00b8f7036cdc37b0c6de17bca026886b7af42ac1d7c8cb8d0962286d19

C:\Program Files (x86)\Steam\appcache\appinfo.vdf~RFe67a308.TMP

MD5 84670eb13ab4d0dbf3dfcb07b9e9c1bf
SHA1 6ed317b1bcfb89f0001851c7d3d6e2f8afaa1f63
SHA256 9bdb1338dc7f98c82f8838ea8e4ee2c5ac63381936e93efa3e6623159025ad3d
SHA512 9fa941644eef465be1d97f99021f209834ce72a17f3d61a9f63804bf7d83c4087c7880099ac3a35eff647dec8adf9d8520e7c3416bc73888b8f697304ce4113a

C:\Program Files (x86)\Steam\appcache\librarycache\assets.vdf.async5016.tmp

MD5 2eb671d37d595175dfa1baf65f1114bb
SHA1 cd72e9874da800985ba33e42113c6bdc4bceb30b
SHA256 69f95006ae9589513d8c545b1b079d11180a6a6c7b155f33a5ba40e38a2ff942
SHA512 4f090fcac032ecfb10cf18ec17525b60b171fad02a665052c4b57ae5c465ddae457fcd9c940bbc112294724d7291e00f8aabd6b991f10adea0e80df17cc0153f