Analysis Overview
Threat Level: Likely malicious
The file http://google.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Adds Run key to start application
Drops desktop.ini file(s)
Checks installed software on the system
Suspicious use of SetThreadContext
Detected potential entity reuse from brand STEAM.
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies system certificate store
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy WMI provider
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-15 17:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-15 17:07
Reported
2024-11-15 17:42
Platform
win10ltsc2021-20241023-en
Max time kernel
2100s
Max time network
2097s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Detected potential entity reuse from brand STEAM.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 15004 set thread context of 4792 | N/A | C:\Program Files (x86)\Steam\steam.exe | C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe |
| PID 4792 set thread context of 14092 | N/A | C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe | C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe |
| PID 4792 set thread context of 14092 | N/A | C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe | C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Steam\package\tmp\bin\mssmp3.asi_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\GameOverlayUI.exe.log | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_tchinese-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_l2_half.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_r_ring_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_button_share_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_circle.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0310.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0020.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber01.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_left_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0340.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0341.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0503.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\mini_shrink_mouseover.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\public\steam_offline.ico_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_korean.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_button_square_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_aux_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\appcache\librarycache\3590_library_600x900.jpg | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0416.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_touch_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\appcache\librarycache\2805730_header.jpg | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\GameOverlayUI.exe.log | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_german.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_050_menu_0120.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_spanish.txt_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_lstick_down_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_Server_Timeout_Steam3.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steam\cached\nobigpicturewin8amd.res_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\friendsui_greek-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\minithrobber02.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_neptune_gamepad_fps.vdf_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0313.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_arabic-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_down.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_dpad_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\graphics\chkSelDis.tga_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_swipe.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_buttons_e_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game2_0.dat | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\desktop_steamcontroller_gordon.vdf_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_touch_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_hungarian.txt.gz_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\layout\ugcdownloadpanel.layout_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0401.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\desktop_xboxone.vdf_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\appcache\librarycache\834910_logo.png | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_035_magic_0310.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_020_ammo_010.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_tchinese-json.js_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_l2_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_triangle_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Steam\steamapps\downloading\3590\drm\common\fonts\_Arial10.png | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_outlined_button_triangle_md.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_ring_lg.png_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_square.svg_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_bumper_end_02.wav_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\config\avatarcache\76561198956559649.png | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_french.txt.gz_ | C:\Program Files (x86)\Steam\steam.exe | N/A |
| File created | C:\Program Files (x86)\Steam\appcache\librarycache\223350_icon.jpg | C:\Program Files (x86)\Steam\steam.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\_platform_specific\win_x64\widevinecdm.dll | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\LICENSE | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\manifest.json | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\_metadata\verified_contents.json | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\manifest.fingerprint | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping15068_968721751\_platform_specific\win_x64\widevinecdm.dll.sig | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\gldriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3785588363-1079601362-4184885025-1000\{9455D907-C586-4BF0-B7F2-3812C6FF1D40} | C:\Windows\system32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steam | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steamlink\Shell | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\Shell\Open\Command | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\URL Protocol | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\steam\DefaultIcon | C:\Program Files (x86)\Steam\steam.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\Steam\steam.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files (x86)\Steam\steam.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 154419.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\GameOverlayUI.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\SteamSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\bin\steamservice.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Steam\steam.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ffdd72946f8,0x7ffdd7294708,0x7ffdd7294718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77e825460,0x7ff77e825470,0x7ff77e825480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2751238164612920276,18346797499769814013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=15004" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffdd745af00,0x7ffdd745af0c,0x7ffdd745af18
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1584,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1588 --mojo-platform-channel-handle=1576 /prefetch:2
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2352,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2356 --mojo-platform-channel-handle=2348 /prefetch:3
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c 0x4e8
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2704,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2708 --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3144 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3868,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3860 --mojo-platform-channel-handle=3872 /prefetch:8
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3568,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3552 --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4304,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4308 --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4620,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4700 --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4300,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4324 --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4840,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4828 --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4812,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4796 --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5104,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=5008 --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
"C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe"
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4324,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3764 --mojo-platform-channel-handle=3816 /prefetch:8
C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe
"C:\ProgramData\PopCap Games\PlantsVsZombies\popcapgame1.exe" -changedir="C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Program Files (x86)\Steam\GameOverlayUI.exe
"C:\Program Files (x86)\Steam\GameOverlayUI.exe" -pid 14092 -steampid 15004 -manuallyclearframes 0 -gameid 3590
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4892,i,852822049997547305,5245650660548247928,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4724 --mojo-platform-channel-handle=5096 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.187.238:80 | google.com | tcp |
| GB | 142.250.187.238:80 | google.com | tcp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| GB | 95.101.143.177:443 | r.bing.com | tcp |
| GB | 95.101.143.177:443 | r.bing.com | tcp |
| GB | 88.221.135.35:443 | th.bing.com | tcp |
| GB | 88.221.135.35:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 177.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.131.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 151.101.131.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| GB | 88.221.135.35:443 | th.bing.com | tcp |
| GB | 88.221.135.35:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.195.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test.steampowered.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | ipv6check-udp.steamserver.net | udp |
| GB | 88.221.134.170:80 | test.steampowered.com | tcp |
| US | 8.8.8.8:53 | ipv6check-http.steamserver.net | udp |
| US | 8.8.8.8:53 | 170.134.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:55741 | tcp | |
| N/A | 127.0.0.1:55740 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | cmp1-lax1.steamserver.net | udp |
| US | 162.254.195.69:27018 | cmp1-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-lax1.steamserver.net | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 162.254.195.75:27018 | cmp2-lax1.steamserver.net | tcp |
| US | 162.254.195.69:443 | cmp1-lax1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-dfw1.steamserver.net | udp |
| US | 155.133.253.36:443 | cmp1-dfw1.steamserver.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 88.221.135.105:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 88.221.134.89:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | cmp2-sea1.steamserver.net | udp |
| US | 8.8.8.8:53 | 69.195.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.195.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.253.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.134.221.88.in-addr.arpa | udp |
| US | 205.196.6.133:443 | cmp2-sea1.steamserver.net | tcp |
| US | 205.196.6.133:27018 | cmp2-sea1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-sea1.steamserver.net | udp |
| US | 8.8.8.8:53 | cmp2-dfw1.steamserver.net | udp |
| US | 205.196.6.132:27018 | cmp1-sea1.steamserver.net | tcp |
| US | 155.133.253.52:27018 | cmp2-dfw1.steamserver.net | tcp |
| US | 155.133.253.36:27018 | cmp1-dfw1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp1-ord1.steamserver.net | udp |
| US | 162.254.193.103:443 | cmp1-ord1.steamserver.net | tcp |
| US | 8.8.8.8:53 | cmp2-ams1.steamserver.net | udp |
| US | 8.8.8.8:53 | 133.6.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.6.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.253.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp2-lhr1.steamserver.net | udp |
| NL | 155.133.248.43:443 | cmp2-ams1.steamserver.net | tcp |
| GB | 162.254.196.80:27020 | cmp2-lhr1.steamserver.net | tcp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 43.248.133.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.193.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 74.125.97.72:443 | udp | |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.97.125.74.in-addr.arpa | udp |
| N/A | 10.127.255.255:27036 | udp | |
| US | 8.8.8.8:53 | clientconfig.akamai.steamstatic.com | udp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 199.252.19.2.in-addr.arpa | udp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| GB | 2.19.252.199:80 | clientconfig.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | steamstore-a.akamaihd.net | udp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.steamstatic.com | tcp |
| GB | 88.221.134.187:443 | steamstore-a.akamaihd.net | tcp |
| GB | 88.221.134.187:443 | steamstore-a.akamaihd.net | tcp |
| GB | 88.221.134.187:443 | steamstore-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 95.100.245.51:443 | tcp | |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | avatars.steamstatic.com | udp |
| US | 151.101.67.52:80 | avatars.steamstatic.com | tcp |
| US | 151.101.67.52:80 | avatars.steamstatic.com | tcp |
| US | 151.101.67.52:80 | avatars.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 187.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.245.100.95.in-addr.arpa | udp |
| US | 151.101.67.52:443 | avatars.steamstatic.com | tcp |
| US | 151.101.67.52:443 | avatars.steamstatic.com | tcp |
| US | 151.101.67.52:443 | avatars.steamstatic.com | tcp |
| GB | 88.221.134.240:443 | tcp | |
| GB | 95.100.245.51:443 | tcp | |
| US | 151.101.3.52:443 | avatars.steamstatic.com | tcp |
| US | 151.101.3.52:443 | avatars.steamstatic.com | tcp |
| US | 151.101.3.52:443 | avatars.steamstatic.com | tcp |
| US | 151.101.3.52:443 | avatars.steamstatic.com | tcp |
| US | 151.101.3.52:443 | avatars.steamstatic.com | tcp |
| US | 151.101.3.52:443 | avatars.steamstatic.com | tcp |
| GB | 104.83.1.150:443 | tcp | |
| US | 8.8.8.8:53 | 240.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.83.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.195.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| GB | 88.221.134.240:443 | tcp | |
| N/A | 127.0.0.1:27060 | tcp | |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| GB | 95.100.245.51:443 | tcp | |
| GB | 95.100.245.51:443 | tcp | |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | steamstore-a.akamaihd.net | udp |
| GB | 88.221.134.194:443 | steamstore-a.akamaihd.net | tcp |
| GB | 88.221.134.194:443 | steamstore-a.akamaihd.net | tcp |
| GB | 88.221.134.194:443 | steamstore-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 194.134.221.88.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 172.217.169.67:443 | tcp | |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lancache.steamcontent.com | udp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.steamstatic.com | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 151.101.131.52:443 | cdn.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cache2-lhr1.steamcontent.com | udp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | steamcloud-us-east.s3.dualstack.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | steamcloud-us-east1.storage.googleapis.com | udp |
| US | 8.8.8.8:53 | steamcloud-london.storage.googleapis.com | udp |
| US | 8.8.8.8:53 | steamcloudfrankfurt.blob.core.windows.net | udp |
| US | 16.15.184.59:443 | steamcloud-us-east.s3.dualstack.us-east-1.amazonaws.com | tcp |
| GB | 142.250.200.27:443 | steamcloud-london.storage.googleapis.com | tcp |
| GB | 142.250.200.59:443 | steamcloud-london.storage.googleapis.com | tcp |
| GB | 142.250.200.59:443 | steamcloud-london.storage.googleapis.com | tcp |
| DE | 20.209.32.33:443 | steamcloudfrankfurt.blob.core.windows.net | tcp |
| US | 8.8.8.8:53 | 9.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.32.209.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.184.15.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 110.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| BE | 18.239.210.27:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 27.210.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.215.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cache11-lhr1.steamcontent.com | udp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.18:443 | cache11-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | cache7-lhr1.steamcontent.com | udp |
| GB | 162.254.196.18:443 | cache11-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 88.221.135.105:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 18.196.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.196.254.162.in-addr.arpa | udp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.9:443 | cache2-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.6:443 | cache7-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.18:443 | cache11-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.18:443 | cache11-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.18:443 | cache11-lhr1.steamcontent.com | tcp |
| GB | 162.254.196.18:443 | cache11-lhr1.steamcontent.com | tcp |
| US | 8.8.8.8:53 | steamstore-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| GB | 172.217.169.67:443 | udp | |
| GB | 95.100.245.51:443 | tcp | |
| US | 8.8.8.8:53 | client-update.steamstatic.com | udp |
| US | 151.101.195.52:443 | client-update.steamstatic.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 88.221.135.98:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 98.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
| US | 8.8.8.8:53 | p2p-dfw1.discovery.steamserver.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 557df060b24d910f788843324c70707a |
| SHA1 | e5d15be40f23484b3d9b77c19658adcb6e1da45c |
| SHA256 | 83cb7d7b4f4a9b084202fef8723df5c5b78f2af1a60e5a4c25a8ed407b5bf53b |
| SHA512 | 78df1a48eed7d2d297aa87b41540d64a94f5aa356b9fc5c97b32ab4d58a8bc3ba02ce829aed27d693f7ab01d31d5f2052c3ebf0129f27dd164416ea65edc911c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
\??\pipe\LOCAL\crashpad_4124_LJBYFJJCXKZFHHEC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 843402bd30bd238629acedf42a0dcb51 |
| SHA1 | 050e6aa6f2c5b862c224e5852cdfb84db9a79bbc |
| SHA256 | 692f41363d887f712ab0862a8c317e4b62ba6a0294b238ea8c1ad4ac0fbcda7a |
| SHA512 | 977ec0f2943ad3adb9cff7e964d73f3dadc53283329248994f8c6246dfafbf2af3b25818c54f94cc73cd99f01888e84254d5435e28961db40bccbbf24e966167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b6c888a06b31eff322c5895307794c6 |
| SHA1 | cc6f85527d832f78673171626e4a9f79774b3911 |
| SHA256 | a738f2b879c2ac91f9ed14ecce4a5d6e3b6bf7aae2058fbce034d544b99b38b4 |
| SHA512 | 9f1a3b7e46f6207c0f88eb17eb2547ab7e3f91df5c1615b4d4547d985758d209693dac3fc560a41fc5194c4eb276987e43c5163cfc4e6da0d8464435c0f24a0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 952a6e3cbc50f011cf2f04c9470080ff |
| SHA1 | a0d6a2509af73e523c970f6e4351861bde63d6db |
| SHA256 | faa79ba7dfd140106187ab50f14aa7cca13650f94f796419bc0a44d7a2b79d5f |
| SHA512 | 7955092a6086f05268e4b0f88648d9275020b6cad83f81c90eac5a7cd994cc243b8dfab579d4335db62f3577fd2d8a7fbefcad6cc615e2bcf1d014115056cde4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 8dc8763a148dca2a100476d75a527f29 |
| SHA1 | 7b9c77887bb66f557cafd729289149b5ad6c519b |
| SHA256 | aa2ecbb60ce656b7a0a079391482eeb3b8c613f6e5c142efebea600b8e8b329f |
| SHA512 | e0528f15e4c667d464a7eecec690e656e1fa803a22005f66aef580bc323ef301758ade132d3da56373dd752c08efaa02e6e0efd1ca8a89e1e9d7c040123889d1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | dde72c4790659a377af36a88cba22692 |
| SHA1 | dec6440e7b8e34d6a319f2fad372940a609ca184 |
| SHA256 | f5c9f21c643ed8abf6701adbdd4f7e9714c9753a89e0b66bac73f9dd8cacd670 |
| SHA512 | 33cdaeea31a0174a72438813251b7da13b163e93e3adccacab1ced672acac3d92fe6ade30b0491228872c6b7e708b26ddd22e38f2f8ac93e5824e90efb7e6b6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f82ccf3b0b56fbce4c55dfaa83777b9 |
| SHA1 | 2762c29a5f02055c8df93ba3da47409de735958a |
| SHA256 | 6fe1259fb08fa00fe8290a4d4a9577d9dd1428c2d7768e65e40b797086b7fc19 |
| SHA512 | 10c5acf41ad4e88b8405dfac39dd96bd30e0f7b1b439234ba4e424798bc9d2c3b319be193d328e619ae29cd9c327b523da32eabdd19d7a6a428fb805bb174635 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b41171f15a4f73ec8298de7cdcae725c |
| SHA1 | 53f55fd94ca6d725b1f9fc9a77d7c4a75f8a35e4 |
| SHA256 | 69ef5d77fdb4a261be6a5a98208160205f208e5b2601774ba5a8af6b1e79f92d |
| SHA512 | 4f8d82cc0338fcc1f145c6819e5d8f8d506a66b1ba63d0d2dbcc03fdb96ebede192482d2ebf00f26e58c233a3fba29f5761ac669abd253e6a2a14d622f84b569 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 74d9eb5260fef5b115bec73a0af9ac54 |
| SHA1 | 18862574f0044f4591a2c3cf156db8f237787acf |
| SHA256 | 7d7e7b38664d625a0bbffbcb7882b175709e92987bf9da113c4745fafbbc361d |
| SHA512 | b85917201b1d4b4542a4424ce40ddd083ddbd0e230e1931fe6f7cdd2aa3d8a0eec8daa743ddc5467f0a92da5594144c602081d941b216ca9cafdfd3c150d32d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6143a4b4b2656e90855c37d13dee39ee |
| SHA1 | bc3d9be647ad30ebd40f04e10839a43e42dab73b |
| SHA256 | 6fadc23a9845310d0cde2caa20772e134e85d2c508ec5d9c83977f7aa44807eb |
| SHA512 | 28ed532fd2a99e0bdfc8b66e62b31b501ab8f039efacf5374f3fe31afb7e4c0f29b56abb1952d55964310aed5c67c299b9c32e9d2d1ac399fa38f76375edc0f5 |
C:\Users\Admin\Downloads\Unconfirmed 154419.crdownload
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\System.dll
| MD5 | a36fbe922ffac9cd85a845d7a813f391 |
| SHA1 | f656a613a723cc1b449034d73551b4fcdf0dcf1a |
| SHA256 | fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0 |
| SHA512 | 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b |
C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\nsDialogs.dll
| MD5 | 4e5bc4458afa770636f2806ee0a1e999 |
| SHA1 | 76dcc64af867526f776ab9225e7f4fe076487765 |
| SHA256 | 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0 |
| SHA512 | b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ad895969d93f2b70290127be224dc33 |
| SHA1 | dc99272ebf9d4e89d476f489436b4167dda97086 |
| SHA256 | 33f1ce0417bbb7d20a0ae15b987cc89dca1ed346d7fad1e03a75567b9e97e88c |
| SHA512 | 475e147f5e596bb83b2a795809d36d4bf868867a6d08a69935fc02833c149a414cad4c91c4195c010c28ecb4eafa10d295e88f67c6602c7fe0a9ced8693e4903 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582bfd.TMP
| MD5 | de9517bd93456494b36fc0f6d66e18a1 |
| SHA1 | 2098830a5ea9372665e645035df085da0a609156 |
| SHA256 | 9c923efbe9f3db3c32a6d10ad0f8acd52aa93b638efae7d2c8fc3aa0fc09b59f |
| SHA512 | 2e59ee4892677402924b17f7d7b29a38d1d49153be49aa3a394d62ad320385111bed59b3aa35e212ce5d84e76fa47d21469fddd52c6ebe39bf9b8aa204a7ba7c |
C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\nsProcess.dll
| MD5 | 08072dc900ca0626e8c079b2c5bcfcf3 |
| SHA1 | 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37 |
| SHA256 | bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8 |
| SHA512 | 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | 33bcb1c8975a4063a134a72803e0ca16 |
| SHA1 | ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65 |
| SHA256 | 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1 |
| SHA512 | 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49 |
C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\nsExec.dll
| MD5 | 2095af18c696968208315d4328a2b7fe |
| SHA1 | b1b0e70c03724b2941e92c5098cc1fc0f2b51568 |
| SHA256 | 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226 |
| SHA512 | 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5 |
C:\Program Files (x86)\Steam\bin\SteamService.exe
| MD5 | ba0ea9249da4ab8f62432617489ae5a6 |
| SHA1 | d8873c5dcb6e128c39cf0c423b502821343659a7 |
| SHA256 | ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d |
| SHA512 | 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b |
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt
| MD5 | 53f7e8ac1affb04bf132c2ca818eb01e |
| SHA1 | bffc3e111761e4dc514c6398a07ffce8555697f6 |
| SHA256 | 488294b7faff720dc3ab5a72e0607761484c678b96d6bcd6aad9ee2388356a83 |
| SHA512 | c2e79c2505a6fd075df113ffce92ad42c146424ca39087601daa4ed15a2b5528d478a093921d9d8a738c7b6b963275a0693ebe526b6e2135d14ced03639d0e70 |
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt
| MD5 | 194a73f900a3283da4caa6c09fefcb08 |
| SHA1 | a7a8005ca77b9f5d9791cb66fcdf6579763b2abb |
| SHA256 | 5e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6 |
| SHA512 | 25842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3 |
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt
| MD5 | b2248784049e1af0c690be2af13a4ef3 |
| SHA1 | aec7461fa46b7f6d00ff308aa9d19c39b934c595 |
| SHA256 | 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690 |
| SHA512 | f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c |
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt
| MD5 | 66456d2b1085446a9f2dbd9e4632754b |
| SHA1 | 8da6248b57e5c2970d853b8d21373772a34b1c28 |
| SHA256 | c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4 |
| SHA512 | 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49 |
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt
| MD5 | 56dcf7b68f70826262a6ffaffe6b1c49 |
| SHA1 | 12e4272ba0e4eabc610670cdc6941f942da1eb6a |
| SHA256 | 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f |
| SHA512 | c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt
| MD5 | e04ad6c236b6c61fc53e2cb57ced87e8 |
| SHA1 | e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4 |
| SHA256 | 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e |
| SHA512 | 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331 |
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt
| MD5 | 6367f43ea3780c4ee166454f5936b1a8 |
| SHA1 | 027a2c24c8320458c49cd78053f586cb4d94ee6f |
| SHA256 | f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998 |
| SHA512 | 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32 |
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
| MD5 | 9b0b0e82f753cc115d87c7199885ad1b |
| SHA1 | 5743a4ab58684c1f154f84895d87f000b4e98021 |
| SHA256 | 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32 |
| SHA512 | b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df |
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
| MD5 | 58e0fcbee3cca4ef61b97928cfe89535 |
| SHA1 | 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b |
| SHA256 | c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425 |
| SHA512 | 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2 |
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
| MD5 | 7913f3f33839e3af9e10455df69866c2 |
| SHA1 | 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25 |
| SHA256 | 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c |
| SHA512 | 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804 |
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
| MD5 | 202b825d0ef72096b82db255c4e747fa |
| SHA1 | 3a3265e5bbaa1d1b774195a3858f29cea75c9e75 |
| SHA256 | 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314 |
| SHA512 | e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566 |
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
| MD5 | 7e1d15fc9ba66a868c5c6cb1c2822f83 |
| SHA1 | bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7 |
| SHA256 | fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265 |
| SHA512 | 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406 |
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
| MD5 | 8958371646901eac40807eeb2f346382 |
| SHA1 | 55fb07b48a3e354f7556d7edb75144635a850903 |
| SHA256 | b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585 |
| SHA512 | 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554 |
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt
| MD5 | 1514d082b672b372cdfb8dd85c3437f1 |
| SHA1 | 336a01192edb76ae6501d6974b3b6f0c05ea223a |
| SHA256 | 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4 |
| SHA512 | 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55 |
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
| MD5 | 18aaaf5ffcdd21b1b34291e812d83063 |
| SHA1 | aa9c7ae8d51e947582db493f0fd1d9941880429f |
| SHA256 | 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5 |
| SHA512 | 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154 |
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
| MD5 | 189ba063d1481528cbd6e0c4afc3abaa |
| SHA1 | 40bdd169fcc59928c69eea74fd7e057096b33092 |
| SHA256 | c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695 |
| SHA512 | ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903 |
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
| MD5 | 5c026fd6072a7c5cf31c75818cddedec |
| SHA1 | 341aa1df1d034e6f0a7dff88d37c9f11a716cae6 |
| SHA256 | 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382 |
| SHA512 | f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12 |
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
| MD5 | 10c429eb58b4274af6b6ef08f376d46c |
| SHA1 | af1e049ddb9f875c609b0f9a38651fc1867b50d3 |
| SHA256 | a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13 |
| SHA512 | d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46 |
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
| MD5 | 9e62fc923c65bfc3f40aaf6ec4fd1010 |
| SHA1 | 8f76faff18bd64696683c2a7a04d16aac1ef7e61 |
| SHA256 | 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7 |
| SHA512 | c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035 |
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
| MD5 | da6cd2483ad8a21e8356e63d036df55b |
| SHA1 | 0e808a400facec559e6fbab960a7bdfaab4c6b04 |
| SHA256 | ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6 |
| SHA512 | 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925 |
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
| MD5 | 31a29061e51e245f74bb26d103c666ad |
| SHA1 | 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc |
| SHA256 | 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192 |
| SHA512 | f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8 |
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
| MD5 | 03b664bd98485425c21cdf83bc358703 |
| SHA1 | 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb |
| SHA256 | fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115 |
| SHA512 | 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d |
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
| MD5 | 2158881817b9163bf0fd4724d549aed4 |
| SHA1 | c500f2e8f47a11129114ee4f19524aee8fecc502 |
| SHA256 | 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7 |
| SHA512 | f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28 |
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
| MD5 | 4c81277a127e3d65fb5065f518ffe9c2 |
| SHA1 | 253264b9b56e5bac0714d5be6cade09ae74c2a3a |
| SHA256 | 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9 |
| SHA512 | be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a |
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
| MD5 | 0340d1a0bbdb8f3017d2326f4e351e0a |
| SHA1 | 90d078e9f732794db5b0ffeb781a1f2ed2966139 |
| SHA256 | 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544 |
| SHA512 | 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93 |
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
| MD5 | eb8926608c5933f05a3f0090e551b15d |
| SHA1 | a1012904d440c0e74dad336eac8793ac110f78f8 |
| SHA256 | 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04 |
| SHA512 | 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a |
C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\nsi277A.tmp\StdUtils.dll
| MD5 | db11ab4828b429a987e7682e495c1810 |
| SHA1 | 29c2c2069c4975c90789dc6d3677b4b650196561 |
| SHA256 | c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376 |
| SHA512 | 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5f2067d49143ee573f33a51ce1b882f4 |
| SHA1 | 968854c786783ba9d3035a99e1bd97d56bd034b3 |
| SHA256 | 49403b795696334271b999c96c490f021d6b9c2e1128fb728c3e56912c3afe36 |
| SHA512 | 6cf281ef9e29c22b901073b79f225d63fef068f9d1ba0b20a62dc66be183a0471dc47295db5843af098098388142829f2a9fd3b8d1bb48050651a00704227fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15ea2d55187a4ccf5438cc301de70e64 |
| SHA1 | fa466439b82cadc275e646ba4444610b983f838d |
| SHA256 | dcbe45f107b93bf48b7f6c56e5b3d7868720ae408bfdcf5049ef0c4f37b832f3 |
| SHA512 | 9698d061f61edcbadfee3ceef002b5a3178ae012fe1186ea7ae0c993ff61f32cba49c9a4ee772d66b46fc7495bfc6c8e0e4482c6cef8eeef207c223546f87b42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ba612a347b0256ec6ee656a9ec72c1b |
| SHA1 | 82514c8af08c52cf21c08de716773d7cfb7ae98c |
| SHA256 | 3563c7f9f6d77ec0f85d21012a46aba1aa7092ddc5811c30483da4baedf6bc27 |
| SHA512 | 91d11742c1f530bac55a97383681e760b441dd58b65c789be533d5d55168fe5914cf30c12ff62549b4c7bb3c7faeb2513589150256fb004395688f6227c31be0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73ed1163c0a3b41369e3490b743ce827 |
| SHA1 | 2b29da4c1384267bf73da886a8356d3dd9c66dcf |
| SHA256 | abb41f54ab6ca03d47fc1a05b9e22f233d488d89cb3bac23c3c13a61e227e4b5 |
| SHA512 | 88678eb41789f528cad7f432fb194f2eaedebc84d77187c26db3ab0a0b58e4d94d919822e84c833668ee484e2b8573f03fe1262e3300b877f9194dbc57bec0b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef8bfcff41ecd0a6a4645e7b7b4dae52 |
| SHA1 | d717ecc64faa4f8641d5fb6da1a59d5afd767c38 |
| SHA256 | 9cf11060da35dcb64ea582129a9d102e425e4f4fffe8beac67572799932826f8 |
| SHA512 | eb9442c603291362475477798f8e65340551e9684ba88715320d0fa4fc9403f1fce14e5eb905cc28539978c8c314670913770543a293c1770f1856ea20040d8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 38c43ed16553421ddb3e97865ca43fe5 |
| SHA1 | 134cae44131e1fb984ee21aadf35f5ac4b0e08c6 |
| SHA256 | 53fba3f30e6fd03bb606608412b5b207419c373f6e7299e05a328b0fc1b2ca91 |
| SHA512 | a650d8b8afe54e374ed7a3d1998c1aa196288b5683dfbcb3705641f6ed2a8242c84964afb335ad121735b558fb93f61d489fac516d8d9bf6cb34050852898e50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 3997a77fe917bf0af140fdb5198eb1be |
| SHA1 | 115905d513f08bac9da62f3e77490aee1f905da5 |
| SHA256 | 1fe1d449f3b5ea4e55c6814df04fa668e5e9a60a2c50906ec2bb05160f66016f |
| SHA512 | c92624583d35f96ba65820e66fd0af0eea4f667f3c937940fc60c6e0a9b1fe781e04da2ea01540855684bca5d43f176a3bb71bbf212dd54183ab17bdbcb8faf4 |
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_
| MD5 | 577b7286c7b05cecde9bea0a0d39740e |
| SHA1 | 144d97afe83738177a2dbe43994f14ec11e44b53 |
| SHA256 | 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824 |
| SHA512 | 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0 |
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
| MD5 | 00bf35778a90f9dfa68ce0d1a032d9b5 |
| SHA1 | de6a3d102de9a186e1585be14b49390dcb9605d6 |
| SHA256 | cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2 |
| SHA512 | 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041 |
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
| MD5 | 836dd6b25a8902af48cd52738b675e4b |
| SHA1 | 449347c06a872bedf311046bca8d316bfba3830b |
| SHA256 | 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64 |
| SHA512 | 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80 |
memory/3724-12942-0x0000000000E80000-0x0000000001332000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\ShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Steam\htmlcache\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/15692-12976-0x00007FFDE6500000-0x00007FFDE6501000-memory.dmp
memory/15692-12975-0x00007FFDE4F00000-0x00007FFDE4F01000-memory.dmp
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | 6e6a2b18264504cc084caa3ad0bfc6ae |
| SHA1 | b177d719bd3c1bc547d5c97937a584b8b7d57196 |
| SHA256 | f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53 |
| SHA512 | 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679 |
C:\Program Files (x86)\Steam\config\config.vdf~RFe59f478.TMP
| MD5 | 3cdebc58a05cdd75f14e64fb0d971370 |
| SHA1 | edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe |
| SHA256 | 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7 |
| SHA512 | 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | a2ec2e91c3ef8c42e22c4887d032b333 |
| SHA1 | e2c738a2e9400535b74e2263c7e7d1ecefe575f2 |
| SHA256 | 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3 |
| SHA512 | b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3 |
C:\Program Files (x86)\Steam\config\config.vdf
| MD5 | b9a792185974737666f52155c55078d4 |
| SHA1 | a9f6fc173b288f9e06fa7d1e092b340fac161724 |
| SHA256 | c82598077f05033efed1bf3213ab386257c629157bae772c1f6503d68c52a772 |
| SHA512 | 72b6dbc560b1a166b95b60fb3262b4388987017e950ca35415b175b7032ac7c2934f26c123d5d94c58be7db4fb3cb6df2a0f7700b04c4582933f97bb157c77e1 |
memory/15004-13098-0x000000006E080000-0x000000006F3C0000-memory.dmp
memory/15068-13099-0x000001F913190000-0x000001F913239000-memory.dmp
memory/15692-13108-0x000001DE3D830000-0x000001DE3D838000-memory.dmp
memory/15760-13109-0x000001D8B2B60000-0x000001D8B2B68000-memory.dmp
memory/15760-13110-0x000001D8B3080000-0x000001D8B3129000-memory.dmp
memory/15004-13116-0x000000006E080000-0x000000006F3C0000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json
| MD5 | 602c49f9246967bdcff45b4f43cf2fb0 |
| SHA1 | 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d |
| SHA256 | a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114 |
| SHA512 | 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5a419e.TMP
| MD5 | 68b20851ccb9834d21fb32615e42bd43 |
| SHA1 | 88fab935f0b9484994097c08f785e9ecb7d68127 |
| SHA256 | a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f |
| SHA512 | dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | 031b987ee716e92fedfa92aad96c4d8b |
| SHA1 | fd293c9c27d97e724de93cddf1f4fbd6673b5735 |
| SHA256 | 918af5a7c617e6a95d19364ee19467a653b87036f35ae7b75531772f47a5602c |
| SHA512 | 859a9b5b30136b39370534530545b6940d29e24b46b831431be569cef87eaa3b7f82a39eded090ae28f644f876d501ea453160d107ff76d0048845bdd43eb912 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5a476a.TMP
| MD5 | 9e11d356a6b9a4bf77bae3cde3e1dbc9 |
| SHA1 | e02d37f5f82e04873432f346386d2772cc88835d |
| SHA256 | 9c3118f431e885fe4759956aec07ebc8fd9e7d9294cf7ce56affcc2bd3e81c57 |
| SHA512 | 40d4dacfee9e7362e0fa3ed909e93bdba0c4bc050ad2da94bc2037225861f8343f3113a4df9d1f4ee7484393656feed94714706845d3634389c15758298e59e4 |
memory/15004-13140-0x000000006E080000-0x000000006F3C0000-memory.dmp
C:\Program Files (x86)\Steam\userdata\996293921\config\licensecache
| MD5 | 79961e6dc460016561658df194fcc820 |
| SHA1 | b7f8184193eeb47db1174c09422901f8ad509129 |
| SHA256 | cf9da0162aa43ecd7871e3f6e1606472acfd911a0f673c88c0d74641492f3db1 |
| SHA512 | 5d4e22f3ea23c0d19412aae23947501290833a0f369cc03c8f6f2df0e7b13a760aa43c4e59b66afab10f87f4969e8925426bfcc8b7f78ef93497adeec54c91fd |
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf~RFe5a6ca6.TMP
| MD5 | 737431d9989102f5e16ea5d9f6527fb9 |
| SHA1 | d626f6d6c58327e6e8651d3b88b1a6f0c315db95 |
| SHA256 | 3526b7443b185cd4d92fc324674d3be4da31126cb6fbf00ec24c43b509ea9b0a |
| SHA512 | 93da2a33d372f90081773e77c03879d44c352048a6470bcb59472d3679a3fcb953801ffe49a958ac6322a95a46dd69082fd61aaa0bd66b6f9759e0951f800eab |
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf
| MD5 | df22ea1aa0cde8914fa5c4233387f94b |
| SHA1 | 6fba38664fcadec15c21be9ed4403a83130fee71 |
| SHA256 | e66231f27c2cdafc192ce0266e2e23e51ec061e9fa99c223d4f41726ed6c0b26 |
| SHA512 | 9ff219988fad14d4c2a9c0c3c321fcbde05e5bcf3b74f3e7162faf44ffb17d5e51bb44f4d00c43386b90e39fe82d31f0dcac5a8f98bb1a42422e14d102bf425c |
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf
| MD5 | a6043f916b3f91ee25219ff397d398fd |
| SHA1 | 956e50842d777710afd2d50ce66544d0d7c595ac |
| SHA256 | 38822d29743992c9d5fd3a3c32f7daa8f258eb128318cba24ce42935401be111 |
| SHA512 | 97a4722ed9486c1faacc592aa9a4c88a195d498312cb9dc9a9ae9f1fd2d349469f8ea1e9889de828418912018f052771cc015f3c56fd8ea7bae55ec06627b55c |
C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf
| MD5 | b0f83f7fa83be9f13006982393a0bd83 |
| SHA1 | eb2b942b2ecb38e5f99372cb2bd67ee7fe32ed47 |
| SHA256 | e8b94ff22034c3f2730029a49e953a58b69d7ee4ec9f2b3cfe2cbf1f3bc29ae3 |
| SHA512 | 1d93cb6b548106b9fedffaadfb95bc7e7fa39c4a7ee17422d326b6adf82fc1aa9ec569c0e26a99407f8876672634ddf57ff0fcef9de5b2ba0361f4a8363a7869 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | ccb23a5c7b3095800fea7d8cd6a908bb |
| SHA1 | 9eb90cbb88d0a7621be95b80f87a782f48839ba2 |
| SHA256 | 19c3124781d041de40619e9c4f56bf8051d224a22372107d427aa49ca9a22872 |
| SHA512 | 67381f244db9cdb9c07231e2454fa6e39ba8cdc9d2c7286bd7db76c0bac00f49c268c333fff0b36b970be5aef1d2386cce1615f972a6258d1f49af483c88ef02 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | a16eef7340365b4844b0c6494a53a64e |
| SHA1 | a6f39248e88cf0d039916810ba90eb585e3126d4 |
| SHA256 | 7e1bb4de41ab9e1fd7f6e4463629f8a7c8776bd687ad9b671febebfbca7add9c |
| SHA512 | 9925e9bb8e7aafeb4e380dea7b4ac71481aa4576c0bc9523dbee3a6bf66f686a858224cf6471ef4614c78a36811a981e73643699b0a96289be517e858111f836 |
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf
| MD5 | e0fb7d3dcfb5935136cd9e2ee1e5da71 |
| SHA1 | cd2f86b2f913b7b3bb278c5af78f151b4fcdb780 |
| SHA256 | e31c6a420057ff3b1b4e5cf0ef28086ac9b8b03c536a3ce4e0a9d8acdfc6cf2c |
| SHA512 | 802f5139e88b5124f1f1c6e63dcb6d4a2e6d892d0bee7ccb137ce045ad5a032470438b2b87355c3b4c1dbd2b30d2ce464d266add82326c2faaab2a17fd9c4194 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 44a4e9bc81f4f949cb9282d359c74ae9 |
| SHA1 | 63e2275a61e3c8d87ad33297e5f8be3cac678128 |
| SHA256 | ffc52692f8e55aa37b7aabc52215693af1e94f9a5462756c39b05621e3824b2c |
| SHA512 | eb8963d5e59556a90196bfc23b8c647c52081709d30d97b75974ec87aa278ef865453be9430f2616ca810b53683d4cbf5da043684f08f5785862aa607d7962a7 |
memory/16688-13253-0x0000025CF4700000-0x0000025CF47A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 3279eec6c21da65efed961bec26a037f |
| SHA1 | e9e066944d0e5d5ecc9561cccb0208ea9297edb6 |
| SHA256 | cbf8703cc0c55848a010be0f1cc9782313e934174bcc7f36f7a532d2ea51b1ae |
| SHA512 | b9df61f05aa425749c2cebffb0a2780b67ae6937d1edb556d7f63d617a7e2bd55ba84ba2964ea185484746ce3a8d12c21ce7960d0880cb2e1305eff6229312e4 |
C:\Program Files (x86)\Steam\userdata\996293921\config\localconfig.vdf
| MD5 | 1fc18febb2704105d3c407a1f6c68922 |
| SHA1 | 1529e8c26f416398ab2c349c355f390fd7600ff4 |
| SHA256 | 17815379a49bd6d8c1436c13ebc04329f8a5bea24cfa4d87654b342e5cc53183 |
| SHA512 | b176eedbbbc00fcb776170e137a0a7fd5702e0ea3af44881a855cc2628a028cc403d7d23c9adb432f14fc614c69993ee265e2679854e991ad35a59e3330542f9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | f42d2f49de69ea5190c8fccacb2d5428 |
| SHA1 | c4be08b54c1a93e28a23ab201b919d534c53bbaf |
| SHA256 | c47efcdab23bfadb62a8108c28c175ae307ac5ac08ddc815383e8f32f0d88fc0 |
| SHA512 | 6186de525ce6c567de3cd131a722546d6e038b696d0d621ee197f310d8ffe866160c5a169f5cf3139ff3edb5e14be9799b96d41cd2783f51bcf3da55c4c82415 |
memory/15004-13389-0x000000006E080000-0x000000006F3C0000-memory.dmp
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt
| MD5 | 9283e8f3984c6c7b87d772f36721a0ad |
| SHA1 | 864f9fa32988fb72d919de12b93e7f56942849e8 |
| SHA256 | 9d8d4f60565654379c5096e62b0930fc9e87cf49259d31af0a9034fb790a7d50 |
| SHA512 | 9858a8ae89a520eb5ba0126fef080539d7b849498243b1b30f72b915b3b12a48e13712eba8f87e2939630ee44b8c55f894092e38390e6094b756422a784de087 |
C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt
| MD5 | 0b8f38d6f219adb6af9a46e34c8b55c5 |
| SHA1 | abfb7eea3e2073ef536ef4c020b79dce54028174 |
| SHA256 | c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8 |
| SHA512 | 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002
| MD5 | 8f661b8c2dc08d06a2992b1006fbf95d |
| SHA1 | 51f7614ee218ca027670a3bb0d7cfe1f23869602 |
| SHA256 | 8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a |
| SHA512 | 80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003
| MD5 | 944531387ce01bdf7ad736937b9b13b6 |
| SHA1 | df6268ebe74638714887588a1f43506b915e717b |
| SHA256 | d6c997210287cecf290cc7c5cc99c13a46d874786d1747cace5f00713069e2a7 |
| SHA512 | 25cbff327f7af6013476a5453847a5f0a4354a8efe773a4f7f8e29c4b8c12ba8105ed344109cf0a83ee6fe986468c2318b212d2eddc1dc2a6fb4ad9c7f9fc4c2 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000b
| MD5 | 7ba2988724b43c58850ce67b80289d3f |
| SHA1 | 441dc568f1ba2b86541a5424a269746b45a8a3a1 |
| SHA256 | 2d42bac87f38f3b59963c4a149970f96ed871f5b9216e463c9878ff08f056642 |
| SHA512 | 295e9316083d27821622f83229e5c86699ea9b27f5b5f054e689fa8190d84686127f878569338a830ba9d0e4d5eda8259326fee6f42d8845440100e99436293a |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005
| MD5 | b63db6116a515c8ec16b58bbb1a0db89 |
| SHA1 | c8b53c1566bc23bf614f3faf2dd0e2be49aae50b |
| SHA256 | 58cf7a378014be774e0348655722edbf63b5470f6a4e84b19bb46e10349189a1 |
| SHA512 | b114bbb09dab653809bc63b9b7ce66be04b4baa50fa4ae938b1cafd86eac94b7742ece421fba8c491ad3b95980960acc9d30dc6f0c5e609f1494571583641ab7 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a
| MD5 | 1044a2c8b2a2fbe3768b96eea4febde0 |
| SHA1 | d358bb622e287edffd920f3d48d7d81d824729f5 |
| SHA256 | 263dc1acc920ec09e81d5c67e2edd8e53194a121167e08513410174a3b1e3022 |
| SHA512 | 6d7f68697c7142060bc25e2e9263525e5e50ac1b2081f7741dda59a15779bb0ce9a29283887ff37d80c438a227494e78ceb648a3677bbfc73f6331b4c9794df3 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006
| MD5 | 31b05e57c066452d73ab005bb42865f7 |
| SHA1 | 2a8efd5d7753dd756c539ad66831b01f603fb13c |
| SHA256 | 84d0be622ddeef6d0793df5d274965d6d13a756979b4b484185dc7a051eb4071 |
| SHA512 | f793863cec23493b58311d37720fe7d48e21c92da5cbc9c5d4562e47a046e33be4584d58a1c031513298c55a9c33f5e591fd5ce831c9c33af9c2594bb071c277 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007
| MD5 | 3e4ece701c7a870cbb5bd42ea916d816 |
| SHA1 | 26f60d9fc12dff15f9c618001b4cd61a481b86fb |
| SHA256 | 9082884d69e4b9a0f1090c330c6b25b19a71a2084cf1eb8cb113105d2b116a6b |
| SHA512 | 74f5b0d39505f8da3cac088442d954ae58492e7ef04f2f8c542b1f2065fa044ec427e2912d69f53192ff3025d0256b6b85b770d47500ba7c56d77d4ec177da0b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000008
| MD5 | 4d01e326592ce2f559ff1613a10a00f1 |
| SHA1 | fb1c762040ee1e36bcb7c44674638b32040fb74c |
| SHA256 | 56c9ff85451fcbe3d0c8a80051d5cc690d9731fbdedb6549b4386c6010519078 |
| SHA512 | e8f9cb416f7ef90613812861ac6033d712526dc3fa11ef59a1b5929f649a063c176024d2e3e3cffc5ec33e7f516e5fb3d082947b059ef812f701eabaff17b16e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000009
| MD5 | 48ffef4fc267c7350a37339001bd1a02 |
| SHA1 | 9379041d4d542c116b420d014c7ebb68137a008a |
| SHA256 | 254467e453cf3cae3c70085b41462cd71b233c247b5e212f444347537b4c4873 |
| SHA512 | 34b459dde39b3056e2f0a4c593b342d32829c9eebb2b01f146aefa0d54f0b52ecf4954873cf76b424abb25f84370d0b5ac06fdac734b397a7444b4b64b4d52f6 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000e
| MD5 | f222656f7796794674f732c474a033ac |
| SHA1 | cea879731968ace9befe205c55679924f033464e |
| SHA256 | 2d9259afe79e20ac65865133ee69f28563201da61bbd8142cd964fd0097170d5 |
| SHA512 | 9a2b31a325d8030a2aa6b5a932a8c56476a7bf995ac61d419e81477a0c7ecf5e92d5d4884a3d3fd9a67bd33dc619665d5e3bc05c3784c3bc51333abe4332b449 |
memory/17636-13588-0x0000011A89DD0000-0x0000011A89DD8000-memory.dmp
memory/17636-13643-0x0000011A8A480000-0x0000011A8A529000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012
| MD5 | 487b3b54635e5e78cb40f06019e3d266 |
| SHA1 | 5f27d3247d223035162688d39b8ca8921d662c38 |
| SHA256 | 6ee6a4b5156c04085388db04e54cd35f0b77f68902545cdcbda5367503c0979b |
| SHA512 | 64cdd50b84d9cc6a8b39c70bf7c442e11af54401a02fa745d72f0a12fb9e72a64b9f2772bb8a98c489ab18a8d5fb6ff753e6c6922e2fe86117eff2fa63efea77 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013
| MD5 | 757750902210ff3c0d12dee4dc5165c6 |
| SHA1 | a3599ca4bd5da9fb9c83e26813ef62327c541566 |
| SHA256 | 72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67 |
| SHA512 | ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000011
| MD5 | 4d9ecc70dde56858a3451017cd7fd8d9 |
| SHA1 | 88189cff695c454384884888ea46d9c11060c811 |
| SHA256 | e10acc2425b736f904ca0ec762a77b516ce7cea7391354841199e55750eee287 |
| SHA512 | dccdf161353e3fbd904b63f646ebf616e9eb977d23933575a307336aed6bb044902e11dc5990aa217f7b8cc16e190a968fc9077fe74f335c195c72de46c6f60c |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010
| MD5 | 38aefef2ea44c17d501cbb38cc0c7e54 |
| SHA1 | 55dc9404f34f790e42508ea8d74d6ac87c8d6a94 |
| SHA256 | 29f8a8da900ab06670e7e9c437bd27528ac311b4995d50c702972b29440ab194 |
| SHA512 | 6cd0e45c109d9ef0e0a3419246af71b9dcca214775116bc5c318df53ab906ca33197d831d0b3c05ba004fd31889a5086454eb6e0ef12e594035d3b89f1d1e157 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | faab6196de825234ec682e2326b70ffa |
| SHA1 | 9f2c1d434fef2a97485aea8d53d99684d7f4d23d |
| SHA256 | 9e0a70cb5756dcbf975224737d8cb53ee3c04f4dc68f07f42e8b8e416f777ceb |
| SHA512 | 01f394e36e470c5082c74ffa43e6b62ef7b8feac16152784cb3516c3e2048e0c1cf643c6726cf2716783e1f7715ad3d4c56d569ecd051236d1e3ef8f592aaf17 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5aa6a1.TMP
| MD5 | 1c36c1c6e36680eeb0dbf197fb122126 |
| SHA1 | 17d90ccfef115648a5c7a25027b282c91195b9bc |
| SHA256 | 48577506849606ff36696881c6c9e1dad82427597702959a5a4c115834a08f6c |
| SHA512 | 5d6d04cea2d730cc48d5a243e3939a98a81bdde3cf12b97518ced1dab7b2dd4e5987d6bd8eca86b382473fae1c7f0417924a820eb2f7472f1a6f219cb45202d3 |
memory/8616-13781-0x0000023094B50000-0x0000023094B58000-memory.dmp
memory/8616-13782-0x0000023095380000-0x0000023095429000-memory.dmp
memory/15004-13793-0x000000006E080000-0x000000006F3C0000-memory.dmp
memory/18076-13904-0x00000220CEFE0000-0x00000220CF089000-memory.dmp
memory/18076-13903-0x00000220CEBD0000-0x00000220CEBD8000-memory.dmp
memory/4432-13956-0x000001C345860000-0x000001C345909000-memory.dmp
memory/4432-13955-0x000001C345380000-0x000001C345388000-memory.dmp
memory/3452-14087-0x000001A2D8720000-0x000001A2D8728000-memory.dmp
memory/3452-14103-0x000001A2D8F50000-0x000001A2D8FF9000-memory.dmp
C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\3590.json
| MD5 | 6c334d6e1bb895bff1e206b8882a8c43 |
| SHA1 | 2ea3b6cc406b988462433f0a2bcf987875167f6f |
| SHA256 | b8120b3d192d24828b1aaa454c2569d7a203526f130013d906de7b1646d9369d |
| SHA512 | 3c91d3b2e35c4136cab81b0ea818f25d3f04fa391cf89a3c4fc6e65caf450b53dae8ce35d0f2989c99b0d34b353814715495018b45952b7683ff4fd9e7e5c9f9 |
memory/15004-14144-0x000000006E080000-0x000000006F3C0000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 032e9f492375886553d043dca3c298e1 |
| SHA1 | 1c4571acb836b013d14c6a8f4aa86520e19b3df4 |
| SHA256 | 2009346a81924f374516e0ab4769369b8ce64bbc29eb08e6e8bffa5911c5787a |
| SHA512 | e3c6d29b785e3420baeec2d446536673969e7ea420733b46b7304105bddcc81defb8c5837e1a0ade3b96b6eb235c758ea992ac0a9ad0044de82aff07f88da16e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
| MD5 | d563065740ba902a5b1e267e346d046f |
| SHA1 | a5562e3f6812f3ccb9d374b54b8358c5c3b3d4fa |
| SHA256 | fb440b58c26272b07e28ebc098f03dd266d944d500f868e31740843c2904079f |
| SHA512 | 47ee91443c00f6365e562f30eec2e5fb8a684e305ae58d5bf4233edbc2ff33a4a5117c59a2caaa00586f189d0390ba09220760db3a6ae1e4bf5e76a614e52b08 |
C:\Program Files (x86)\Steam\userdata\996293921\7\remote\sharedconfig.vdf
| MD5 | ecdd70e5f411c6a9da4c302f3cd476ed |
| SHA1 | b2b85a8a953924c7f85be1ae48157e6719028e01 |
| SHA256 | 0308e98823c3a209f1b7c6103d2812ed886664d3425b37d4bb752a369625b3a4 |
| SHA512 | 6271d63600428f75492b38f00feebb93f0038b46195c4e652545d6c891dc75b6d62b9d4a370355e5aec5edf5d45343a5b5358aa817ccee343aefab88390dd065 |
C:\Users\Admin\Desktop\Plants vs. Zombies Game of the Year.url
| MD5 | 198556e3ffef4796f784f22a56c22085 |
| SHA1 | 9652ccc0d67839037cd041fb21aec03105be90ea |
| SHA256 | 5fb684fbc8d04ae409cd81c2bc0267fda53ec97f6256249f33b816857d690bea |
| SHA512 | dc9d26fab77f2ea46dfc40442500bffd107dce713256ef531de1d344e4606572fc94b8410e317c8a4064e33bb4ac35e7e1295308cee41f35ebb3659cb90b5589 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 329c5e592579b52bc88769bd273c43d3 |
| SHA1 | 74e3030814962eee253263943ef87f89084786c5 |
| SHA256 | d336323e2085439f36cf8d1eb3cbd3df10f14deeb07ccb003fb49cc30e243a96 |
| SHA512 | 2cdd2d32fb82863e9151838b4f73bff145daf202c5a36f2f50000e4b29cca4e20af64d0bdd9be00bb1ededcf199d0e6a5466cccbae1327c9dae4783f42ffae97 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | 33af69c46fef877746b858ece095f75a |
| SHA1 | c9310c232325261ba895ea72134f1a377519cc5c |
| SHA256 | 787ff4dd7fe5d29d6a26c3fcb85ca4a51c679b18ff5651828f5573fe804f135c |
| SHA512 | 652c318277b5d69bbd7511ee040237aa66b506fecb3516f1be61d455f31f8e16a587ac5178fcce62e6ed7899050fdfac6a522eb035e66e0832968435723eff52 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5aff12.TMP
| MD5 | 8336cfdc8119df977d6582795d5e26a4 |
| SHA1 | 05a218ba2de402aa7a12151e62dfdc87a7db9e3f |
| SHA256 | a460988a2c87ecd5edc8ffaf23dfdd657517b06469f03951e805b47e58e0e26c |
| SHA512 | 0fae7ee7ae22579353972268a23cb9bc8af60a5c5b338cfc6dca68af09b678e49443f06fbb79513062d643287bbf1ebdcbfad2a9f3d8632c18179046c2c61a59 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf
| MD5 | 854a83c8c567e8ff8ac2076ceb9c72da |
| SHA1 | aca92841326c78f513518b31be49ec49f9b816aa |
| SHA256 | 53426f3632c8afda047adb9be14dd80da34ff59f5171712af17af0fcf924be74 |
| SHA512 | acc0a500ed21f4a5daa4492db8187b47cd6deea26a359ac1e151039ca3c5958703271f41c686f5cc7e06182e4dc1efa23d5a7be31338bd33556504d9bf3981e5 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf~RFe5b051d.TMP
| MD5 | c604e73d9df41f5974255dd41280898b |
| SHA1 | 4bea8d9d103e730f153c94da4a8548b11d420d26 |
| SHA256 | c1c1d4150e206f9fdc2c59f18de77fde1ec3f5e6fc433f02287b28c2f38d3438 |
| SHA512 | 51436b082cb2b122983d88dd5f675a8ad10fb6f70eac5497208f9c09a11a0de39a1f484e3476f1bafc215fae03a1fa9e8085111902f2be0c7f078c6d7a639415 |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | 759c6c8761a986d673997b7c08bbb2e2 |
| SHA1 | 08c9a6d4d5bf6567f2cc683014a7afb0bcbc56a4 |
| SHA256 | d262eea7bc2a2011995efe0010a3580afd2696096a8cbf7e8ca26846ff62df41 |
| SHA512 | b17216e3a678d9462d3462728d0e2eccb21456e7e584d558e6c4122710919e43e8ff8ae89efd914159c57755bfb6eceaf6ca4f4da503e83d87558eca87c6559a |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b12e8.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Program Files (x86)\Steam\appcache\librarycache\1113280_icon.jpg
| MD5 | 7ecdaf8a54ec52b20640a88527512903 |
| SHA1 | 3133a4d748ad3be61fe9db759339cd5de73339b5 |
| SHA256 | 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c |
| SHA512 | 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d |
C:\Program Files (x86)\Steam\steamapps\downloading\3590\drm\custom\images\bullet2.jpg
| MD5 | 26e188cc0cb9c995e2c73ada142cdfde |
| SHA1 | 089024b112d3fcbc147abc2df25e92ff1630cc70 |
| SHA256 | 6aaafd277264cd1f395e1212c458159cfa1ae8cdd27ea786f4bf194e11dbd4e5 |
| SHA512 | 4bf9cdca5677a4446378935a4778cffc34484db72c7e676047023b47e0d149f6b9667ba19202158904b45d55fa5163c33fd89ed1720ee53c31a058c5084165af |
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf
| MD5 | 3e3e611a210a16e07f1dc7de1ad637e4 |
| SHA1 | 68c6318f50c37c211e9998ae09b2659f00f722eb |
| SHA256 | 0faeb55f6f5e0694a092666152050f7030ef33ada897b6724b2928ff7c7b308e |
| SHA512 | dfdd848ab4638eb6301f34b54c20d6658caf78be21dcf552d8a96917a140a8a49185deef1f945038e869e3b683163a5f628bc34f65091a6ca4a4970ab04515fc |
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf
| MD5 | c409aee720de3d48873650028c9d3e30 |
| SHA1 | 21551306cbbe5cf7670126b51fda6962c3ccfb9f |
| SHA256 | ce4e49c33dc0bb92a7af5fba2bdc144dffa704449c9719df2300be281dda1043 |
| SHA512 | 4736feddaeda2ab6f743936cf05b88b6537f8c5aa3713f3c5456b236a458015dd20cfa4f942ab04b6202fa3ac8c14fc09210ab36496b1dec90051e17075e9c16 |
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf
| MD5 | 246c555355bf2bd561429cbc06ffeca7 |
| SHA1 | 18a22b174eb0bb9c45cb4f75ee81f7d8b96cbd92 |
| SHA256 | 8c62b510d7a8ca0f88af500b3e33a244265508a0b4c75fb3fadbeb7705415e75 |
| SHA512 | 5cb4c6cb93df32e67d1b637a94863afcd532d195a57d44db1b22b406e287be025b89123cba12ecacfb067392e6582b569e77e590f57b49fa06d6d30fd9bf7e3e |
C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
| MD5 | c79e7580fcff978afab35caeacbf3ba6 |
| SHA1 | 2316559c129882a74eb5fcd66de56588d8c45e1e |
| SHA256 | 868f8e2bab0d6a7ef8afc4c5960c608eccef82bd086bd6e0c0e2670199a5ca45 |
| SHA512 | 21daf1f05bdb18d6a52fd9fba4d6d8a21b37bddacb9dfc0fd9de539e9ea71031a22252501da5f969c97fbd5727aaadd9fdcd804cc693a8856fdc313894f5be75 |
C:\Program Files (x86)\Steam\appcache\librarycache\298986_header.jpg
| MD5 | 6e62a21ff57b6cdcfe4bc918a2937b72 |
| SHA1 | 46bfe043045332f5991841ba647eb6517fe197f8 |
| SHA256 | 5aba000fedc6327d703fa37339fbc4f7213d855d613f8ae0504dd8286be6aa44 |
| SHA512 | 0effc7da21aefc7d86474d76924b0fe7446e9e3ec50199bc9d9ef8ce5d5e8fac6ab4ee9904a0b8a3eed90fce3ae96a52dcba7ed84dd9f452ee68ac8c34e6518f |
C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\users.dat
| MD5 | db08598aacdc539ccd351de43db5b90f |
| SHA1 | 7207f1a1aa0f03a1bc6c58458c4f65bb79b82b65 |
| SHA256 | d4c24ffe8fde6b8fe7bb85ec03c036816f12857e47146cf6b37910d94864ceb4 |
| SHA512 | 1ead383dc251658758dfd0386515ed83041e473d828db4364d4e78ffa33d6a03a3a4dbe1e2c598c55a11ff5cf43c1d37507fdd8762a2b57d78d591213965bf53 |
C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user2.dat
| MD5 | dff9b3efce07f4bd7bbffad498ade49e |
| SHA1 | 867e62642aa7cdc3400046ab6526cf0e96d193b1 |
| SHA256 | 58f50a6f9b75df952620d884ed5f74af1be28ac540014d820bd9e61e8ba3e8b8 |
| SHA512 | b9d6ce29428fdce6b1fc23b1b654e8dce82979075e9fa5b051707f374b889f119c7ad21b9024d41543b53eaf83bfa36e1e13f8bf62e248094d5c732e93f09125 |
C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user1.dat
| MD5 | f854f825bfe4120a4cb7d88cad5fb172 |
| SHA1 | 7c44a6dee7eac47b948c2023538fe0a0b5fb4f9f |
| SHA256 | 482a391925a396265d78b62065827a29f2d561a2e6bfccf5b6910d0ae5cee05f |
| SHA512 | dddb1d9c9821d4fdc7b39ccaa6a211f8b3622a1d8486326f4eab3ecc03e888f100c5813bd71db776f616cc8180e01e014619d7adc21e15463b3273054838b7db |
C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game2_0.dat
| MD5 | 69400543be1ab9bb38459530a5cbd59b |
| SHA1 | 183f2b1574776f113ef6d77b495a2e4923399bb9 |
| SHA256 | b0f74606619ae04e2cea88984800be4039088fa90439e17014425ad07ff88ac3 |
| SHA512 | e7dcba5f3c336e9ea91e9b3aef507d0c78511dd8c8eb120bf95eb95a37f4cd03833136c8a886bb1770cd9a8512b7467bf3ff9da596181ed4865a5d5cebb32712 |
C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\game1_0.dat
| MD5 | 0f2803db96b9490b8b73fbe29aafebe1 |
| SHA1 | 563edf51bfdf291447cf58cc970e084e9113aded |
| SHA256 | d7607e2a80f4016c57fb7940aca6e2aa66f8c27c0d0bb48575e0eef5f421b545 |
| SHA512 | 548cd553430e91beb98088271857c60d80daf5200bf0497a0dab7cd59cec7e633bdfaea7b1a9ba0b421a02f58dfe4a9e2fbb7c741aa141be52c6825aadb0e4d8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 802b9d8f367e95266b9ad2d5693b19fc |
| SHA1 | a79d32ba9422bd002ee38f27a0c3d204ab5a3b7f |
| SHA256 | baa7e37e2c32bca91e42acf9ca0e53b35eabf35a49b591bc19864e08c9d76343 |
| SHA512 | b57c2c1fea76b77eff275a0314354a5492421b97584fd158d02dea50fab5b017c7fafd99803b82fe80b276ce5b6075792234647dd19024e8dde3f8658ffe661b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 90d2dc086501ddf174e05736eab326df |
| SHA1 | 852aa3f7f90092bc8e605e9387091af7e0fbcdf0 |
| SHA256 | 2e9a5bc544e209baa8a77519368512e9ab64613d6fe530859a2857596077aa2d |
| SHA512 | e889d8ee6be557d6790ddf5953e53ce84dd239de3dbdd0c9997745465f30c6d943eadc766179cf4bbece102a08a27357823cdfd764ce2a0c85d1919c3ce7db26 |
memory/14092-15532-0x0000000010000000-0x0000000010041000-memory.dmp
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Program Files (x86)\Steam\userdata\996293921\7\remote\serverbrowser_hist.vdf
| MD5 | be8d06f59852d7ffa34a2fd907363cf8 |
| SHA1 | bd53835b1ce46056951f7cd3c334a8f04afaf8fc |
| SHA256 | 3d1f75064b82d8d08cca4f330ee7716cae2e850b1c38774dfb05c495c58d36ef |
| SHA512 | 7f4ad271ad90ab5a885cafe5476e20d3901282641fab426d9b7158188b0f8212bf104c61f774ad0dba13c9fda231a153205432be1c2034427a7d8a58fdf119f4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 9311bdb1713a9ee2e13497aae0a6fa1c |
| SHA1 | 492211baf3d5543545ceefafe879e6d0b8bb5658 |
| SHA256 | efc38eed55ec40b365fd28c11f3688e00f0799a17d78a938b30c4edd5dc727ca |
| SHA512 | 9ff178354ce02904eead82756cf0cbcb830809ba59f8f4551fb0d4d4077e03088e3eafbc7468aae58ed2a82c4a50e6f415955335a498177b7a8158fd971170be |
C:\Program Files (x86)\Steam\userdata\996293921\config\librarycache\2371090.json
| MD5 | 5216ef382c2d09e344ae46f2c073acab |
| SHA1 | 91040770b2b51d00e6b7c32a37315eef249a55bd |
| SHA256 | 2200afe5bd5dccc0cfe9d34b29eedc49014dd673e5b9b2d1797e3f52a14b5617 |
| SHA512 | 0a5bc2a98fec77d33e0aca0934d547746883d5ce2b6cfe23e36dc9afe5fbd51dfe12d955213cd0123b4ca004e225182bea6722d0870ea65ba5a808756e893f7a |
C:\Program Files (x86)\Steam\steamapps\appmanifest_3590.acf
| MD5 | 2b221f8f7d7063a7b2de4819ddc7529c |
| SHA1 | 630ebc4b43ba1d868eb13fb966b4e1d74676b63c |
| SHA256 | 87e70bb32e39bc7a8a2696baaac247d93e733971f932b150c209db2cf2e9ee2a |
| SHA512 | e3b91ac66ccb99c28418b806cef2735b0cc50011fe381ec1f19d9c1bffa30621d182afc9b71b9650594ddb0174604ead863caa6c24900217a1bfe760f7ea791c |
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json
| MD5 | e4ef4fb0733996d9dbfb84c01aff1729 |
| SHA1 | 65ea0dd17b5252fbab17940d7b58a5829f8b31d9 |
| SHA256 | c188eacda114889f313285b63e4ea0b2dac098475be137875148426f7fff400c |
| SHA512 | cc0780cd54944fac286202c484f124e79d39790a513eb5ca2df08c3e4171160ed9b095820db22f9a3261c32152659d9245efe1efbd811490836b3840637fb663 |
memory/14092-15813-0x0000000010000000-0x0000000010041000-memory.dmp
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity
| MD5 | 3cf13dfd8f21e1a4a4626be653a848a0 |
| SHA1 | 641ee657c7db344223c610f7ce223f98d5fc3913 |
| SHA256 | d4860c749c03af778abb426d67fde09cf48eaf87f0e37a1e79e4d7d3152ebff1 |
| SHA512 | ea08423b9499269751b25eb8cff1b025a15564427bc301bcaf5580fc38f16a20146bbfd25de08a374a0383a6ef60d826292fd9573e82536f9ab09815a67e877e |
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State
| MD5 | d4b44c78e805af90d5a1d5587ba3171f |
| SHA1 | 9d17734d58dfbc3fd4a6e8433fd46e10bb43a3b4 |
| SHA256 | 76b46caefb710c6d6b3ef6da9a26c106567ddca4e3a02fa61711f51d44084083 |
| SHA512 | 3de05bb901b709819862c8cd6b26ec197a947b1869edc2f4514a8fe9d130aeb492fb5aa8cec67be0f11f0c0466734786a68ad2f78fef07b040bc041a6d6b7fb8 |
C:\Program Files (x86)\Steam\userdata\996293921\3590\remote\user1.dat
| MD5 | 89094ef90f2cc1cebb32f952b44b2072 |
| SHA1 | 72bcfccf53b81de3ac93f28c56782523b3f6c591 |
| SHA256 | 75321ee2dc355a0f3b160f7433f7ac0d8f51448d05afcf8f754c3f063461f904 |
| SHA512 | 9209a6c80c92762856bfaf59b47f2e85d24d39cb308b3c839d43085790bde8d708f16475999f8ecd95367b7137d5cf64f13fdd1c83fa0aa9a0ac7fb7cdb95475 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 84dfb0630b934e48096948b985374e6a |
| SHA1 | 4048787487856df76261a7129f8197039cd314f1 |
| SHA256 | 6f898428c583fca1485961d5dcea372fe159b676f26860ae7cba6d98c6421b32 |
| SHA512 | 8670e32536f0be29e845a35c01410094fea3649177e9df8e491a0c18453ea9306548611bacb32482640553bc11a18f7f0e4a3dc44fa7629109044631c4b22423 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 5e58335b696226600e452ff429d25ae6 |
| SHA1 | aa1dc49036bcc6b80a35c700f92c9598ffee34be |
| SHA256 | 1cd421f7175811275509b14c2febb58b15dbcd17dd6eba95aaa00e4c63f73841 |
| SHA512 | 037f99912dc7ef0fe12f51138586610ec3c88d8841a018c048e5031f69049c3a9f9a984375b4607d81bf262490488b98b9af3262578175093d604c30215f7817 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
| MD5 | 29313e837290bacf6ae87ab3a5bf9107 |
| SHA1 | 840c7ba52ef9bb30aabb0fed16106f680ef2e156 |
| SHA256 | 51300728be45d7f7928e3aff86ebde8487b6dc60dd64ecf590a6baaa62aa5f94 |
| SHA512 | a90bb8c99728175716fe0e7316be7e8d1e90979c80d8592fc21d71c91190c4a28bc7dcd327a769875366c683582ed3ea9e3c3481ad80b9f9eeac33791eb1b354 |