Malware Analysis Report

2025-01-18 23:52

Sample ID 241115-vmx74a1rbn
Target http://google.com
Tags
steam discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://google.com was found to be: Likely malicious.

Malicious Activity Summary

steam discovery persistence phishing

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Drops desktop.ini file(s)

Checks installed software on the system

Suspicious use of SetThreadContext

Detected potential entity reuse from brand STEAM.

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies system certificate store

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy WMI provider

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 17:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 17:07

Reported

2024-11-15 17:42

Platform

win10ltsc2021-20241023-en

Max time kernel

2100s

Max time network

2097s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\bin\mssmp3.asi_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\GameOverlayUI.exe.log C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_tchinese-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l2_half.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_ring_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_button_share_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_circle.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0310.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0020.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber01.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_left_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0340.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0341.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0503.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\mini_shrink_mouseover.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steam_offline.ico_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_korean.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_square_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_aux_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\3590_library_600x900.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0416.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_touch_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\2805730_header.jpg C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\GameOverlayUI.exe.log C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_german.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0120.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_spanish.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_down_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_Server_Timeout_Steam3.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\nobigpicturewin8amd.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_greek-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber02.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_neptune_gamepad_fps.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0313.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_arabic-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_down.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\chkSelDis.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_swipe.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game2_0.dat C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\desktop_steamcontroller_gordon.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_touch_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_hungarian.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\ugcdownloadpanel.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0401.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\desktop_xboxone.vdf_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\834910_logo.png C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0310.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_020_ammo_010.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_tchinese-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_triangle_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\Program Files (x86)\Steam\steamapps\downloading\3590\drm\common\fonts\_Arial10.png C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_triangle_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_ring_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_square.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_bumper_end_02.wav_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\config\avatarcache\76561198956559649.png C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_french.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\appcache\librarycache\223350_icon.jpg C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\LICENSE C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\manifest.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\_metadata\verified_contents.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\manifest.fingerprint C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\GameOverlayUI.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3785588363-1079601362-4184885025-1000\{9455D907-C586-4BF0-B7F2-3812C6FF1D40} C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\steam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\Steam\steam.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 154419.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4124 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ffdd72946f8,0x7ffdd7294708,0x7ffdd7294718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77e825460,0x7ff77e825470,0x7ff77e825480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=15004" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffdd745af00,0x7ffdd745af0c,0x7ffdd745af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2352,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2356 --mojo-platform-channel-handle=2348 /prefetch:3

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x38c 0x4e8

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2704,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2708 --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3144 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3868,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3860 --mojo-platform-channel-handle=3872 /prefetch:8

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3568,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3552 --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4304,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4308 --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4620,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4700 --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4300,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4324 --mojo-platform-channel-handle=4024 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4840,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4828 --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4812,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4796 --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5104,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5008 --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe

"C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4324,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3764 --mojo-platform-channel-handle=3816 /prefetch:8

C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe

"C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe" -changedir="C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\GameOverlayUI.exe

"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4892,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4724 --mojo-platform-channel-handle=5096 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.187.238:80 google.com tcp
GB 142.250.187.238:80 google.com tcp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 88.221.135.33:443 www.bing.com tcp
GB 88.221.135.33:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
GB 95.101.143.177:443 r.bing.com tcp
GB 95.101.143.177:443 r.bing.com tcp
GB 88.221.135.35:443 th.bing.com tcp
GB 88.221.135.35:443 th.bing.com tcp
US 8.8.8.8:53 177.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 35.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 151.101.131.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 216.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.131.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
GB 88.221.135.35:443 th.bing.com tcp
GB 88.221.135.35:443 th.bing.com tcp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 151.101.195.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 52.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 105.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 125.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 test.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 ipv6check-udp.steamserver.net udp
GB 88.221.134.170:80 test.steampowered.com tcp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
US 8.8.8.8:53 170.134.221.88.in-addr.arpa udp
N/A 127.0.0.1:55741 tcp
N/A 127.0.0.1:55740 tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 8.8.8.8:53 cmp1-lax1.steamserver.net udp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp2-lax1.steamserver.net udp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 162.254.195.75:27018 cmp2-lax1.steamserver.net tcp
US 162.254.195.69:443 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 cmp1-dfw1.steamserver.net udp
US 155.133.253.36:443 cmp1-dfw1.steamserver.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 e6.o.lencr.org udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 88.221.135.105:80 e6.o.lencr.org tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 88.221.134.89:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cmp2-sea1.steamserver.net udp
US 8.8.8.8:53 69.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 75.195.254.162.in-addr.arpa udp
US 8.8.8.8:53 36.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 89.134.221.88.in-addr.arpa udp
US 205.196.6.133:443 cmp2-sea1.steamserver.net tcp
US 205.196.6.133:27018 cmp2-sea1.steamserver.net tcp
US 8.8.8.8:53 cmp1-sea1.steamserver.net udp
US 8.8.8.8:53 cmp2-dfw1.steamserver.net udp
US 205.196.6.132:27018 cmp1-sea1.steamserver.net tcp
US 155.133.253.52:27018 cmp2-dfw1.steamserver.net tcp
US 155.133.253.36:27018 cmp1-dfw1.steamserver.net tcp
US 8.8.8.8:53 cmp1-ord1.steamserver.net udp
US 162.254.193.103:443 cmp1-ord1.steamserver.net tcp
US 8.8.8.8:53 cmp2-ams1.steamserver.net udp
US 8.8.8.8:53 133.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 132.6.196.205.in-addr.arpa udp
US 8.8.8.8:53 52.253.133.155.in-addr.arpa udp
US 8.8.8.8:53 cmp2-lhr1.steamserver.net udp
NL 155.133.248.43:443 cmp2-ams1.steamserver.net tcp
GB 162.254.196.80:27020 cmp2-lhr1.steamserver.net tcp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 43.248.133.155.in-addr.arpa udp
US 8.8.8.8:53 103.193.254.162.in-addr.arpa udp
US 8.8.8.8:53 80.196.254.162.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
GB 172.217.16.238:443 tcp
GB 74.125.97.72:443 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 72.97.125.74.in-addr.arpa udp
N/A 10.127.255.255:27036 udp
US 8.8.8.8:53 clientconfig.akamai.steamstatic.com udp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 199.252.19.2.in-addr.arpa udp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.199:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 95.100.245.51:443 tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 avatars.steamstatic.com udp
US 151.101.67.52:80 avatars.steamstatic.com tcp
US 151.101.67.52:80 avatars.steamstatic.com tcp
US 151.101.67.52:80 avatars.steamstatic.com tcp
US 8.8.8.8:53 187.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
GB 88.221.134.240:443 tcp
GB 95.100.245.51:443 tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
GB 104.83.1.150:443 tcp
US 8.8.8.8:53 240.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 150.1.83.104.in-addr.arpa udp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 88.221.134.240:443 tcp
N/A 127.0.0.1:27060 tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.131.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
GB 95.100.245.51:443 tcp
GB 95.100.245.51:443 tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.82.234.109:443 api.steampowered.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
US 8.8.8.8:53 194.134.221.88.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 172.217.169.67:443 tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 lancache.steamcontent.com udp
US 8.8.8.8:53 shared.steamstatic.com udp
US 8.8.8.8:53 cdn.steamstatic.com udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
US 8.8.8.8:53 cache2-lhr1.steamcontent.com udp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
US 8.8.8.8:53 steamcloud-us-east.s3.dualstack.us-east-1.amazonaws.com udp
US 8.8.8.8:53 steamcloud-us-east1.storage.googleapis.com udp
US 8.8.8.8:53 steamcloud-london.storage.googleapis.com udp
US 8.8.8.8:53 steamcloudfrankfurt.blob.core.windows.net udp
US 16.15.184.59:443 steamcloud-us-east.s3.dualstack.us-east-1.amazonaws.com tcp
GB 142.250.200.27:443 steamcloud-london.storage.googleapis.com tcp
GB 142.250.200.59:443 steamcloud-london.storage.googleapis.com tcp
GB 142.250.200.59:443 steamcloud-london.storage.googleapis.com tcp
DE 20.209.32.33:443 steamcloudfrankfurt.blob.core.windows.net tcp
US 8.8.8.8:53 9.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 27.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 59.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.32.209.20.in-addr.arpa udp
US 8.8.8.8:53 59.184.15.16.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 110.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
BE 18.239.210.27:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 27.210.239.18.in-addr.arpa udp
US 8.8.8.8:53 62.215.239.18.in-addr.arpa udp
US 8.8.8.8:53 223.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 cache11-lhr1.steamcontent.com udp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
US 8.8.8.8:53 cache7-lhr1.steamcontent.com udp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 88.221.135.105:80 e5.o.lencr.org tcp
US 8.8.8.8:53 18.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 6.196.254.162.in-addr.arpa udp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
GB 162.254.196.9:443 cache2-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 162.254.196.6:443 cache7-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
GB 162.254.196.18:443 cache11-lhr1.steamcontent.com tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 shared.steamstatic.com udp
GB 172.217.169.67:443 udp
GB 95.100.245.51:443 tcp
US 8.8.8.8:53 client-update.steamstatic.com udp
US 151.101.195.52:443 client-update.steamstatic.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.135.98:80 r10.o.lencr.org tcp
US 8.8.8.8:53 98.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp
US 8.8.8.8:53 p2p-dfw1.discovery.steamserver.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 557df060b24d910f788843324c70707a
SHA1 e5d15be40f23484b3d9b77c19658adcb6e1da45c
SHA256 83cb7d7b4f4a9b084202fef8723df5c5b78f2af1a60e5a4c25a8ed407b5bf53b
SHA512 78df1a48eed7d2d297aa87b41540d64a94f5aa356b9fc5c97b32ab4d58a8bc3ba02ce829aed27d693f7ab01d31d5f2052c3ebf0129f27dd164416ea65edc911c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

\??\pipe\LOCAL\crashpad_4124_LJBYFJJCXKZFHHEC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 843402bd30bd238629acedf42a0dcb51
SHA1 050e6aa6f2c5b862c224e5852cdfb84db9a79bbc
SHA256 692f41363d887f712ab0862a8c317e4b62ba6a0294b238ea8c1ad4ac0fbcda7a
SHA512 977ec0f2943ad3adb9cff7e964d73f3dadc53283329248994f8c6246dfafbf2af3b25818c54f94cc73cd99f01888e84254d5435e28961db40bccbbf24e966167

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b6c888a06b31eff322c5895307794c6
SHA1 cc6f85527d832f78673171626e4a9f79774b3911
SHA256 a738f2b879c2ac91f9ed14ecce4a5d6e3b6bf7aae2058fbce034d544b99b38b4
SHA512 9f1a3b7e46f6207c0f88eb17eb2547ab7e3f91df5c1615b4d4547d985758d209693dac3fc560a41fc5194c4eb276987e43c5163cfc4e6da0d8464435c0f24a0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 952a6e3cbc50f011cf2f04c9470080ff
SHA1 a0d6a2509af73e523c970f6e4351861bde63d6db
SHA256 faa79ba7dfd140106187ab50f14aa7cca13650f94f796419bc0a44d7a2b79d5f
SHA512 7955092a6086f05268e4b0f88648d9275020b6cad83f81c90eac5a7cd994cc243b8dfab579d4335db62f3577fd2d8a7fbefcad6cc615e2bcf1d014115056cde4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 8dc8763a148dca2a100476d75a527f29
SHA1 7b9c77887bb66f557cafd729289149b5ad6c519b
SHA256 aa2ecbb60ce656b7a0a079391482eeb3b8c613f6e5c142efebea600b8e8b329f
SHA512 e0528f15e4c667d464a7eecec690e656e1fa803a22005f66aef580bc323ef301758ade132d3da56373dd752c08efaa02e6e0efd1ca8a89e1e9d7c040123889d1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 dde72c4790659a377af36a88cba22692
SHA1 dec6440e7b8e34d6a319f2fad372940a609ca184
SHA256 f5c9f21c643ed8abf6701adbdd4f7e9714c9753a89e0b66bac73f9dd8cacd670
SHA512 33cdaeea31a0174a72438813251b7da13b163e93e3adccacab1ced672acac3d92fe6ade30b0491228872c6b7e708b26ddd22e38f2f8ac93e5824e90efb7e6b6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f82ccf3b0b56fbce4c55dfaa83777b9
SHA1 2762c29a5f02055c8df93ba3da47409de735958a
SHA256 6fe1259fb08fa00fe8290a4d4a9577d9dd1428c2d7768e65e40b797086b7fc19
SHA512 10c5acf41ad4e88b8405dfac39dd96bd30e0f7b1b439234ba4e424798bc9d2c3b319be193d328e619ae29cd9c327b523da32eabdd19d7a6a428fb805bb174635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b41171f15a4f73ec8298de7cdcae725c
SHA1 53f55fd94ca6d725b1f9fc9a77d7c4a75f8a35e4
SHA256 69ef5d77fdb4a261be6a5a98208160205f208e5b2601774ba5a8af6b1e79f92d
SHA512 4f8d82cc0338fcc1f145c6819e5d8f8d506a66b1ba63d0d2dbcc03fdb96ebede192482d2ebf00f26e58c233a3fba29f5761ac669abd253e6a2a14d622f84b569

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 74d9eb5260fef5b115bec73a0af9ac54
SHA1 18862574f0044f4591a2c3cf156db8f237787acf
SHA256 7d7e7b38664d625a0bbffbcb7882b175709e92987bf9da113c4745fafbbc361d
SHA512 b85917201b1d4b4542a4424ce40ddd083ddbd0e230e1931fe6f7cdd2aa3d8a0eec8daa743ddc5467f0a92da5594144c602081d941b216ca9cafdfd3c150d32d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6143a4b4b2656e90855c37d13dee39ee
SHA1 bc3d9be647ad30ebd40f04e10839a43e42dab73b
SHA256 6fadc23a9845310d0cde2caa20772e134e85d2c508ec5d9c83977f7aa44807eb
SHA512 28ed532fd2a99e0bdfc8b66e62b31b501ab8f039efacf5374f3fe31afb7e4c0f29b56abb1952d55964310aed5c67c299b9c32e9d2d1ac399fa38f76375edc0f5

C:\Users\Admin\Downloads\Unconfirmed 154419.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ad895969d93f2b70290127be224dc33
SHA1 dc99272ebf9d4e89d476f489436b4167dda97086
SHA256 33f1ce0417bbb7d20a0ae15b987cc89dca1ed346d7fad1e03a75567b9e97e88c
SHA512 475e147f5e596bb83b2a795809d36d4bf868867a6d08a69935fc02833c149a414cad4c91c4195c010c28ecb4eafa10d295e88f67c6602c7fe0a9ced8693e4903

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582bfd.TMP

MD5 de9517bd93456494b36fc0f6d66e18a1
SHA1 2098830a5ea9372665e645035df085da0a609156
SHA256 9c923efbe9f3db3c32a6d10ad0f8acd52aa93b638efae7d2c8fc3aa0fc09b59f
SHA512 2e59ee4892677402924b17f7d7b29a38d1d49153be49aa3a394d62ad320385111bed59b3aa35e212ce5d84e76fa47d21469fddd52c6ebe39bf9b8aa204a7ba7c

C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt

MD5 53f7e8ac1affb04bf132c2ca818eb01e
SHA1 bffc3e111761e4dc514c6398a07ffce8555697f6
SHA256 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83
SHA512 c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70

C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt

MD5 194a73f900a3283da4caa6c09fefcb08
SHA1 a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA256 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA512 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5f2067d49143ee573f33a51ce1b882f4
SHA1 968854c786783ba9d3035a99e1bd97d56bd034b3
SHA256 49403b795696334271b999c96c490f021d6b9c2e1128fb728c3e56912c3afe36
SHA512 6cf281ef9e29c22b901073b79f225d63fef068f9d1ba0b20a62dc66be183a0471dc47295db5843af098098388142829f2a9fd3b8d1bb48050651a00704227fb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 15ea2d55187a4ccf5438cc301de70e64
SHA1 fa466439b82cadc275e646ba4444610b983f838d
SHA256 dcbe45f107b93bf48b7f6c56e5b3d7868720ae408bfdcf5049ef0c4f37b832f3
SHA512 9698d061f61edcbadfee3ceef002b5a3178ae012fe1186ea7ae0c993ff61f32cba49c9a4ee772d66b46fc7495bfc6c8e0e4482c6cef8eeef207c223546f87b42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ba612a347b0256ec6ee656a9ec72c1b
SHA1 82514c8af08c52cf21c08de716773d7cfb7ae98c
SHA256 3563c7f9f6d77ec0f85d21012a46aba1aa7092ddc5811c30483da4baedf6bc27
SHA512 91d11742c1f530bac55a97383681e760b441dd58b65c789be533d5d55168fe5914cf30c12ff62549b4c7bb3c7faeb2513589150256fb004395688f6227c31be0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 73ed1163c0a3b41369e3490b743ce827
SHA1 2b29da4c1384267bf73da886a8356d3dd9c66dcf
SHA256 abb41f54ab6ca03d47fc1a05b9e22f233d488d89cb3bac23c3c13a61e227e4b5
SHA512 88678eb41789f528cad7f432fb194f2eaedebc84d77187c26db3ab0a0b58e4d94d919822e84c833668ee484e2b8573f03fe1262e3300b877f9194dbc57bec0b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef8bfcff41ecd0a6a4645e7b7b4dae52
SHA1 d717ecc64faa4f8641d5fb6da1a59d5afd767c38
SHA256 9cf11060da35dcb64ea582129a9d102e425e4f4fffe8beac67572799932826f8
SHA512 eb9442c603291362475477798f8e65340551e9684ba88715320d0fa4fc9403f1fce14e5eb905cc28539978c8c314670913770543a293c1770f1856ea20040d8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 38c43ed16553421ddb3e97865ca43fe5
SHA1 134cae44131e1fb984ee21aadf35f5ac4b0e08c6
SHA256 53fba3f30e6fd03bb606608412b5b207419c373f6e7299e05a328b0fc1b2ca91
SHA512 a650d8b8afe54e374ed7a3d1998c1aa196288b5683dfbcb3705641f6ed2a8242c84964afb335ad121735b558fb93f61d489fac516d8d9bf6cb34050852898e50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 3997a77fe917bf0af140fdb5198eb1be
SHA1 115905d513f08bac9da62f3e77490aee1f905da5
SHA256 1fe1d449f3b5ea4e55c6814df04fa668e5e9a60a2c50906ec2bb05160f66016f
SHA512 c92624583d35f96ba65820e66fd0af0eea4f667f3c937940fc60c6e0a9b1fe781e04da2ea01540855684bca5d43f176a3bb71bbf212dd54183ab17bdbcb8faf4

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

memory/3724-12942-0x0000000000E80000-0x0000000001332000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

memory/15692-12976-0x00007FFDE6500000-0x00007FFDE6501000-memory.dmp

memory/15692-12975-0x00007FFDE4F00000-0x00007FFDE4F01000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf~RFe59f478.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

C:\Program Files (x86)\Steam\config\config.vdf

MD5 b9a792185974737666f52155c55078d4
SHA1 a9f6fc173b288f9e06fa7d1e092b340fac161724
SHA256 c82598077f05033efed1bf3213ab386257c629157bae772c1f6503d68c52a772
SHA512 72b6dbc560b1a166b95b60fb3262b4388987017e950ca35415b175b7032ac7c2934f26c123d5d94c58be7db4fb3cb6df2a0f7700b04c4582933f97bb157c77e1

memory/15004-13098-0x000000006E080000-0x000000006F3C0000-memory.dmp

memory/15068-13099-0x000001F913190000-0x000001F913239000-memory.dmp

memory/15692-13108-0x000001DE3D830000-0x000001DE3D838000-memory.dmp

memory/15760-13109-0x000001D8B2B60000-0x000001D8B2B68000-memory.dmp

memory/15760-13110-0x000001D8B3080000-0x000001D8B3129000-memory.dmp

memory/15004-13116-0x000000006E080000-0x000000006F3C0000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 602c49f9246967bdcff45b4f43cf2fb0
SHA1 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d
SHA256 a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114
SHA512 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5a419e.TMP

MD5 68b20851ccb9834d21fb32615e42bd43
SHA1 88fab935f0b9484994097c08f785e9ecb7d68127
SHA256 a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f
SHA512 dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 031b987ee716e92fedfa92aad96c4d8b
SHA1 fd293c9c27d97e724de93cddf1f4fbd6673b5735
SHA256 918af5a7c617e6a95d19364ee19467a653b87036f35ae7b75531772f47a5602c
SHA512 859a9b5b30136b39370534530545b6940d29e24b46b831431be569cef87eaa3b7f82a39eded090ae28f644f876d501ea453160d107ff76d0048845bdd43eb912

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5a476a.TMP

MD5 9e11d356a6b9a4bf77bae3cde3e1dbc9
SHA1 e02d37f5f82e04873432f346386d2772cc88835d
SHA256 9c3118f431e885fe4759956aec07ebc8fd9e7d9294cf7ce56affcc2bd3e81c57
SHA512 40d4dacfee9e7362e0fa3ed909e93bdba0c4bc050ad2da94bc2037225861f8343f3113a4df9d1f4ee7484393656feed94714706845d3634389c15758298e59e4

memory/15004-13140-0x000000006E080000-0x000000006F3C0000-memory.dmp

C:\Program Files (x86)\Steam\userdata\996293921\config\licensecache

MD5 79961e6dc460016561658df194fcc820
SHA1 b7f8184193eeb47db1174c09422901f8ad509129
SHA256 cf9da0162aa43ecd7871e3f6e1606472acfd911a0f673c88c0d74641492f3db1
SHA512 5d4e22f3ea23c0d19412aae23947501290833a0f369cc03c8f6f2df0e7b13a760aa43c4e59b66afab10f87f4969e8925426bfcc8b7f78ef93497adeec54c91fd

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf~RFe5a6ca6.TMP

MD5 737431d9989102f5e16ea5d9f6527fb9
SHA1 d626f6d6c58327e6e8651d3b88b1a6f0c315db95
SHA256 3526b7443b185cd4d92fc324674d3be4da31126cb6fbf00ec24c43b509ea9b0a
SHA512 93da2a33d372f90081773e77c03879d44c352048a6470bcb59472d3679a3fcb953801ffe49a958ac6322a95a46dd69082fd61aaa0bd66b6f9759e0951f800eab

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 df22ea1aa0cde8914fa5c4233387f94b
SHA1 6fba38664fcadec15c21be9ed4403a83130fee71
SHA256 e66231f27c2cdafc192ce0266e2e23e51ec061e9fa99c223d4f41726ed6c0b26
SHA512 9ff219988fad14d4c2a9c0c3c321fcbde05e5bcf3b74f3e7162faf44ffb17d5e51bb44f4d00c43386b90e39fe82d31f0dcac5a8f98bb1a42422e14d102bf425c

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 a6043f916b3f91ee25219ff397d398fd
SHA1 956e50842d777710afd2d50ce66544d0d7c595ac
SHA256 38822d29743992c9d5fd3a3c32f7daa8f258eb128318cba24ce42935401be111
SHA512 97a4722ed9486c1faacc592aa9a4c88a195d498312cb9dc9a9ae9f1fd2d349469f8ea1e9889de828418912018f052771cc015f3c56fd8ea7bae55ec06627b55c

C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf

MD5 b0f83f7fa83be9f13006982393a0bd83
SHA1 eb2b942b2ecb38e5f99372cb2bd67ee7fe32ed47
SHA256 e8b94ff22034c3f2730029a49e953a58b69d7ee4ec9f2b3cfe2cbf1f3bc29ae3
SHA512 1d93cb6b548106b9fedffaadfb95bc7e7fa39c4a7ee17422d326b6adf82fc1aa9ec569c0e26a99407f8876672634ddf57ff0fcef9de5b2ba0361f4a8363a7869

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 ccb23a5c7b3095800fea7d8cd6a908bb
SHA1 9eb90cbb88d0a7621be95b80f87a782f48839ba2
SHA256 19c3124781d041de40619e9c4f56bf8051d224a22372107d427aa49ca9a22872
SHA512 67381f244db9cdb9c07231e2454fa6e39ba8cdc9d2c7286bd7db76c0bac00f49c268c333fff0b36b970be5aef1d2386cce1615f972a6258d1f49af483c88ef02

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 a16eef7340365b4844b0c6494a53a64e
SHA1 a6f39248e88cf0d039916810ba90eb585e3126d4
SHA256 7e1bb4de41ab9e1fd7f6e4463629f8a7c8776bd687ad9b671febebfbca7add9c
SHA512 9925e9bb8e7aafeb4e380dea7b4ac71481aa4576c0bc9523dbee3a6bf66f686a858224cf6471ef4614c78a36811a981e73643699b0a96289be517e858111f836

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 e0fb7d3dcfb5935136cd9e2ee1e5da71
SHA1 cd2f86b2f913b7b3bb278c5af78f151b4fcdb780
SHA256 e31c6a420057ff3b1b4e5cf0ef28086ac9b8b03c536a3ce4e0a9d8acdfc6cf2c
SHA512 802f5139e88b5124f1f1c6e63dcb6d4a2e6d892d0bee7ccb137ce045ad5a032470438b2b87355c3b4c1dbd2b30d2ce464d266add82326c2faaab2a17fd9c4194

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 44a4e9bc81f4f949cb9282d359c74ae9
SHA1 63e2275a61e3c8d87ad33297e5f8be3cac678128
SHA256 ffc52692f8e55aa37b7aabc52215693af1e94f9a5462756c39b05621e3824b2c
SHA512 eb8963d5e59556a90196bfc23b8c647c52081709d30d97b75974ec87aa278ef865453be9430f2616ca810b53683d4cbf5da043684f08f5785862aa607d7962a7

memory/16688-13253-0x0000025CF4700000-0x0000025CF47A9000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 3279eec6c21da65efed961bec26a037f
SHA1 e9e066944d0e5d5ecc9561cccb0208ea9297edb6
SHA256 cbf8703cc0c55848a010be0f1cc9782313e934174bcc7f36f7a532d2ea51b1ae
SHA512 b9df61f05aa425749c2cebffb0a2780b67ae6937d1edb556d7f63d617a7e2bd55ba84ba2964ea185484746ce3a8d12c21ce7960d0880cb2e1305eff6229312e4

C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf

MD5 1fc18febb2704105d3c407a1f6c68922
SHA1 1529e8c26f416398ab2c349c355f390fd7600ff4
SHA256 17815379a49bd6d8c1436c13ebc04329f8a5bea24cfa4d87654b342e5cc53183
SHA512 b176eedbbbc00fcb776170e137a0a7fd5702e0ea3af44881a855cc2628a028cc403d7d23c9adb432f14fc614c69993ee265e2679854e991ad35a59e3330542f9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 f42d2f49de69ea5190c8fccacb2d5428
SHA1 c4be08b54c1a93e28a23ab201b919d534c53bbaf
SHA256 c47efcdab23bfadb62a8108c28c175ae307ac5ac08ddc815383e8f32f0d88fc0
SHA512 6186de525ce6c567de3cd131a722546d6e038b696d0d621ee197f310d8ffe866160c5a169f5cf3139ff3edb5e14be9799b96d41cd2783f51bcf3da55c4c82415

memory/15004-13389-0x000000006E080000-0x000000006F3C0000-memory.dmp

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

MD5 9283e8f3984c6c7b87d772f36721a0ad
SHA1 864f9fa32988fb72d919de12b93e7f56942849e8
SHA256 9d8d4f60565654379c5096e62b0930fc9e87cf49259d31af0a9034fb790a7d50
SHA512 9858a8ae89a520eb5ba0126fef080539d7b849498243b1b30f72b915b3b12a48e13712eba8f87e2939630ee44b8c55f894092e38390e6094b756422a784de087

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

MD5 0b8f38d6f219adb6af9a46e34c8b55c5
SHA1 abfb7eea3e2073ef536ef4c020b79dce54028174
SHA256 c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8
SHA512 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002

MD5 8f661b8c2dc08d06a2992b1006fbf95d
SHA1 51f7614ee218ca027670a3bb0d7cfe1f23869602
SHA256 8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a
SHA512 80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003

MD5 944531387ce01bdf7ad736937b9b13b6
SHA1 df6268ebe74638714887588a1f43506b915e717b
SHA256 d6c997210287cecf290cc7c5cc99c13a46d874786d1747cace5f00713069e2a7
SHA512 25cbff327f7af6013476a5453847a5f0a4354a8efe773a4f7f8e29c4b8c12ba8105ed344109cf0a83ee6fe986468c2318b212d2eddc1dc2a6fb4ad9c7f9fc4c2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b

MD5 7ba2988724b43c58850ce67b80289d3f
SHA1 441dc568f1ba2b86541a5424a269746b45a8a3a1
SHA256 2d42bac87f38f3b59963c4a149970f96ed871f5b9216e463c9878ff08f056642
SHA512 295e9316083d27821622f83229e5c86699ea9b27f5b5f054e689fa8190d84686127f878569338a830ba9d0e4d5eda8259326fee6f42d8845440100e99436293a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

MD5 b63db6116a515c8ec16b58bbb1a0db89
SHA1 c8b53c1566bc23bf614f3faf2dd0e2be49aae50b
SHA256 58cf7a378014be774e0348655722edbf63b5470f6a4e84b19bb46e10349189a1
SHA512 b114bbb09dab653809bc63b9b7ce66be04b4baa50fa4ae938b1cafd86eac94b7742ece421fba8c491ad3b95980960acc9d30dc6f0c5e609f1494571583641ab7

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

MD5 1044a2c8b2a2fbe3768b96eea4febde0
SHA1 d358bb622e287edffd920f3d48d7d81d824729f5
SHA256 263dc1acc920ec09e81d5c67e2edd8e53194a121167e08513410174a3b1e3022
SHA512 6d7f68697c7142060bc25e2e9263525e5e50ac1b2081f7741dda59a15779bb0ce9a29283887ff37d80c438a227494e78ceb648a3677bbfc73f6331b4c9794df3

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

MD5 31b05e57c066452d73ab005bb42865f7
SHA1 2a8efd5d7753dd756c539ad66831b01f603fb13c
SHA256 84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071
SHA512 f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

MD5 3e4ece701c7a870cbb5bd42ea916d816
SHA1 26f60d9fc12dff15f9c618001b4cd61a481b86fb
SHA256 9082884d69e4b9a0f1090c330c6b25b19a71a2084cf1eb8cb113105d2b116a6b
SHA512 74f5b0d39505f8da3cac088442d954ae58492e7ef04f2f8c542b1f2065fa044ec427e2912d69f53192ff3025d0256b6b85b770d47500ba7c56d77d4ec177da0b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008

MD5 4d01e326592ce2f559ff1613a10a00f1
SHA1 fb1c762040ee1e36bcb7c44674638b32040fb74c
SHA256 56c9ff85451fcbe3d0c8a80051d5cc690d9731fbdedb6549b4386c6010519078
SHA512 e8f9cb416f7ef90613812861ac6033d712526dc3fa11ef59a1b5929f649a063c176024d2e3e3cffc5ec33e7f516e5fb3d082947b059ef812f701eabaff17b16e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009

MD5 48ffef4fc267c7350a37339001bd1a02
SHA1 9379041d4d542c116b420d014c7ebb68137a008a
SHA256 254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873
SHA512 34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e

MD5 f222656f7796794674f732c474a033ac
SHA1 cea879731968ace9befe205c55679924f033464e
SHA256 2d9259afe79e20ac65865133ee69f28563201da61bbd8142cd964fd0097170d5
SHA512 9a2b31a325d8030a2aa6b5a932a8c56476a7bf995ac61d419e81477a0c7ecf5e92d5d4884a3d3fd9a67bd33dc619665d5e3bc05c3784c3bc51333abe4332b449

memory/17636-13588-0x0000011A89DD0000-0x0000011A89DD8000-memory.dmp

memory/17636-13643-0x0000011A8A480000-0x0000011A8A529000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

MD5 487b3b54635e5e78cb40f06019e3d266
SHA1 5f27d3247d223035162688d39b8ca8921d662c38
SHA256 6ee6a4b5156c04085388db04e54cd35f0b77f68902545cdcbda5367503c0979b
SHA512 64cdd50b84d9cc6a8b39c70bf7c442e11af54401a02fa745d72f0a12fb9e72a64b9f2772bb8a98c489ab18a8d5fb6ff753e6c6922e2fe86117eff2fa63efea77

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

MD5 757750902210ff3c0d12dee4dc5165c6
SHA1 a3599ca4bd5da9fb9c83e26813ef62327c541566
SHA256 72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67
SHA512 ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011

MD5 4d9ecc70dde56858a3451017cd7fd8d9
SHA1 88189cff695c454384884888ea46d9c11060c811
SHA256 e10acc2425b736f904ca0ec762a77b516ce7cea7391354841199e55750eee287
SHA512 dccdf161353e3fbd904b63f646ebf616e9eb977d23933575a307336aed6bb044902e11dc5990aa217f7b8cc16e190a968fc9077fe74f335c195c72de46c6f60c

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010

MD5 38aefef2ea44c17d501cbb38cc0c7e54
SHA1 55dc9404f34f790e42508ea8d74d6ac87c8d6a94
SHA256 29f8a8da900ab06670e7e9c437bd27528ac311b4995d50c702972b29440ab194
SHA512 6cd0e45c109d9ef0e0a3419246af71b9dcca214775116bc5c318df53ab906ca33197d831d0b3c05ba004fd31889a5086454eb6e0ef12e594035d3b89f1d1e157

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 faab6196de825234ec682e2326b70ffa
SHA1 9f2c1d434fef2a97485aea8d53d99684d7f4d23d
SHA256 9e0a70cb5756dcbf975224737d8cb53ee3c04f4dc68f07f42e8b8e416f777ceb
SHA512 01f394e36e470c5082c74ffa43e6b62ef7b8feac16152784cb3516c3e2048e0c1cf643c6726cf2716783e1f7715ad3d4c56d569ecd051236d1e3ef8f592aaf17

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5aa6a1.TMP

MD5 1c36c1c6e36680eeb0dbf197fb122126
SHA1 17d90ccfef115648a5c7a25027b282c91195b9bc
SHA256 48577506849606ff36696881c6c9e1dad82427597702959a5a4c115834a08f6c
SHA512 5d6d04cea2d730cc48d5a243e3939a98a81bdde3cf12b97518ced1dab7b2dd4e5987d6bd8eca86b382473fae1c7f0417924a820eb2f7472f1a6f219cb45202d3

memory/8616-13781-0x0000023094B50000-0x0000023094B58000-memory.dmp

memory/8616-13782-0x0000023095380000-0x0000023095429000-memory.dmp

memory/15004-13793-0x000000006E080000-0x000000006F3C0000-memory.dmp

memory/18076-13904-0x00000220CEFE0000-0x00000220CF089000-memory.dmp

memory/18076-13903-0x00000220CEBD0000-0x00000220CEBD8000-memory.dmp

memory/4432-13956-0x000001C345860000-0x000001C345909000-memory.dmp

memory/4432-13955-0x000001C345380000-0x000001C345388000-memory.dmp

memory/3452-14087-0x000001A2D8720000-0x000001A2D8728000-memory.dmp

memory/3452-14103-0x000001A2D8F50000-0x000001A2D8FF9000-memory.dmp

C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\3590.json

MD5 6c334d6e1bb895bff1e206b8882a8c43
SHA1 2ea3b6cc406b988462433f0a2bcf987875167f6f
SHA256 b8120b3d192d24828b1aaa454c2569d7a203526f130013d906de7b1646d9369d
SHA512 3c91d3b2e35c4136cab81b0ea818f25d3f04fa391cf89a3c4fc6e65caf450b53dae8ce35d0f2989c99b0d34b353814715495018b45952b7683ff4fd9e7e5c9f9

memory/15004-14144-0x000000006E080000-0x000000006F3C0000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 032e9f492375886553d043dca3c298e1
SHA1 1c4571acb836b013d14c6a8f4aa86520e19b3df4
SHA256 2009346a81924f374516e0ab4769369b8ce64bbc29eb08e6e8bffa5911c5787a
SHA512 e3c6d29b785e3420baeec2d446536673969e7ea420733b46b7304105bddcc81defb8c5837e1a0ade3b96b6eb235c758ea992ac0a9ad0044de82aff07f88da16e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 d563065740ba902a5b1e267e346d046f
SHA1 a5562e3f6812f3ccb9d374b54b8358c5c3b3d4fa
SHA256 fb440b58c26272b07e28ebc098f03dd266d944d500f868e31740843c2904079f
SHA512 47ee91443c00f6365e562f30eec2e5fb8a684e305ae58d5bf4233edbc2ff33a4a5117c59a2caaa00586f189d0390ba09220760db3a6ae1e4bf5e76a614e52b08

C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf

MD5 ecdd70e5f411c6a9da4c302f3cd476ed
SHA1 b2b85a8a953924c7f85be1ae48157e6719028e01
SHA256 0308e98823c3a209f1b7c6103d2812ed886664d3425b37d4bb752a369625b3a4
SHA512 6271d63600428f75492b38f00feebb93f0038b46195c4e652545d6c891dc75b6d62b9d4a370355e5aec5edf5d45343a5b5358aa817ccee343aefab88390dd065

C:\Users\Admin\Desktop\Plants vs. Zombies Game of the Year.url

MD5 198556e3ffef4796f784f22a56c22085
SHA1 9652ccc0d67839037cd041fb21aec03105be90ea
SHA256 5fb684fbc8d04ae409cd81c2bc0267fda53ec97f6256249f33b816857d690bea
SHA512 dc9d26fab77f2ea46dfc40442500bffd107dce713256ef531de1d344e4606572fc94b8410e317c8a4064e33bb4ac35e7e1295308cee41f35ebb3659cb90b5589

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 329c5e592579b52bc88769bd273c43d3
SHA1 74e3030814962eee253263943ef87f89084786c5
SHA256 d336323e2085439f36cf8d1eb3cbd3df10f14deeb07ccb003fb49cc30e243a96
SHA512 2cdd2d32fb82863e9151838b4f73bff145daf202c5a36f2f50000e4b29cca4e20af64d0bdd9be00bb1ededcf199d0e6a5466cccbae1327c9dae4783f42ffae97

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 33af69c46fef877746b858ece095f75a
SHA1 c9310c232325261ba895ea72134f1a377519cc5c
SHA256 787ff4dd7fe5d29d6a26c3fcb85ca4a51c679b18ff5651828f5573fe804f135c
SHA512 652c318277b5d69bbd7511ee040237aa66b506fecb3516f1be61d455f31f8e16a587ac5178fcce62e6ed7899050fdfac6a522eb035e66e0832968435723eff52

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5aff12.TMP

MD5 8336cfdc8119df977d6582795d5e26a4
SHA1 05a218ba2de402aa7a12151e62dfdc87a7db9e3f
SHA256 a460988a2c87ecd5edc8ffaf23dfdd657517b06469f03951e805b47e58e0e26c
SHA512 0fae7ee7ae22579353972268a23cb9bc8af60a5c5b338cfc6dca68af09b678e49443f06fbb79513062d643287bbf1ebdcbfad2a9f3d8632c18179046c2c61a59

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 854a83c8c567e8ff8ac2076ceb9c72da
SHA1 aca92841326c78f513518b31be49ec49f9b816aa
SHA256 53426f3632c8afda047adb9be14dd80da34ff59f5171712af17af0fcf924be74
SHA512 acc0a500ed21f4a5daa4492db8187b47cd6deea26a359ac1e151039ca3c5958703271f41c686f5cc7e06182e4dc1efa23d5a7be31338bd33556504d9bf3981e5

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf~RFe5b051d.TMP

MD5 c604e73d9df41f5974255dd41280898b
SHA1 4bea8d9d103e730f153c94da4a8548b11d420d26
SHA256 c1c1d4150e206f9fdc2c59f18de77fde1ec3f5e6fc433f02287b28c2f38d3438
SHA512 51436b082cb2b122983d88dd5f675a8ad10fb6f70eac5497208f9c09a11a0de39a1f484e3476f1bafc215fae03a1fa9e8085111902f2be0c7f078c6d7a639415

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 759c6c8761a986d673997b7c08bbb2e2
SHA1 08c9a6d4d5bf6567f2cc683014a7afb0bcbc56a4
SHA256 d262eea7bc2a2011995efe0010a3580afd2696096a8cbf7e8ca26846ff62df41
SHA512 b17216e3a678d9462d3462728d0e2eccb21456e7e584d558e6c4122710919e43e8ff8ae89efd914159c57755bfb6eceaf6ca4f4da503e83d87558eca87c6559a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b12e8.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

C:\Program Files (x86)\Steam\steamapps\downloading\3590\drm\custom\images\bullet2.jpg

MD5 26e188cc0cb9c995e2c73ada142cdfde
SHA1 089024b112d3fcbc147abc2df25e92ff1630cc70
SHA256 6aaafd277264cd1f395e1212c458159cfa1ae8cdd27ea786f4bf194e11dbd4e5
SHA512 4bf9cdca5677a4446378935a4778cffc34484db72c7e676047023b47e0d149f6b9667ba19202158904b45d55fa5163c33fd89ed1720ee53c31a058c5084165af

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 3e3e611a210a16e07f1dc7de1ad637e4
SHA1 68c6318f50c37c211e9998ae09b2659f00f722eb
SHA256 0faeb55f6f5e0694a092666152050f7030ef33ada897b6724b2928ff7c7b308e
SHA512 dfdd848ab4638eb6301f34b54c20d6658caf78be21dcf552d8a96917a140a8a49185deef1f945038e869e3b683163a5f628bc34f65091a6ca4a4970ab04515fc

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 c409aee720de3d48873650028c9d3e30
SHA1 21551306cbbe5cf7670126b51fda6962c3ccfb9f
SHA256 ce4e49c33dc0bb92a7af5fba2bdc144dffa704449c9719df2300be281dda1043
SHA512 4736feddaeda2ab6f743936cf05b88b6537f8c5aa3713f3c5456b236a458015dd20cfa4f942ab04b6202fa3ac8c14fc09210ab36496b1dec90051e17075e9c16

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 246c555355bf2bd561429cbc06ffeca7
SHA1 18a22b174eb0bb9c45cb4f75ee81f7d8b96cbd92
SHA256 8c62b510d7a8ca0f88af500b3e33a244265508a0b4c75fb3fadbeb7705415e75
SHA512 5cb4c6cb93df32e67d1b637a94863afcd532d195a57d44db1b22b406e287be025b89123cba12ecacfb067392e6582b569e77e590f57b49fa06d6d30fd9bf7e3e

C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe

MD5 c79e7580fcff978afab35caeacbf3ba6
SHA1 2316559c129882a74eb5fcd66de56588d8c45e1e
SHA256 868f8e2bab0d6a7ef8afc4c5960c608eccef82bd086bd6e0c0e2670199a5ca45
SHA512 21daf1f05bdb18d6a52fd9fba4d6d8a21b37bddacb9dfc0fd9de539e9ea71031a22252501da5f969c97fbd5727aaadd9fdcd804cc693a8856fdc313894f5be75

C:\Program Files (x86)\Steam\appcache\librarycache\298986_header.jpg

MD5 6e62a21ff57b6cdcfe4bc918a2937b72
SHA1 46bfe043045332f5991841ba647eb6517fe197f8
SHA256 5aba000fedc6327d703fa37339fbc4f7213d855d613f8ae0504dd8286be6aa44
SHA512 0effc7da21aefc7d86474d76924b0fe7446e9e3ec50199bc9d9ef8ce5d5e8fac6ab4ee9904a0b8a3eed90fce3ae96a52dcba7ed84dd9f452ee68ac8c34e6518f

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\users.dat

MD5 db08598aacdc539ccd351de43db5b90f
SHA1 7207f1a1aa0f03a1bc6c58458c4f65bb79b82b65
SHA256 d4c24ffe8fde6b8fe7bb85ec03c036816f12857e47146cf6b37910d94864ceb4
SHA512 1ead383dc251658758dfd0386515ed83041e473d828db4364d4e78ffa33d6a03a3a4dbe1e2c598c55a11ff5cf43c1d37507fdd8762a2b57d78d591213965bf53

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user2.dat

MD5 dff9b3efce07f4bd7bbffad498ade49e
SHA1 867e62642aa7cdc3400046ab6526cf0e96d193b1
SHA256 58f50a6f9b75df952620d884ed5f74af1be28ac540014d820bd9e61e8ba3e8b8
SHA512 b9d6ce29428fdce6b1fc23b1b654e8dce82979075e9fa5b051707f374b889f119c7ad21b9024d41543b53eaf83bfa36e1e13f8bf62e248094d5c732e93f09125

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user1.dat

MD5 f854f825bfe4120a4cb7d88cad5fb172
SHA1 7c44a6dee7eac47b948c2023538fe0a0b5fb4f9f
SHA256 482a391925a396265d78b62065827a29f2d561a2e6bfccf5b6910d0ae5cee05f
SHA512 dddb1d9c9821d4fdc7b39ccaa6a211f8b3622a1d8486326f4eab3ecc03e888f100c5813bd71db776f616cc8180e01e014619d7adc21e15463b3273054838b7db

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game2_0.dat

MD5 69400543be1ab9bb38459530a5cbd59b
SHA1 183f2b1574776f113ef6d77b495a2e4923399bb9
SHA256 b0f74606619ae04e2cea88984800be4039088fa90439e17014425ad07ff88ac3
SHA512 e7dcba5f3c336e9ea91e9b3aef507d0c78511dd8c8eb120bf95eb95a37f4cd03833136c8a886bb1770cd9a8512b7467bf3ff9da596181ed4865a5d5cebb32712

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game1_0.dat

MD5 0f2803db96b9490b8b73fbe29aafebe1
SHA1 563edf51bfdf291447cf58cc970e084e9113aded
SHA256 d7607e2a80f4016c57fb7940aca6e2aa66f8c27c0d0bb48575e0eef5f421b545
SHA512 548cd553430e91beb98088271857c60d80daf5200bf0497a0dab7cd59cec7e633bdfaea7b1a9ba0b421a02f58dfe4a9e2fbb7c741aa141be52c6825aadb0e4d8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 802b9d8f367e95266b9ad2d5693b19fc
SHA1 a79d32ba9422bd002ee38f27a0c3d204ab5a3b7f
SHA256 baa7e37e2c32bca91e42acf9ca0e53b35eabf35a49b591bc19864e08c9d76343
SHA512 b57c2c1fea76b77eff275a0314354a5492421b97584fd158d02dea50fab5b017c7fafd99803b82fe80b276ce5b6075792234647dd19024e8dde3f8658ffe661b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 90d2dc086501ddf174e05736eab326df
SHA1 852aa3f7f90092bc8e605e9387091af7e0fbcdf0
SHA256 2e9a5bc544e209baa8a77519368512e9ab64613d6fe530859a2857596077aa2d
SHA512 e889d8ee6be557d6790ddf5953e53ce84dd239de3dbdd0c9997745465f30c6d943eadc766179cf4bbece102a08a27357823cdfd764ce2a0c85d1919c3ce7db26

memory/14092-15532-0x0000000010000000-0x0000000010041000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Program Files (x86)\Steam\userdata\996293921\7\remote\serverbrowser_hist.vdf

MD5 be8d06f59852d7ffa34a2fd907363cf8
SHA1 bd53835b1ce46056951f7cd3c334a8f04afaf8fc
SHA256 3d1f75064b82d8d08cca4f330ee7716cae2e850b1c38774dfb05c495c58d36ef
SHA512 7f4ad271ad90ab5a885cafe5476e20d3901282641fab426d9b7158188b0f8212bf104c61f774ad0dba13c9fda231a153205432be1c2034427a7d8a58fdf119f4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 9311bdb1713a9ee2e13497aae0a6fa1c
SHA1 492211baf3d5543545ceefafe879e6d0b8bb5658
SHA256 efc38eed55ec40b365fd28c11f3688e00f0799a17d78a938b30c4edd5dc727ca
SHA512 9ff178354ce02904eead82756cf0cbcb830809ba59f8f4551fb0d4d4077e03088e3eafbc7468aae58ed2a82c4a50e6f415955335a498177b7a8158fd971170be

C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\2371090.json

MD5 5216ef382c2d09e344ae46f2c073acab
SHA1 91040770b2b51d00e6b7c32a37315eef249a55bd
SHA256 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617
SHA512 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a

C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf

MD5 2b221f8f7d7063a7b2de4819ddc7529c
SHA1 630ebc4b43ba1d868eb13fb966b4e1d74676b63c
SHA256 87e70bb32e39bc7a8a2696baaac247d93e733971f932b150c209db2cf2e9ee2a
SHA512 e3b91ac66ccb99c28418b806cef2735b0cc50011fe381ec1f19d9c1bffa30621d182afc9b71b9650594ddb0174604ead863caa6c24900217a1bfe760f7ea791c

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 e4ef4fb0733996d9dbfb84c01aff1729
SHA1 65ea0dd17b5252fbab17940d7b58a5829f8b31d9
SHA256 c188eacda114889f313285b63e4ea0b2dac098475be137875148426f7fff400c
SHA512 cc0780cd54944fac286202c484f124e79d39790a513eb5ca2df08c3e4171160ed9b095820db22f9a3261c32152659d9245efe1efbd811490836b3840637fb663

memory/14092-15813-0x0000000010000000-0x0000000010041000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 3cf13dfd8f21e1a4a4626be653a848a0
SHA1 641ee657c7db344223c610f7ce223f98d5fc3913
SHA256 d4860c749c03af778abb426d67fde09cf48eaf87f0e37a1e79e4d7d3152ebff1
SHA512 ea08423b9499269751b25eb8cff1b025a15564427bc301bcaf5580fc38f16a20146bbfd25de08a374a0383a6ef60d826292fd9573e82536f9ab09815a67e877e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 d4b44c78e805af90d5a1d5587ba3171f
SHA1 9d17734d58dfbc3fd4a6e8433fd46e10bb43a3b4
SHA256 76b46caefb710c6d6b3ef6da9a26c106567ddca4e3a02fa61711f51d44084083
SHA512 3de05bb901b709819862c8cd6b26ec197a947b1869edc2f4514a8fe9d130aeb492fb5aa8cec67be0f11f0c0466734786a68ad2f78fef07b040bc041a6d6b7fb8

C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user1.dat

MD5 89094ef90f2cc1cebb32f952b44b2072
SHA1 72bcfccf53b81de3ac93f28c56782523b3f6c591
SHA256 75321ee2dc355a0f3b160f7433f7ac0d8f51448d05afcf8f754c3f063461f904
SHA512 9209a6c80c92762856bfaf59b47f2e85d24d39cb308b3c839d43085790bde8d708f16475999f8ecd95367b7137d5cf64f13fdd1c83fa0aa9a0ac7fb7cdb95475

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 84dfb0630b934e48096948b985374e6a
SHA1 4048787487856df76261a7129f8197039cd314f1
SHA256 6f898428c583fca1485961d5dcea372fe159b676f26860ae7cba6d98c6421b32
SHA512 8670e32536f0be29e845a35c01410094fea3649177e9df8e491a0c18453ea9306548611bacb32482640553bc11a18f7f0e4a3dc44fa7629109044631c4b22423

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 5e58335b696226600e452ff429d25ae6
SHA1 aa1dc49036bcc6b80a35c700f92c9598ffee34be
SHA256 1cd421f7175811275509b14c2febb58b15dbcd17dd6eba95aaa00e4c63f73841
SHA512 037f99912dc7ef0fe12f51138586610ec3c88d8841a018c048e5031f69049c3a9f9a984375b4607d81bf262490488b98b9af3262578175093d604c30215f7817

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 29313e837290bacf6ae87ab3a5bf9107
SHA1 840c7ba52ef9bb30aabb0fed16106f680ef2e156
SHA256 51300728be45d7f7928e3aff86ebde8487b6dc60dd64ecf590a6baaa62aa5f94
SHA512 a90bb8c99728175716fe0e7316be7e8d1e90979c80d8592fc21d71c91190c4a28bc7dcd327a769875366c683582ed3ea9e3c3481ad80b9f9eeac33791eb1b354