Malware Analysis Report

2025-01-18 23:53

Sample ID 241115-yhsctszlht
Target 1306737952763809904
SHA256 7f09d605a5c4176485a354602c1c8d02a01e90871dcb67aa05b0e924a73c7939
Tags
steam defense_evasion discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

7f09d605a5c4176485a354602c1c8d02a01e90871dcb67aa05b0e924a73c7939

Threat Level: Likely malicious

The file 1306737952763809904 was found to be: Likely malicious.

Malicious Activity Summary

steam defense_evasion discovery persistence phishing

Downloads MZ/PE file

Loads dropped DLL

A potential corporate email address has been identified in the URL: httpsdiscord.comchannels@me12569028740849337141306737952763809904claPastebin.com

Executes dropped EXE

A potential corporate email address has been identified in the URL: currency-file@1

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks installed software on the system

Detected potential entity reuse from brand STEAM.

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: AddClipboardFormatListener

Kills process with taskkill

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 19:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 19:47

Reported

2024-11-15 19:58

Platform

win11-20241007-en

Max time kernel

519s

Max time network

521s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\1306737952763809904.html

Signatures

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: currency-file@1

phishing

A potential corporate email address has been identified in the URL: httpsdiscord.comchannels@me12569028740849337141306737952763809904claPastebin.com

phishing

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamtoolsSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe N/A
N/A N/A C:\program files (x86)\steam\config\stplug-in\luapacka.exe N/A
N/A N/A C:\program files (x86)\steam\config\stplug-in\luapacka.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\program files (x86)\steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\config\stplug-in\luapacka.exe N/A
N/A N/A C:\program files (x86)\steam\config\stplug-in\luapacka.exe N/A
N/A N/A C:\program files (x86)\steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\gldriverquery64.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\gldriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\program files (x86)\steam\bin\vulkandriverquery64.exe N/A
N/A N/A C:\program files (x86)\steam\bin\vulkandriverquery.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A dpaste.org N/A N/A
N/A dpaste.org N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A dpaste.org N/A N/A
N/A pastebin.com N/A N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steampops_koreana-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_japanese.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\gamespage_details_news_item.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\program files (x86)\steam\appcache\librarycache\1070910_library_hero.jpg C:\program files (x86)\steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_capture_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\movies\oled-suspend-animation-from-throbber.webm_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_fullscreen_disabled.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\userdata\1214517055\7\remote\sharedconfig.vdf.stmp C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_x_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rg_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_turkish.html_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\hp_m2-1.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_r1_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_rb_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_outlined_button_a_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_rt_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\layout\settingssubstreaming_advanced_host.layout_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\mss32.dll_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_dutch-json.js_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\sk.pak_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\gridview_shadow.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_5_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_mouse_r_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_button_options_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_up.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_touchpad_down.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_lstick_up_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_030_inv_0326.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0315.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_touch.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File opened for modification C:\program files (x86)\steam\appcache\librarycache\42300_icon.jpg C:\program files (x86)\steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_020_ammo_020.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0328.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_100_target_0160.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\switchpro_rstick_click_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0010.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\platform_koreana.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_menu_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf.async16952.tmp C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p2_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_click.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_PreorderCancelled.res_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0342.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_color_button_a_md.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_click_sm.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\hp_l4.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\libx264-142.dll.md5_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_polish.txt.gz_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0527.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\graphics\flag_right.tga_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_edge_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_left.svg_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r1_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\public\steamui_pirate.txt_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_button_menu_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_110_social_0305.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_button_options_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A
File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_left_lg.png_ C:\Program Files (x86)\Steam\steam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\LICENSE C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\_metadata\verified_contents.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\manifest.fingerprint C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\manifest.json C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\bin\gldriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\program files (x86)\steam\bin\vulkandriverquery.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\program files (x86)\steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\program files (x86)\steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\program files (x86)\steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\steam.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Steam\steam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\URL Protocol C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\"" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{AC240318-20D4-48B4-B17F-7EF2CEF0C2AB} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\URL Protocol C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\"" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink C:\Program Files (x86)\Steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command C:\program files (x86)\steam\steam.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\steam.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\NodeSlot = "4" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\DefaultIcon C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\program files (x86)\\steam\\steam.exe\" -- \"%1\"" C:\program files (x86)\steam\steam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steamlink\Shell\Open\Command C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\program files (x86)\steam\steam.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 229697.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\1222140.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files (x86)\Steam\config\depotcache\1222141_7324084008489949045.manifest\:Zone.Identifier:$DATA C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 458290.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe N/A
N/A N/A C:\program files (x86)\steam\steam.exe N/A
N/A N/A C:\program files (x86)\steam\steam.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\steam.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A
N/A N/A C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\1306737952763809904.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffefa833cb8,0x7ffefa833cc8,0x7ffefa833cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7848 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,3550395560818686660,11679500438800530806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 /prefetch:8

C:\Program Files (x86)\Steam\steam.exe

"C:\Program Files (x86)\Steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=16952" "-buildid=1731433018" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a4,0x7ffee747af00,0x7ffee747af0c,0x7ffee747af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1540,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1544 --mojo-platform-channel-handle=1532 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2144,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2148 --mojo-platform-channel-handle=2140 /prefetch:11

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004EC

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2740,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2748 --mojo-platform-channel-handle=2736 /prefetch:13

C:\Program Files (x86)\Steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3112 --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=3652,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3656 --mojo-platform-channel-handle=3644 /prefetch:12

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3996,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4036 --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4292,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4296 --mojo-platform-channel-handle=4288 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4420,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4424 --mojo-platform-channel-handle=4304 /prefetch:1

C:\Users\Admin\Downloads\SteamtoolsSetup.exe

"C:\Users\Admin\Downloads\SteamtoolsSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /IM Steamtools.exe /F >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /IM Steamtools.exe /F

C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

"C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe"

C:\program files (x86)\steam\config\stplug-in\luapacka.exe

"C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/1222140/1222140.lua "C:\program files (x86)\steam\config\stplug-in\1222140.st"

C:\program files (x86)\steam\config\stplug-in\luapacka.exe

"C:\program files (x86)\steam\config\stplug-in\luapacka.exe" "C:\program files (x86)\steam\config\stplug-in\Steamtools.lua" "C:\program files (x86)\steam\config\stplug-in\Steamtools.st"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=4412,i,2775494321036483503,14440429823881003823,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3936 --mojo-platform-channel-handle=4348 /prefetch:14

C:\program files (x86)\steam\steam.exe

"C:\program files (x86)\steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=9036" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2b4,0x2b8,0x2bc,0x2b0,0x2c0,0x7ffee747af00,0x7ffee747af0c,0x7ffee747af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1600,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1604 --mojo-platform-channel-handle=1592 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2312,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2316 --mojo-platform-channel-handle=2308 /prefetch:11

C:\program files (x86)\steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2704,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2348 --mojo-platform-channel-handle=2692 /prefetch:13

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3148 --mojo-platform-channel-handle=3140 /prefetch:1

C:\program files (x86)\steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\program files (x86)\steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\program files (x86)\steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3780,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3784 --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3988,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3992 --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4188,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3708 --mojo-platform-channel-handle=4364 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4476,i,13106762613760704314,15542096512788479490,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4480 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Windows\explorer.exe

explorer.exe "C:\program files (x86)\steam\depotcache"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\program files (x86)\steam\config\stplug-in\luapacka.exe

"C:\program files (x86)\steam\config\stplug-in\luapacka.exe" C:/Users/Admin/Downloads/1222140/1222140.lua "C:\program files (x86)\steam\config\stplug-in\1222140.st"

C:\program files (x86)\steam\config\stplug-in\luapacka.exe

"C:\program files (x86)\steam\config\stplug-in\luapacka.exe" "C:\program files (x86)\steam\config\stplug-in\Steamtools.lua" "C:\program files (x86)\steam\config\stplug-in\Steamtools.st"

C:\program files (x86)\steam\steam.exe

"C:\program files (x86)\steam\steam.exe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13224" "-buildid=1731433018" "-steamid=0" "-logdir=C:\program files (x86)\steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\program files (x86)\steam\clientui" "-steampath=C:\program files (x86)\steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--enable-features=PlatformHEVCDecoderSupport" "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal,ValveFFmpegAllowLowDelayHEVC"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:4 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\program files (x86)\steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1731433018 --initial-client-data=0x2a8,0x2ac,0x2b0,0x2a0,0x2b4,0x7ffee747af00,0x7ffee747af0c,0x7ffee747af18

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1624,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=1632 --mojo-platform-channel-handle=1608 /prefetch:2

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2188,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2192 --mojo-platform-channel-handle=1740 /prefetch:11

C:\program files (x86)\steam\bin\gldriverquery64.exe

.\bin\gldriverquery64.exe

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SuspendHide.vbe"

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --field-trial-handle=2724,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=2728 --mojo-platform-channel-handle=2716 /prefetch:13

C:\program files (x86)\steam\bin\gldriverquery.exe

.\bin\gldriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3204 --mojo-platform-channel-handle=3196 /prefetch:1

C:\program files (x86)\steam\bin\vulkandriverquery64.exe

.\bin\vulkandriverquery64.exe

C:\program files (x86)\steam\bin\vulkandriverquery.exe

.\bin\vulkandriverquery.exe

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3820,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=3824 --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4008,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4012 --mojo-platform-channel-handle=4004 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4384,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4388 --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\htmlcache" --buildid=1731433018 --steamid=0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4520,i,5805974004202752191,6433476904813956321,262144 --enable-features=PlatformHEVCDecoderSupport --disable-features=BackForwardCache,DcheckIsFatal,DocumentPictureInPictureAPI,SpareRendererForSitePerProcess,ValveFFmpegAllowLowDelayHEVC --variations-seed-version --enable-logging=handle --log-file=4524 --mojo-platform-channel-handle=4516 /prefetch:1

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 88.221.135.40:443 www.bing.com tcp
GB 88.221.135.40:443 www.bing.com tcp
US 104.22.24.238:80 dpaste.org tcp
US 104.22.24.238:80 dpaste.org tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.22.24.238:80 dpaste.org tcp
US 104.22.24.238:443 dpaste.org tcp
US 104.22.24.238:443 dpaste.org tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 172.67.19.24:80 pastebin.com tcp
US 172.67.19.24:80 pastebin.com tcp
US 172.67.19.24:443 pastebin.com tcp
US 104.22.58.199:443 s3.vlitag.com tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.22.58.199:443 dsp.vlitag.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
FR 18.245.175.102:443 cmp.inmobi.com tcp
GB 216.58.204.74:443 imasdk.googleapis.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 141.101.120.11:443 px.vliplatform.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
DE 18.159.167.99:443 api.cmp.inmobi.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 99.167.159.18.in-addr.arpa udp
GB 142.250.179.225:443 ddc195436eb7cbed20ba997a540a7367.safeframe.googlesyndication.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 35.81.219.226:443 ids4.ad.gt tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
NL 185.89.210.141:443 secure.adnxs.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
GB 216.58.212.226:443 ep1.adtrafficquality.google tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
GB 172.217.16.226:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 cdn-ima.33across.com udp
IE 63.32.172.26:443 ad.360yield.com tcp
NL 81.17.55.173:443 sync.smartadserver.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 104.18.29.101:443 cdn-ima.33across.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 104.26.14.167:443 adsystem.pocpoc.io tcp
US 104.26.14.167:443 adsystem.pocpoc.io tcp
US 104.26.14.167:443 adsystem.pocpoc.io tcp
US 104.26.14.167:443 adsystem.pocpoc.io tcp
US 104.26.14.167:443 adsystem.pocpoc.io tcp
GB 172.217.16.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 px.pocpoc.io udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.219.81.35.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
FR 178.250.7.13:443 dnacdn.net tcp
US 104.26.15.167:443 px.pocpoc.io tcp
US 104.26.15.167:443 px.pocpoc.io tcp
US 104.26.15.167:443 px.pocpoc.io tcp
US 104.26.15.167:443 px.pocpoc.io tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.26.15.167:443 px.pocpoc.io tcp
FR 18.155.129.34:443 tags.crwdcntrl.net tcp
US 104.22.4.69:443 pixels.ad.gt tcp
GB 216.58.212.193:443 ep2.adtrafficquality.google tcp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
GB 216.58.212.193:443 ep2.adtrafficquality.google udp
GB 172.217.16.228:443 www.google.com tcp
IE 34.252.147.51:443 bcp.crwdcntrl.net tcp
US 151.101.66.132:443 odb.outbrain.com tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 167.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 34.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 132.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 51.147.252.34.in-addr.arpa udp
US 23.192.21.236:443 widgets.outbrain.com tcp
US 23.192.21.236:443 widgets.outbrain.com tcp
US 50.31.142.255:443 mcdp-chidc2.outbrain.com tcp
US 50.31.142.95:443 log.outbrainimg.com tcp
GB 95.100.245.166:443 images.outbrainimg.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
GB 216.58.212.226:443 ep1.adtrafficquality.google udp
N/A 127.0.0.1:6463 tcp
US 162.159.130.234:443 remote-auth-gateway.discord.gg tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
US 172.67.19.24:80 pastebin.com tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
NL 208.93.169.131:443 bh.contextweb.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.26.193:443 ssum-sec.casalemedia.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 54.229.166.30:443 dpm.demdex.net tcp
GB 142.250.179.227:443 www.google.co.uk tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 30.166.229.54.in-addr.arpa udp
US 8.8.8.8:53 193.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ap.lijit.com udp
IE 52.49.174.234:443 ap.lijit.com tcp
IE 52.49.174.234:443 ap.lijit.com tcp
IE 52.49.174.234:443 ap.lijit.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 216.58.212.226:443 ep1.adtrafficquality.google udp
FR 3.164.163.31:443 cdn.mediago.io tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
GB 2.23.92.157:443 cdn.adnxs.com tcp
US 34.111.60.239:443 images.mediago.io tcp
FR 3.164.163.31:443 cdn.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
GB 88.221.135.25:443 r.bing.com tcp
NL 35.214.168.80:443 trace-eu.mediago.io udp
US 50.31.142.95:443 log.outbrainimg.com tcp
US 50.31.142.255:443 mcdp-chidc2.outbrain.com tcp
US 34.111.60.239:443 images.mediago.io udp
NL 35.214.168.80:443 trace-eu.mediago.io udp
GB 216.58.212.193:443 ep2.adtrafficquality.google udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
IE 52.49.33.63:443 ce.lijit.com tcp
GB 216.58.212.226:443 ep1.adtrafficquality.google udp
GB 88.221.135.34:443 th.bing.com tcp
GB 95.101.143.195:443 r.bing.com tcp
GB 95.101.143.195:443 r.bing.com tcp
GB 88.221.135.34:443 th.bing.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
NL 20.190.160.20:443 login.microsoftonline.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.195.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
GB 2.18.190.73:80 r11.o.lencr.org tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
NL 185.89.211.116:443 ams3-ib.adnxs.com tcp
US 104.22.73.111:443 steamdb.info tcp
US 104.22.73.111:443 steamdb.info tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 104.22.73.111:443 steamdb.info tcp
GB 2.19.252.146:443 aefd.nelreports.net tcp
US 172.67.158.11:443 www.vinoland.net tcp
US 172.67.158.11:443 www.vinoland.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.14:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.14:443 fundingchoicesmessages.google.com udp
DE 51.89.64.92:443 94he6yatei-dsn.algolia.net tcp
US 76.76.21.98:443 vinn-web-tools-dandys-projects-bb4af0ab.vercel.app tcp
US 172.67.195.247:443 tmpfiles.org tcp
US 172.67.195.247:443 tmpfiles.org tcp
US 172.67.195.247:443 tmpfiles.org tcp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 ipv6check-http.steamserver.net udp
GB 88.221.134.234:80 test.steampowered.com tcp
US 8.8.8.8:53 234.134.221.88.in-addr.arpa udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
JP 45.121.184.100:27018 cmp1-tyo3.steamserver.net tcp
JP 45.121.184.101:27020 cmp2-tyo3.steamserver.net tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
HK 103.28.54.101:27018 cmp2-hkg1.steamserver.net tcp
HK 103.28.54.102:27019 cmp3-hkg1.steamserver.net tcp
GB 2.18.190.73:80 e6.o.lencr.org tcp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 8.8.8.8:53 102.54.28.103.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
HK 103.28.54.101:443 cmp2-hkg1.steamserver.net tcp
JP 45.121.184.101:443 cmp2-tyo3.steamserver.net tcp
SG 103.10.124.5:27019 cmp2-sgp1.steamserver.net tcp
SG 103.10.124.4:27019 cmp1-sgp1.steamserver.net tcp
SG 103.10.124.4:443 cmp1-sgp1.steamserver.net tcp
US 162.254.195.75:443 cmp2-lax1.steamserver.net tcp
AU 103.10.125.148:27023 ext1-syd1.steamserver.net tcp
US 162.254.195.69:27018 cmp1-lax1.steamserver.net tcp
US 8.8.8.8:53 p2p-lax1.discovery.steamserver.net udp
N/A 127.0.0.1:63610 tcp
N/A 127.0.0.1:63609 tcp
US 8.8.8.8:443 dns.google udp
GB 172.217.169.46:443 tcp
GB 74.125.97.72:443 udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 216.58.212.227:443 tcp
N/A 10.127.255.255:27036 udp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 202.252.19.2.in-addr.arpa udp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
GB 2.19.252.202:80 clientconfig.akamai.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
US 151.101.67.52:443 avatars.steamstatic.com tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
GB 2.18.190.80:80 r11.o.lencr.org tcp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 151.101.195.52:80 avatars.steamstatic.com tcp
US 151.101.195.52:80 avatars.steamstatic.com tcp
US 151.101.195.52:80 avatars.steamstatic.com tcp
GB 88.221.134.240:443 tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 151.101.3.52:443 avatars.steamstatic.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 151.101.131.52:443 avatars.steamstatic.com tcp
US 8.8.8.8:53 update.steamui.com udp
US 172.67.172.248:443 update.steamui.com tcp
US 8.8.8.8:53 cdn.wmpvp.com udp
GB 174.35.118.62:443 cdn.wmpvp.com tcp
US 8.8.8.8:53 248.172.67.172.in-addr.arpa udp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 new-service.biliapi.net udp
CN 116.169.184.177:80 new-service.biliapi.net tcp
N/A 127.0.0.1:64305 tcp
N/A 127.0.0.1:64307 tcp
N/A 127.0.0.1:64310 tcp
N/A 127.0.0.1:64312 tcp
US 8.8.8.8:53 steamstore-a.akamaihd.net udp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
GB 216.58.212.227:443 udp
US 151.101.67.52:443 client-update.fastly.steamstatic.com tcp
N/A 127.0.0.1:63609 tcp
N/A 127.0.0.1:63610 tcp
GB 2.18.190.73:80 e5.o.lencr.org tcp
US 172.67.172.248:443 update.steamui.com tcp
GB 174.35.118.62:443 cdn.wmpvp.com tcp
CN 60.13.97.113:80 new-service.biliapi.net tcp
N/A 127.0.0.1:64679 tcp
N/A 127.0.0.1:64681 tcp
N/A 127.0.0.1:64684 tcp
N/A 127.0.0.1:64687 tcp
N/A 127.0.0.1:64699 tcp
CN 106.14.24.113:80 tcp
CN 106.14.24.113:9999 tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
N/A 127.0.0.1:64713 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
CN 106.14.24.113:9000 tcp
N/A 127.0.0.1:64720 tcp
CN 123.6.2.85:80 new-service.biliapi.net tcp
GB 88.221.134.170:80 test.steampowered.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
GB 23.214.143.155:443 api.steampowered.com tcp
GB 162.254.196.79:27020 cmp1-lhr1.steamserver.net tcp
GB 162.254.196.80:27020 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.80:443 cmp2-lhr1.steamserver.net tcp
FR 185.25.182.20:27034 ext1-par1.steamserver.net tcp
GB 2.18.190.80:80 e5.o.lencr.org tcp
US 8.8.8.8:53 p2p-lhr1.discovery.steamserver.net udp
US 8.8.8.8:53 80.196.254.162.in-addr.arpa udp
US 8.8.8.8:53 20.182.25.185.in-addr.arpa udp
US 151.101.3.52:443 client-update.fastly.steamstatic.com tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
US 151.101.3.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.3.52:443 client-update.fastly.steamstatic.com tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.194:443 steamstore-a.akamaihd.net tcp
US 151.101.67.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.67.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.67.52:443 client-update.fastly.steamstatic.com tcp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.4.4:443 dns.google udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
GB 23.214.143.155:443 api.steampowered.com tcp
GB 23.214.143.155:443 api.steampowered.com tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
N/A 127.0.0.1:64729 tcp
N/A 127.0.0.1:64726 tcp
US 151.101.67.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.195.52:443 client-update.fastly.steamstatic.com tcp
GB 23.214.143.155:443 api.steampowered.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
US 151.101.131.52:443 client-update.fastly.steamstatic.com tcp
CN 42.177.83.115:80 new-service.biliapi.net tcp
US 8.8.8.8:53 cdn.steamstatic.com udp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.131.52:443 cdn.steamstatic.com tcp
NL 185.89.210.46:443 ams3-ib.adnxs.com tcp
CN 106.14.24.113:80 tcp
US 172.67.172.248:443 update.steamui.com tcp
CN 106.14.24.113:9999 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
N/A 127.0.0.1:65325 tcp
N/A 127.0.0.1:65327 tcp
N/A 127.0.0.1:65334 tcp
N/A 127.0.0.1:65348 tcp
CN 211.97.81.63:80 new-service.biliapi.net tcp
CN 106.14.24.113:9000 tcp
N/A 127.0.0.1:65358 tcp
GB 88.221.134.170:80 test.steampowered.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
GB 162.254.196.80:27020 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.80:27019 cmp2-lhr1.steamserver.net tcp
GB 162.254.196.79:443 cmp1-lhr1.steamserver.net tcp
FR 185.25.182.52:27033 ext2-par1.steamserver.net tcp
US 8.8.8.8:53 52.182.25.185.in-addr.arpa udp
US 151.101.3.52:443 cdn.steamstatic.com tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
US 151.101.3.52:443 cdn.steamstatic.com tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
GB 88.221.134.187:443 steamstore-a.akamaihd.net tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
US 151.101.67.52:443 cdn.steamstatic.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
N/A 127.0.0.1:65366 tcp
N/A 127.0.0.1:65363 tcp
US 8.8.4.4:443 dns.google udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.67.52:443 shared.steamstatic.com tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
CN 125.38.214.65:80 new-service.biliapi.net tcp
US 151.101.67.52:443 shared.steamstatic.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 151.101.195.52:443 shared.steamstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 02a4b762e84a74f9ee8a7d8ddd34fedb
SHA1 4a870e3bd7fd56235062789d780610f95e3b8785
SHA256 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da
SHA512 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

\??\pipe\LOCAL\crashpad_4144_IZSWZNZQWMFIMYKU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 826c7cac03e3ae47bfe2a7e50281605e
SHA1 100fbea3e078edec43db48c3312fbbf83f11fca0
SHA256 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab
SHA512 a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 515c0615258225c82c59041e4f4ce7b9
SHA1 37973378fd3b3ab53895a6cbddef34821da5797f
SHA256 bdfc1135015865a7d16da66991c14f6064e5adf5d7261ea536bdbc7ceb4114f3
SHA512 d505eb7703d7b9430374c6dad795f6d892d188b06187d3408662f83bed8ab2cef36a43d0c72a48cc34f56e3852da24f5882b758c61f26f6ea94c36a9ae63de15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78fea6dc88af22953c1bdedf0421e06a
SHA1 22d0f2c6a0998af5b841f4c6ec1fa76fe6ee7664
SHA256 701964287e409a94e00623e31ec1b3d763528b56e5c397088d96b898206501f5
SHA512 34884701117c240033c021c43c85b4270d19daecddc98d7be5dd0fa8448cdf56c15b26a5c740e0b720b0766749b4fd425962111b679641b9f3a61d09e8e82cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c316c2d695267c3d8995a9c7c1d2c149
SHA1 dea158e5dc311c0310519caa476bfa5eb138feca
SHA256 2cc8d2fbd7cc3cef977b6c1ce187fc6f953858fa1a7f903e3fe77c10ea724809
SHA512 4ecd1fdb824e8a3c342acc9e0e273077f1def7e0e159b2bf04f3030c0ba57a8b1eac04bde2b804264c3801043a64e5eb707ffba5e9f6cf7acb892c4327c1ad82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c073fd1fa9851dd01c3928ec453bd511
SHA1 5a8eae3b8cfa869ca0797260799676bf35646d24
SHA256 9c6543509f96300c32b381f324b42a229bc2ca768c2fc133be0e0bd493d552ee
SHA512 13c2b004f3618276571b9d799c38c3ece6069e7dd68fb4b674c1394a6c18b3bab262269472c8c92e890d1a6a7c1b219a5e95a1ac13f5b41155b841e57a53725f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 d52dde104b8ef0c330dfc22b78d4d68e
SHA1 099b580f6cd3d5816f5a5bc9e7f3481f6dc0f0f4
SHA256 1f63dc8bb4205de77042b8d4a79d0599a200fe2cb90641218d1115dbf4482507
SHA512 9046130f8e43c72910ac83937b62797317aa60e1c6613c0d36eb4648ed0aff38133131c2e3a834acd6f0549f9e849a7b9b91246fcf448d514a098ba1fc18952f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd140ea9f460c811e8e6783470f1bda7
SHA1 acda4584c2010d67a2b92e44e1b0eb4cda90f275
SHA256 542c1f838608e512095fa414d0886e484b61c1a9cc89507fca6b2b502f6df045
SHA512 bd3e70f183b77b153a88c6f856cc4dc6d4eb8033cbde8e3ce966dc2955ee43afd1f8c00bac3cf3f65ff3bce520a21b85bae9bb7fd8a10b87f7af9a066e6c106d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b054844dfed290b4b399dbf030630c9
SHA1 6f1cc99167a25dec9ecd4720d183684b0c0d810d
SHA256 2f90c10f8da30ce4c8250fe03a895f14b267af4810014a650d457c380c7bead6
SHA512 81098c03f491eeaae5c65bbbf5b00b096f36cbe59ed019edb04a0d04e421e0b2660b7f95943ddf6cb2785959b783e626f72287a747051aa12a25ce76f5393fe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9c0caf6c1817185e676d424fae26b4b
SHA1 14e6adbafa2a777fff9ef62e9c2b1cb15dcf854a
SHA256 65ec28f721e5e5a79d701406f761185f25a68eb3f30f5cdf854148254b98f08e
SHA512 e154e7771d57709fab84f69617aa3fc14f88cfd24b3a79b6f0359bcbdcafbdd480259e164ab0220afd253ed5bdb0a89f37aa1771b95a45422dbc7736cabd5431

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e4a9.TMP

MD5 7d0a49d5660c1cb32526c1b38d2068e8
SHA1 f4258c4c6ee0f74469c4d64a2d09766190070c9e
SHA256 68aa698155b92f831a4e2d7c934052cb477237ce65eec6bce59b35f03ec59ceb
SHA512 7f42d54a912186d36a50186a608ab29680cf94cafb77c76e9883b955f99066ba1cf9cb0981e490d1e67990d07f99089d58fb5b5b5b6a7be4a4ca98011cffabf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c3626f93747f035d76fecf0ebe1c2979
SHA1 d6d00d2e57ab94f4a6289dfaace1224f8dd68d93
SHA256 e33d7abb89e0712f8834973020419b609ffda12bec675e88e1c00cc5d987a076
SHA512 32a0b4ce1a5d1de6a7f6ca5c17ee8554fcdd385c8ab1b90c3b1e87637cfe383982a5167a572d85c14834374dd509e28f7677b939588b00c4fc4fbc432738f69f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e5bae39d40c085e8b10791cc91be63a2
SHA1 8f25ba451a42ab321e1523f3dcfa41b2d5158a26
SHA256 9bc2d284e909a608385e35eeb9fa6680096ea5c0cb6647b95b9f1258774a4576
SHA512 361dc353e12cad0e4ab8d9529c5d73a30f8637e406f6b3eb4606643f6ff050e3ca55a453d7515d3e6513cefd317ed1ff5a02893a66ec0fd734c026023f1610fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a8f9e855fb09e57926f093727d98f14a
SHA1 1e977c73e7d93e1df66255fcec16ba3ce5072453
SHA256 f32df1ac1a6ff4db8a3750ffd854c9b50af0ddb66b45001ecdab01f9976de3f6
SHA512 05e8916d2b3aa8b2de108ecc9de3608480c77ae4f64a80a68902d6607e8b813cf17956b0510c857929f4c0cdfc0d6543f468e85d47f86c43e5006e660289c324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 86dfa3911317707bae8676cc430a8b9f
SHA1 8a24cce9caad3801b2e3d523e8af64821b3f3d54
SHA256 b73a45f35f9e059e44a6d6cc75b19594fae3ffbee2f69f6cd29cbc3e4411c445
SHA512 ee6ee12047ed9db2c5f67951f3ef12592492af6a0862d01a20ceb0f5cff62c2f189afc6e823f4bbfd5170fc92ec56ac5b7965353055e6278b3d63183d01025d3

C:\Users\Admin\Downloads\Unconfirmed 458290.crdownload

MD5 bbf15e65d4e3c3580fc54adf1be95201
SHA1 79091be8f7f7a6e66669b6a38e494cf7a62b5117
SHA256 c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304
SHA512 9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 41eb03b53e9308abf335d685227850e7
SHA1 0f2db38ead8e4af72e27fb9880088ecb30873c6b
SHA256 643a68fbb857006119649789faebe6a4b7d5066ed48b94fcfff9715d469091aa
SHA512 a562b67de915a033bf2285a14315e235452b87d5067370225043bdd7e030ca8a7a64897cd8988d71f74e787067028c708c730007016a133ef5625a831df8c450

C:\Users\Admin\Downloads\SteamtoolsSetup.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea6b1f4fb596aab3ef1e0753cf4d29c5
SHA1 29d1cd66a95963f40d1483aa1ab9eb43434191cd
SHA256 3a73739e400bb81a7cb72e4a12294aeba0b061fab3fe6d6a82837f9ea193df90
SHA512 f440c1f3e6cac74ec7e96e4d172bf9af89b0d1515e65bf7bf117dde168aacd1b89221c918043625be1691cacea5007cbcefc733f84d7b011d0f3f31c9fe90023

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6d15e276539f95c5adb97590a4eca258
SHA1 dff990813f2dc3f5b95c799148988e11ccce2ef9
SHA256 e771920b5164d1792c82910785b4502bd685f553e7dfad0bfe69b8d275f22a05
SHA512 f6aa482bfb570afcd576a7892c5317fc2367780a7d4c6b35560b61cb1438277590244c6618b1b266c7962885a93fb2745d7031786268fec2a081dfaa7510dfab

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 09fb0b2bcf261762bc3456bc97ca184e
SHA1 9f7066bf676574245e4a994a62e22a7b0c8eed5a
SHA256 fb47dfae7a71a8341cdfc16e6ffa3b66c53337b7fd6a40b7652eaef36f5df6b4
SHA512 242b5956bb387d5f8b578744ebcfde6a43d5b1e6865f7edab0fd7ef6bb5db38eb0effcc232240dd6e9b0e9248d42ce1fc62cfa329aad4ca52dce238010d5ac92

C:\Users\Admin\Downloads\Unconfirmed 229697.crdownload

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a54a0c3021847853621e42cae3e68999
SHA1 d18c7f7d95f76047389e8e2ff24dcccf2eeacfd5
SHA256 c76f85c715e908df19e44996970213ced64d5bb13cfbf2eb9bdcd00b2b690ba9
SHA512 9b08cfe0806933ce75a6db1343d9bba1f41a365802ca08b9a418b683152d9a9c44bc2971a9218ef4dae63c20d5c39bc0b0f04ca0d4378a13cedcfa97d6ca8a19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0e17ce8bdaaa9f993921d982c74fd2b
SHA1 9c125cbf877086e8398ef6df719dd8f546b2d619
SHA256 17b7a031bfa3afd8ff383648941359852aa86f9073b904b00f60044d588ebd0e
SHA512 d4e8d183d6a9a6c6c6c61c27b1aa8f9baf1d69a2220c83b424e7fd8c27c848152f59fd51456f201194aa01e484a34c4bada2beda139e0601e040a28c585d8823

C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

MD5 75893359e269074f05562f12c3e0d376
SHA1 e5d7ed64495dada6a0b41742692352087a74a951
SHA256 435d3ec89839125cf974c8e1a15fe188acaa1e76239758145cf74a726680421c
SHA512 13e5220d5f8eaf32f30bf78c75665c0548774edf6a5a56086721586fa2ba5513a7eb0c151e6ca18dd61830952c1a38e25ca37c6c71136b29b9dbb190ad1d479d

C:\Users\Admin\AppData\Local\Temp\nsbD053.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsbD053.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1d6865077e9e58921776602ec058aa08
SHA1 de17f0d3765ba8afd4b1b463253a2bceb2dfb18d
SHA256 e53a0f5f480f5584c76c27365a1e2ab2da0d684261feb219f70d6b9a8e1d5709
SHA512 9b47c8d9355d27f5f0a7bb27e985f6cbad684aba1a00e8b2d15f0b9f7ae6e98cf386744ad7754c83be133e91a7136b1f8d1ab3740c9e223b24dbc528c2a85c70

C:\Users\Admin\AppData\Local\Temp\nsbD053.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsbD053.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Users\Admin\AppData\Local\Temp\nsbD053.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bfa6c7e171405710540144f245279890
SHA1 8308392d2f73ebe75a36a40070d73932faa7c0a9
SHA256 c03df3e9f79592e7e77bc4b49d71727b098f0f51840295ca14ba454bc278bea0
SHA512 297c677e2b88e8aee07157c2634df459d207743cfb3f27e426abeb75b915c3fb288402106d6bcd9ca19129304a5aad5ac24d7ed1b849ec8dd0571201a31cf344

C:\Users\Admin\AppData\Local\Temp\nsbD053.tmp\StdUtils.dll

MD5 db11ab4828b429a987e7682e495c1810
SHA1 29c2c2069c4975c90789dc6d3677b4b650196561
SHA256 c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
SHA512 460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dc4269e7bfa369f72c72e2d196e77f57
SHA1 b089f941914b63b75b41d9e7d624144710c318eb
SHA256 57d50986dfa066a08b3162ddf39ab15024250c330e2a00f3cfad95ddc3bfecf2
SHA512 2ecef94896006c5b6d0dcc7487492be32e9f852adaa22e977b68657c5f78834df355babd9507eb2675e6883e1d43753e066c08444ecc2ef1722e43187022b0a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c86ff04d8be3ba722323175e45bddb1
SHA1 08439f3640d0737cfe44b8acf35de9af4ed0808e
SHA256 4ec32bd024baa7668a2ef1941ead78a49b9929285c90bd80c3bf79dd05623a2a
SHA512 e60225911e3a24260c3eb068c7397de455a88f1acfb5f9a98187650a1463b09ffd7a3eaece4ea84a468eac0c20de212ee6b9741bb1366bafd0677f6219c70c13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7c75ec9e9030eaa7411cb377131ec6f
SHA1 b425ca25f93e9155a346abf40e5e328747be447d
SHA256 995e19ee366c9e2775a63deeeacae4227f85201fab26d11597de7d6650f99f96
SHA512 c1ab962cc2038afd71abc62f2ac68d0082bf1b7fd71fddb28fe5157c71110476d072054a2f23e83226856b2538a5dad4f13ce9607f6cd9c0485cb116bb6c5aba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c45f847ce9faada88b6d86186096254c
SHA1 faa02f4b42a58f52acef78276e34f5ad24253c36
SHA256 50bfd284095cf1a33265857b61b17accd709f11a104fc9aedadbcfc59bd514ed
SHA512 b7ad1de5199289cd2b236536b8c87f982da5033e30313dbbfa54f3ed75cf4a473cc6c711251b7ef2f555d28e6d3ebd398c906ed411562c8d8ef4e1275ba95506

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcd47d65b1cbedf03411a0a7c1967431
SHA1 2a90038d0e3c4aeb0ee045f0bb9abf091ef16cd9
SHA256 5c06022df6bff1add8a2968b3c601aa957ef19d7213959faf746373255db8028
SHA512 b8d8b1e1f10db0f2cb629b2d33882692aa29ddaf652bc1f45a1ae14c238a309a76f1f6a9fdedab96bf3596ab278b73c1715ae536e56b47d253e868085b233758

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fd320f285b1aa1c350d11dda4e279e03
SHA1 21ac5e83111533abbebead73b43f32e006c7e425
SHA256 f6f153618d1effc6524a63eafdab70c7d0726524b92ec93d028feda54bb67010
SHA512 6cba4c2afec0c4a837b27ce86550a4aae4996153cda35e9e7dda9b02f1064b7a80b152e50873955ebe887334b121ff844ac7a2f23f3045f4bcfe0c9ef6642f6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b9518.TMP

MD5 71dae6c6601bd4049a270f21f6fec638
SHA1 d9e96a8f357eb55079d4164a8b30953d2b8d6935
SHA256 d0e35e074350ca05c0552975bc88383dd107ddca3dc17cf7f174bc588564a4fd
SHA512 c76911ddf4b0bfd5175669838023f96dab94fe02cfbf80c503bc28065990ed9e5ac2b49f7f5646d0ca988929be2729385d738cdd11f2a0f74afbb7b69199b272

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1cbdb01f386c037bd8ee162316ec6c97
SHA1 e1cb57a564983e633bd43ec25aea17ca2bb221d8
SHA256 989944aec9a928fe1d2bee8f5ec2c507acdbc4600cfb83bd4910c5d19fd79f05
SHA512 3bfcf2b226aa3a551d7d5a83ef0d943e9fc052bd5cc1fb2882619e70af2db86442ad2c1913c003794558e8b2b4c2dc275abb5fce52fbf29c54d289b6291b14b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1903fccdb831f2c63b44a1e75e6ee038
SHA1 6afcb52a0bdd9c128070f86b62bdf8375dee1a39
SHA256 b72dc65cff6f14ed5e9fbd61e34d0f7574e0b2e79f9d37d7d1c90a146059abe5
SHA512 1be44e600485aa852060660d7a9688e5f03cd8253e408bcc12c0fe3eaf61f066bef39f93809a37c15cb9ec397122fe54739227388f8ec861e880cc6bb6585075

C:\Users\Admin\Downloads\1222140.zip

MD5 f98fca1058a717e5c6b10af4ca2d2082
SHA1 8788f80a55bc81131d24bf1422db581444f787fe
SHA256 e2028cd17c948cb33dae90f7728854401fdf158c0a09fb66c5e894f33dc4d365
SHA512 f69119598d0ae7156f2e67cfe076ec09c0c0cdf7210658e3c8d79d0f0af724be855a93635d56da2366195f03eaeb736de8db76b4650c3efedb54ddc67ba45773

C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

MD5 577b7286c7b05cecde9bea0a0d39740e
SHA1 144d97afe83738177a2dbe43994f14ec11e44b53
SHA256 983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA512 8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

MD5 00bf35778a90f9dfa68ce0d1a032d9b5
SHA1 de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256 cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512 342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

MD5 836dd6b25a8902af48cd52738b675e4b
SHA1 449347c06a872bedf311046bca8d316bfba3830b
SHA256 6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA512 6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa3a6a692184b54b737a7d62fd4c0bcb
SHA1 faa6857f4ee8195a414cd6f0113ef978374d0f62
SHA256 0e954bd72817ba6c04ce13c162cb5cc25571b289330eb49ce6639576212fc725
SHA512 855b064b006a119ac85a999bb0095bfb7abf0d6a9450c4148958f7ce1c3667236c8a3b5bc8e8d0779ac8b5285950fe211d2fc8915682a22e4a24785fd80f6ae0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 88fb494b7366f7e1fdce1941677d9d75
SHA1 61f1ace94b135267c5f717e6b317bb479f2094cf
SHA256 7737cb961e552eb4a9e5ef1b73fe14043dbe0f4f63fdca28fe1bcc657b43e041
SHA512 3a9437d97f0e97f063d1e2cc8f446f554dd5c498cbfc1ba986002583193dc34336aff773a469fe87034dd3ee68580f67e6c856f3a13d9d617d6140c2c2ee3ca6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 35209342f768fa2d38d17938e1b0b61e
SHA1 7fdcd3afbdd2abece88867eeeb0d29e8f9b57198
SHA256 7eec1733f7beb5f17eb35b843974e82c69fd8409f6f43e0fc79d799f288e88fb
SHA512 1b9ee166342501cad98e8432f160ad06e2da0a4bcc8d14e868adaefb6a53dcb24d063b61e21dbc9ede5cd7bf80ce2bc48c47ddcba835114ee1f22c4fc4d603e8

memory/1344-13602-0x0000000000550000-0x0000000000A02000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\wasm\index-dir\temp-index

MD5 14d9e7bcd397a3393d982542a304f077
SHA1 ce4bb1821b9b872bd640d9f73c2b9975adaf7148
SHA256 7f2b0777bae4bd60059abe918573ffcbd9f27be2c5fccb62209467d119edbc6e
SHA512 6e0e0e6fa4e0030eae2413be27d9300bf8aedc631b429bd1f214d63f7bf95dd7f524642376b2f17b89f513f62a1f988b0340fb5c51137c6fe667a42783ab7290

memory/17824-13652-0x00007FFF08C20000-0x00007FFF08C21000-memory.dmp

memory/17824-13653-0x00007FFF08EB0000-0x00007FFF08EB1000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Steam\htmlcache\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Program Files (x86)\Steam\config\config.vdf

MD5 6e6a2b18264504cc084caa3ad0bfc6ae
SHA1 b177d719bd3c1bc547d5c97937a584b8b7d57196
SHA256 f3847b5e4a40d9cf76df35398bb555117dfe3626c00a91f2babdedb619d6ad53
SHA512 74199ff275400b451642cde0a13b56709735676959d65da11ac76dd645ab11dac5de048ff7ede0cb8adb3a3056b3ecbeb3dc7481bac3768d02051e564c74b679

C:\Program Files (x86)\Steam\config\config.vdf~RFe5c5471.TMP

MD5 3cdebc58a05cdd75f14e64fb0d971370
SHA1 edf2d4a8a5fc017e29bf9fb218db7dd8b2be84fe
SHA256 661f122934bbc692266940a1fe2e5e51d4d460efb29d75695b8d5241c6e11da7
SHA512 289c40fae5ec1d3dd8b5b00dd93cf9cada2cb5c12bcfefea8c862ddf0a16dced15d6814dad771af9103b3a5d3016d301ee40058edde3fdea30d9767146d11cd6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 a2ec2e91c3ef8c42e22c4887d032b333
SHA1 e2c738a2e9400535b74e2263c7e7d1ecefe575f2
SHA256 8f9f970835f133258a7f740126012439385bbaa5a1d6a9d0d967a390977441c3
SHA512 b069d241efb19e09ec8b5e60ef6c43e00d5cc0f774b9340127c2180356dd1964ac625c1afdfaee5f99e72b26f56046fc329aadbbc365b403af765a55e9c9aab3

memory/16952-13757-0x000000006E660000-0x000000006F9A0000-memory.dmp

C:\Program Files (x86)\Steam\config\config.vdf

MD5 2d2bdd4f294831d80bd53d05f461a618
SHA1 2c65f2c57d22eaf68fd97b18bf5a7ed13dae7a68
SHA256 f4756a75893904012692f95d54d2149a6f89cfcca165e52d8e04e2a19fa72708
SHA512 fa0fa634dd7011477eff3e10639ac8f2cbcffac6741b833c71c15d254480efa7e223951059aebaf44f23f637853a65174add9583ec67916891c8faaed091792d

memory/17824-13786-0x000002207F470000-0x000002207F4A1000-memory.dmp

memory/17752-13788-0x0000022384B60000-0x0000022384B91000-memory.dmp

memory/17752-13787-0x0000022384A80000-0x0000022384B56000-memory.dmp

memory/17824-13785-0x000002207F390000-0x000002207F466000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da27ccc0ec13e109a195a432c60d2eef
SHA1 0466bac582f86d667437b9cefc3aa31cb69fe576
SHA256 7bf3041639e2292e871c63b599b0162a206096ef45021417917eccdca43ac1e4
SHA512 fc82bc70efcb2b829aa74d90f94751e865cdb8d16fcbb4cfdc0ab82fa53baf0f9e479ab09ae0e77e8731ce718ac6272abf81e662784b4f61943d961be06e96d3

memory/16952-13809-0x000000006E660000-0x000000006F9A0000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 c228c0ade59055a7e6d142a3f5e37cfe
SHA1 3605018a095a8d4c9d5623d92a3876224d139b85
SHA256 13738509830ffe88aa75265b93c447d67e519b7654c5bb7e8cf9f26804005b4a
SHA512 467ceca95ce16c65babf049b824883a4a6b692b34c2b9606df4e25377c1718d9c90734843e9a21481148ff630ba6eb927bc8136e1692649ef8f0680d4218cb78

memory/16952-13823-0x000000006E660000-0x000000006F9A0000-memory.dmp

memory/16952-13828-0x000000006E660000-0x000000006F9A0000-memory.dmp

memory/16952-13833-0x000000006E660000-0x000000006F9A0000-memory.dmp

memory/16952-13839-0x000000006E660000-0x000000006F9A0000-memory.dmp

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf~RFe5d4ebf.TMP

MD5 7ce96f31457ea509bd34623cc6815361
SHA1 48fa93bf3c79542aad5714b9253d52a8fdfce041
SHA256 d90fd4c944b773fb2739354c035c3b4348c966728a3dd4d3d0ff005fb5c0acc1
SHA512 7bb87bf013a2508b275650db8e21ced145f5b74c9def3b500ed9e91799bc22e82f411c93837aca0f19ea80ac0f7080be66e117e47b4933a2c40a47f6ceed1152

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 9dad73171a9369ba8a710e2f933477a7
SHA1 73bebbe42fa7e4f505da114b11063ee00db1f0fe
SHA256 e52041ca579b5135a54893d37eb3bd6cbaab63247e1d2e3244d44bea7293b0ff
SHA512 0a0cbc01e6f14760084ab6d4de7b513d45b3461d55d9d949272da0ee2934be8c62fe10eb627b24d0e8265fc7dbaec6940333d84aeebf02726a0ca9710edc22e5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 09bbfcfb126d42d6c7f663835a568cc9
SHA1 a06bbec7801eec2dcb1c363e32981c2b96c1c107
SHA256 9888ab8d2a8a18084a93d5f82e452d84fe7253fb741c223a33a9c55654a1ade1
SHA512 8da23449d7525ca69f1c182630cbf9aa1ed014e2f0de8fd3e0168efd755b48a6253e134e1f25969dfccc3cc4d513f10471f6ef2a71e8d7c06745deecb20599f4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 559a87819113c6dc5b3d1b336d010d90
SHA1 783d0e869fff58f957b3a2d8568529c9ebec8b6e
SHA256 f84bf667dc16eba7aa9601a2d030105dd6238ac18724a9d8df1870eb784e7cf9
SHA512 e13e8b79e245179deabd07abef47e98631ca4bdae9ba0f9f32b2b849f1b65323bb9e2d8393b8271af55d16aa8b3d67a8b0225d2db22d3ac27e4eeb1414ab6132

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 f4ba17d0f11f23d465e46b1fc0a4603c
SHA1 0eedc121f61811bbb178d651fcda0de3a2fcd8cf
SHA256 0cefef5b042d6b099fa42ada99271ce2b088918b420a41741c0e5093293008f9
SHA512 6585806fbf9f4f77bcc6cce3431b44d91de260f03507748b49e8e1beffdf0269f77d77c1c0621020016907adba4ccd2560227c96b7ba1d554bf7f5ddbee18c26

memory/16952-13919-0x000000006E660000-0x000000006F9A0000-memory.dmp

C:\Program Files (x86)\Steam\userdata\1214517055\7\remote\sharedconfig.vdf

MD5 fa1befbc47f05f7067043849df33b888
SHA1 9052de89c1a2f0deb5a36330b2722d16ade52ccb
SHA256 daa3fa3ec27ccfd56539149180a99f570cd306f584884ee1c962a6f6f4df8368
SHA512 dabca2f5b8fe8a67412df26efbf5840d3c7c5e069532904677f389b19e18e32356b12a59522d99520c868d7af00afb651dbb0e75de44cd8664dcb0a58d31482f

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

MD5 602c49f9246967bdcff45b4f43cf2fb0
SHA1 4c5796e0c724bbd7a9244cc8a0fc9e8f40181f2d
SHA256 a3ad9649c1038078038be1abd591cdba73b4b4f5cf30e11bb6cb7a432b746114
SHA512 2f273c0dd0127071f4c768cfe7277c6efff84c1ef4f4271c1326db3658c84261794b106af3198717f349fbaaaf276163700bbb50ae20fe52ed0a88a192d46f77

C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5d5d17.TMP

MD5 68b20851ccb9834d21fb32615e42bd43
SHA1 88fab935f0b9484994097c08f785e9ecb7d68127
SHA256 a954b528dd65ad6c4c2091fa32f17abdb7a49454ce88e10bb6c377734c70c26f
SHA512 dcb0771120c8fe35213d60e9abf4b242af807324759e3c99e9b2569c00a941d885d53ef6fadfe69e6b740e0b52a6008602605d643801190a2d29175a7d065e15

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 d29f32762d702e5d164440a185c733c2
SHA1 3c757ba7958fcfdc1cd3a9c90e168d5199fd3bec
SHA256 620aeb8617859e8e10b38ccd2112ddae2dd10f153d0780bf5e3f117831a7ad13
SHA512 783d4bec52225adbd2fc87ee4e7d4afd16a9b537748a252dc8e9da0559b867b645b2eb11f7d3efbc9c1e6d7db10d163c130acf4ac9c28fb85ae45c2f6fb41058

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 c95ecb4bc0c48676a5d4c0096a7ff02e
SHA1 6d919cddd2617f10930847d57bc51376b3e0d28b
SHA256 fd4e9192de6699cbb976d5c69dfd8140a3735ddec68f21fc6ddd4a2c726c686e
SHA512 9e6362abb458f8f57932f6aecf96968298a6c5136e09e82c69142e1a277c0c40144f00bc71783d99c07b5e3502c2d99a368d791505cbd95aa840ed49682284d4

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 067c035bd59e201dd92b384667e07641
SHA1 68561e24fdf4a04a16021f4bc4f8a3850cacc279
SHA256 f36f7335acb3b3787024285691e02cd0d18f0ab865cc550f4027de7f5484739b
SHA512 6e876300842d3995d9cd1d37efdde4d39c46b4aa29a3f6846e80b63e5158e71c4987bdf739d2273743ac683b25e9137de7a2770df722200921c1facadbbe4acd

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 7359475ba88191eca5cde48b968002ea
SHA1 5c0de56f262cbb68b67b831454484e20a817a6ad
SHA256 4358370e3826f2ddc4d20ef015ba67c61a245e6f635c5dd58a5df329da74a5fc
SHA512 0e593b9373d3cbd28874061efe3f085779276b23833541915a0366fa1a80b10b3e630c46a4947e056d2288a642b94091fb0a79965a23517d1c32b57c3521118e

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5d6091.TMP

MD5 1e70e17e8b935c6bbabbe3359f9089cc
SHA1 2dc42f2475db6de1388c19d8390782b3a2b89ff3
SHA256 d6e8628e721c5ab43f74aab4b8f27e64cd3bec555d83295d50553b0c3965d179
SHA512 c7ea40423f0195c868757691fce785cd62517c66c7214b23949106135b4067111fba2858637fb3cd439e1ad36ca24760c67173df758854e25b68c7e68c6e19b0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6c718afd9616eb43480ddf85d94fb1aa
SHA1 a368831e0194d695ffbf3c2364459ac27016c5a1
SHA256 46fbaeaf4d931c0198811b3ea1c262e1ff4dd0bcf79aee268285dde986829d35
SHA512 ad8c2cc99fbe8c6d009765db443ee3505dde3be2be4983cb41b8b03a1bc9a0f409a8cab92b3b744b40aa60a2e18ae1174827be6b5bf6b686aedee86ed2674177

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 39e95217198a6e16407b9f9b3fad7334
SHA1 fcdc4e74a349a066491ddfded8bd7b87bdc45244
SHA256 b500f8dd51943d797dc263000300d54f6fee088aaa96f535d7c684cbbcc393b9
SHA512 e27753111c51e45d90d7f7ac936ed99daf028affc7ce37a1e8d3ec91be907cd514fb8b70241b692fb100302e9c8780991ebe48b7ef0a2f3ca82d351a0d3b89c8

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 fc096a804a04e219eed472554a228b37
SHA1 e3409517dd7cb190f004d3b5ea3287c29f708902
SHA256 aab7f86ad27e4e326cd5f936f0019c51089fb4729a413fef63ad312ca348e52b
SHA512 a51a40cf3f63060a097780d92370eabec10cc7d06399bef5381b0a47ef6aed463b2acfb0cc7611568dfdeb8be50a6f582f10f7bc51a63929559366bf113aa3bb

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5d670a.TMP

MD5 fc94d83f5844bd01f74a6ab461f8c708
SHA1 7b6eeca615d30558a58a0fe4ce899a93454fe52e
SHA256 55fc8aa56d546524bb5c73976e313944473ab93d5605a6e1bb3c20608716f9de
SHA512 15dc08c23ce21aa21c4ce8e5c32314258e8a61a30b4714efe50dc5cdf6550772ce6a16effd10416c52548a30f6e39d9b80b07123ea70c7d51b95d0f6bcc8cc48

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 9500e8068972ff90bb8d774855a0bc1f
SHA1 27d998fa2f52cf8c0d9c0234ed66eab7cd06f365
SHA256 27df474c8f9f2b7b1f3471539bde296fe5153e31d982df90192546445a81ff52
SHA512 4466b4827cf5b1f692794366c2bb68ff019f8c29411c24f489c4aee6be489c7a7596b20a81bc0e9917f3cbad17a304d7106664f366bd22c8576e44330770e857

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 66c0c0cf1b264c3e979e896a4c8ac14f
SHA1 fb0cfa848e7d2c97907f730878b08cbb6b5819f2
SHA256 fb3bbee3b6522b100ca216b682941d41bfcf27b6b482a3ae931ee482b249f453
SHA512 162fc44bc305ff671ce14982c6a5a23b9e844b56c729db081a8c5d3e96bdc9c69d308589d3671700fcf6b2716b98a6be4247fdfc8bdb09f73517be4a28e053d3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 c978e8a5d696e0d931ce05aaab328878
SHA1 9b56e712aadf8584427f10f2a38b60d9489ba5c7
SHA256 4c9674de4267d2a8387ce438796f7483db19695aa1df62e98937e0ea00b1bb20
SHA512 c435f8ca82bc99d18e3d11673a225d91fe1db2e6b157559214b26b0cdfcd5d5c4af4df3e540b3292fb0c57451e9f3118aa55e8969472e95cbd8b462255bb71a1

C:\Program Files (x86)\Steam\userdata\1214517055\7\remote\sharedconfig.vdf

MD5 2a81a729a8603ac5c4f0011543d689b8
SHA1 e15d0f21effd43a485cc64b663885a03743d7eba
SHA256 046124f01dc65f5f9e1de97c0674cc35c3fe05be9620afba1f14d1bdcb06c2fb
SHA512 49ef3ec8091bc1f01e10aaecb156ca8ed49053dfe7c655c8b39ddbf0257a00f8e48037696be26178b22fec64575f2fd7b7bc0eb2677bc3f8e121256bebc6637f

memory/5576-14189-0x000001E53F600000-0x000001E53F6D6000-memory.dmp

memory/5576-14190-0x000001E53F6E0000-0x000001E53F711000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 55ac4b73be4ee1bcc2419fed4ba40a42
SHA1 77ef7a8f3dcea770d5b7a45d1ae85cc2da467250
SHA256 be488bfa49ba029215d4328dcf97de3a5b06ec0d082f5ba54327050349c52970
SHA512 b6711e6f9a1a1ded12d6f4a8f41c24f43a8ba408fb6f43c353e99027ae9d8ab6f14a5736be35bddcc5f1f4c6688f17be56a34c87987ad64319b30cf1001139b1

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5d7cc4.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

memory/16952-14204-0x000000006E660000-0x000000006F9A0000-memory.dmp

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 838f0dc6a42cbae7647def3b16b7f8cf
SHA1 82f75511a0d4f4154d8ce054b363996eb4ceffa5
SHA256 705b992824e53171a40fb8bcdd744d954fff8d8628ab020d2a52459756655a6a
SHA512 ce2a09fb18053659afccf05125e61c2f056a831a18f6e9616c2b2287c910878c8d2968342d8e3bd1146b8121e655e4ad9776ed445d5a64b29499edf425d8290e

memory/4828-14284-0x000002D54E6D0000-0x000002D54E701000-memory.dmp

memory/4828-14283-0x000002D54E800000-0x000002D54E8D6000-memory.dmp

memory/16952-14288-0x000000006E660000-0x000000006F9A0000-memory.dmp

C:\Program Files (x86)\Steam\config\stUI\Steamtools.exe

MD5 1a475aa5000d3958df447de17e0dc14b
SHA1 8a45a8a2b38a524633a99abc7994aa0ac46c03ce
SHA256 1208c4d240918ab0b4767bc6a5c0cbe83ee7f21408fb0c5ea68769ebea759b3e
SHA512 e86be352a5732d18db772f3fc80a70ebb223d68148057663ed18aab5c2221fe6d1cb48d4f4e22940419e9144aeacdc03ea05739352f86aed7ce967afd7e80911

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 8c5d484c24a3d8e13019f33a4f41d472
SHA1 f4f153de35658ef9e91b584d7a7da33990729bf4
SHA256 d3c2a82984f49bc58efdf011159d4da2f6cc8a14b7dfb022c7116ec12f4e7e19
SHA512 a17501df212259145f561eefa40a5ea4950b6800510e5604e4b0bb79b4f2094cb2c8e1108f372efbac14b99e6666b502596b0dc73c5cba868dc64353d0f19a9c

C:\Program Files (x86)\Steam\appcache\librarycache\1161040_icon.jpg

MD5 7ecdaf8a54ec52b20640a88527512903
SHA1 3133a4d748ad3be61fe9db759339cd5de73339b5
SHA256 7bd8b75aec0a4d4a377f3ca3a023fd8b7c5fc7dc6a2a66d17f8cdfe5b731ab0c
SHA512 60ae2031eed0c38264f0d8db22a9b6efeb3f80c791e916e15a1730853162d56e0da014dbd93a5479bae4f3bdd5705ca89be70c90574a524abd1c276ed5c55a2d

memory/16952-14397-0x000000006E660000-0x000000006F9A0000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\manifest.json

MD5 2ff237adbc218a4934a8b361bcd3428e
SHA1 efad279269d9372dcf9c65b8527792e2e9e6ca7d
SHA256 25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827
SHA512 bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping16896_132340909\LICENSE

MD5 f6719687bed7403612eaed0b191eb4a9
SHA1 dd03919750e45507743bd089a659e8efcefa7af1
SHA256 afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512 dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

MD5 d1c4357c2a3d8e1c0938c6058e7ad429
SHA1 b58728c436cc228c341949e284dafb7dbb3a3f90
SHA256 500c3287d8c972f93cfdae7f81c414c26be0f69487fa4cccab337771d1591bdc
SHA512 be0e999a9749236454cb5ecceed5a2ba9dd46f61cd9884352c35e676b3416e05d1b21fa646e8db870c2371cd54a30d069600240d5bdbff333bbdfe69f316d51e

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 670e408614e9cf695a42e86bab71cdd5
SHA1 668e135247f7f4a93766095a7d9549598cbcea9b
SHA256 5d495dc927dbe777314339d53911339b3c2f379c298f9713f7c687d2e10a6941
SHA512 c02f4ad4082d0608db4043c1bcabf1d012f554c2ee6aebac0b447a2328140c145e87d1869b8feb68370df30688cd8db9d0219244b563218eac44346a84cef453

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 b231a64a898ef7a14f9bbdf993e147aa
SHA1 da95861b4c72ea22a7176aa02ba0f78baba37699
SHA256 9d58c9b6da8f645c8da731439218094ca7557e64ae01e06fedd1ba0177f135b6
SHA512 63e6fcd4840a5111b6f1b8da3612b64ce95bd02ed289b153901f8a3a2265757553c1841e494732346da98dfbce76d0a2449e0c210cc7437c2a2d485e88ef72f9

C:\Program Files (x86)\Steam\bin\diversion.dll

MD5 fb59f7262848e6c9413d76494d88e1c0
SHA1 9fcb582deb9e69b8b8f36522a859d206633010cd
SHA256 32dda887447b7b5fe74d7745cb6c2d28c677ba479435b4e4bdd8b7ac36379866
SHA512 1d2960b7549d4ce63041dd8e20f73a860d8ba32d7a70671a9ded5d539d364a68c621c6f95fe3c00b586cc2ec397d25211f832b5a72414d70c08b6cf6bf644776

C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf

MD5 d24a25a518956641a8603eac1c5a16d1
SHA1 1475d4e12dba46f55f22924e7230575a85e147c4
SHA256 54e1a2f71299960baac3be025d7247c3e0d0e64832151dc549aad1722f4dc83d
SHA512 33748b7b1b1ace7290d3bb9c5b9310e6c50a64d39c8a0acf0f7478acd09c456c3718f6c1b0f8bbafcf6ef6d0bf12d6f0b4f44e516b10339823f7e8f0f7cbd2dd

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\a3284f4b-90ea-4a0b-81ae-1d9636bf8e60.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 8851259a3f7165027420868e1e2bd9a2
SHA1 5e5dc5384ceadec946bb21e4da606498c0f28886
SHA256 b51d9edb787adb212eec01833574ca96a559f0dc66efecd1bcc76eb68785a107
SHA512 6564fd0a736e9665ff089c38c6c71675fe8b967413b1a566ff881b592ace42f2be4a1bc3c1d53b34cb3ff00822b3f55de74f790cc2c2dc0167ea6205163fe92d

C:\Program Files (x86)\Steam\userdata\1214517055\config\licensecache.async9036.tmp

MD5 ad0cf131f633ed40c27d118f0a7c8db6
SHA1 91d3d0a6203ad8c444b4b7b4b46d2da537b99f2f
SHA256 febcbcc4a17ac6c24b78716b005cbbc40a38bca2207c7b231c7a653198dfdb39
SHA512 4115cdb30707540a66ccaec09d15415fd87400570fafd112d2b9ad741cb475cf612aeb14d24c86cf58f00d3782546b9682e2c3a9bea525abd1b3195f9ff07801

C:\Program Files (x86)\Steam\config\config.vdf

MD5 b8cac8d66fc636852620ef83cd4c4d25
SHA1 0327cbd643c4f14cf8cbe667cd55fe6e13ea1872
SHA256 a26d829727b889e0dad0fc0af4297886d40f3d738ae0f30e4b136bc5867b853e
SHA512 4b200ebb5f260451b18b8449e226ed65ab6fb31830a131d45faaf758834eaaf01b3d3c5efdd63febd866048e979aba0481ed62610d887ff90341e28eb8287ae2

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 cacd26bcb1bd08ba20de5bc67233756f
SHA1 eaaba5d5b99779affe872c7306f027b7371cbff2
SHA256 54c82ef09f4bd8221a66da23c22d4d08a2782b562da40584bdb19a6a0b1dc351
SHA512 3e387b636f2de66a4d63775dc6673e3e32adc5be0a8a4391d124656c852e9a5c558592e88a4eac7ec4227c43383ab981891a19e640fb51beb39ee3338d8eb0ec

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 5592deabf2d8216c9a7a305ca1879c6f
SHA1 e1123a8ace4f06616afe0a489780a6510f8464bd
SHA256 caede2596c52ad15535df6a827f5a2d1f9cfca6e42d7b153ec2c31e12348724e
SHA512 565d1099fca00eebdc03a41e522f010a62f836b45192adc6b7f63e55e3e79d78ec899aaedbd2bfafedaf72cd95a59f0d52281aff1c458e4cbb51eda46575624f

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 66da644087e4079e448b23a352f89812
SHA1 9d11cfd4c4cd4033f1971c2d41cf627a3c60a8a9
SHA256 a72c0d4a0a4825a78fe6765800e2edcc1bad3f89c01ee2b571ce3185577b8db8
SHA512 262dc5851d06fbdf76492705822d978b00d774c482fc373ed5beb61a5bb3ec913a2bbe5eeb8a2806bb3e1240772a3b8a18cf9214189b13eae269446ad7529f47

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached_timestamp.txt

MD5 9283e8f3984c6c7b87d772f36721a0ad
SHA1 864f9fa32988fb72d919de12b93e7f56942849e8
SHA256 9d8d4f60565654379c5096e62b0930fc9e87cf49259d31af0a9034fb790a7d50
SHA512 9858a8ae89a520eb5ba0126fef080539d7b849498243b1b30f72b915b3b12a48e13712eba8f87e2939630ee44b8c55f894092e38390e6094b756422a784de087

C:\Program Files (x86)\Steam\resource\filter_profanity_english_cached.txt

MD5 0b8f38d6f219adb6af9a46e34c8b55c5
SHA1 abfb7eea3e2073ef536ef4c020b79dce54028174
SHA256 c6cced2a542c64817209699a48ba5c17f32ad47a5bb799d395d707f665378de8
SHA512 4a4dcd5efb3433f23848b7bcc18a430f05107985e48f280874f0058eac863b3ddac9f849ab55271f619c026a6282387f553f1ec25e16eba7cb68c850f314beea

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached_timestamp.txt

MD5 3dbfab45dc5699ad008586e555592bfe
SHA1 75481ecccc3cbe1e04dd6bcb215f8a76907a9e08
SHA256 a668b4e84f298c8b29bef63db15421084a41f7eff163e7812f6a06efe1f706ab
SHA512 2fffabae1674d33d9199f47864b5eb42031ee47ed5bfae4ea57d986fb586572d8d6dd15a567c761e00788ed912e1d58bf3256df3fd73bc117acccfc0a0135a41

C:\Program Files (x86)\Steam\resource\filter_banned_english_cached.txt

MD5 009ca439b8e68dbdb83850d51b07c736
SHA1 b8dd1986d15aef3dcba09c954577c780b549c582
SHA256 4bfbbfd0114ee78d7795835c64aae6dc6b525547748c5dd1150d7d1ff8757c43
SHA512 25e90b8b737b30879ec9073457cc7b30bdc46ed71b8885ce14f9c1946476d65c6bbdd0ddc19bb09c406cd9439837aec5c8ad007dbb5a4378842e1634429b093e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 ab2b912889b3469f5ee5ec59d79ad79b
SHA1 e18d1328a143a75f558e4e173f5475beb42b5280
SHA256 d4dfe2b214bb1ad34b5e4771bd7fdb918725f3b173254ac768070389aa63f3ab
SHA512 11333e9c57ed56fd5e95f2dd2797431c06359edb474f492a5634e71c3a803fc7bc2668314cd5822fb98d2dd68d73b0a5cc1baa031b23a6ceae448d223edd1ec0

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000005

MD5 8f661b8c2dc08d06a2992b1006fbf95d
SHA1 51f7614ee218ca027670a3bb0d7cfe1f23869602
SHA256 8bb39a6f700638d352b26ee0cb86fe5fd1127397dbc18d50a5bf37eb9ef6519a
SHA512 80789cf71769f1c03910535c610c942aa4be684433bcdff360ba309a6c15b3878920a49d1d1303c322de64f200b8e5d316b428b66668d51f9ddffaac0aa5f80f

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000006

MD5 944531387ce01bdf7ad736937b9b13b6
SHA1 df6268ebe74638714887588a1f43506b915e717b
SHA256 d6c997210287cecf290cc7c5cc99c13a46d874786d1747cace5f00713069e2a7
SHA512 25cbff327f7af6013476a5453847a5f0a4354a8efe773a4f7f8e29c4b8c12ba8105ed344109cf0a83ee6fe986468c2318b212d2eddc1dc2a6fb4ad9c7f9fc4c2

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000007

MD5 b63db6116a515c8ec16b58bbb1a0db89
SHA1 c8b53c1566bc23bf614f3faf2dd0e2be49aae50b
SHA256 58cf7a378014be774e0348655722edbf63b5470f6a4e84b19bb46e10349189a1
SHA512 b114bbb09dab653809bc63b9b7ce66be04b4baa50fa4ae938b1cafd86eac94b7742ece421fba8c491ad3b95980960acc9d30dc6f0c5e609f1494571583641ab7

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 369755a36ee4720a27050fee970b4d58
SHA1 fe6418070e38e1a64291347c90709d702dbc955f
SHA256 3066e36e54673060f1f49b04f475442d202ea50642da937c70f44a477c2d5408
SHA512 63493baf010cfa5bad1a6eff70c8b41753854d607eba15de44aedf8b28ba9b1ae0da0f77c6d88049c99761b16ec92f5fb00310f01556e6a9cd407f5b6fea18f6

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000010

MD5 38aefef2ea44c17d501cbb38cc0c7e54
SHA1 55dc9404f34f790e42508ea8d74d6ac87c8d6a94
SHA256 29f8a8da900ab06670e7e9c437bd27528ac311b4995d50c702972b29440ab194
SHA512 6cd0e45c109d9ef0e0a3419246af71b9dcca214775116bc5c318df53ab906ca33197d831d0b3c05ba004fd31889a5086454eb6e0ef12e594035d3b89f1d1e157

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012

MD5 487b3b54635e5e78cb40f06019e3d266
SHA1 5f27d3247d223035162688d39b8ca8921d662c38
SHA256 6ee6a4b5156c04085388db04e54cd35f0b77f68902545cdcbda5367503c0979b
SHA512 64cdd50b84d9cc6a8b39c70bf7c442e11af54401a02fa745d72f0a12fb9e72a64b9f2772bb8a98c489ab18a8d5fb6ff753e6c6922e2fe86117eff2fa63efea77

C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000013

MD5 757750902210ff3c0d12dee4dc5165c6
SHA1 a3599ca4bd5da9fb9c83e26813ef62327c541566
SHA256 72ff7d67ddc7bd23885cbba07f3889be27b50cb597ba41fd546343416676ba67
SHA512 ef5cb66e561d5f208a872c65b6732bdaa082d421f9815c8a5a439d5e749890e032c2309c1d7ec66d93d1f897941bb5e2c5f860fd9cf8e13adfbf1ab60aeca27b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 efa8f9058a67601a8cfd6392b6bb5466
SHA1 478aa58da86e8b2213fae0c9725245a5952f7e8b
SHA256 cc879160d035de0e02be2ac4b5cd97e41c46c9fdc14cfe00469386f55baaf194
SHA512 f355934fb4ca0068ceb0c27c45eb3a33637b4ada89dd27bc768373b3b5203ec561abce6749f5f8ea94461d7ab85583f39f1e52d12a76d949d48f62adb6bb7381

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b3e8f97535c2e29d3f9d028a2fe12db
SHA1 a9f620ac92437d0ffbc75e0f3426ffc648c4edfa
SHA256 e040d5ec055127fa8b985eeda6e93ee37f7f69ee52824db49f481350e683ca51
SHA512 7b81ec2690ebf1b1b9c021acb353f3ce1b00597001f55cad48adf18be0e2f74f5c8e2ece5436065dd0af256028916c8d0e05f821b9f370dfa41d850fc2caee6b

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 e63a5c3213f59c7024ee8c54d9e4ebf7
SHA1 6c4911928ca15ccb10a1fe868415d7693a674e40
SHA256 8e144e00bc2d2e1a1ca772127d654845453be23b0f6e1ad1c9dd138e915ca208
SHA512 66478b5a241f4f5a3f60a6e956b52eb511c52bb5436ce78ae6fbe9d3e3d56e5cd5ed1c4b275493d84fea6bad72596761b3dc3d477a7ad22ce100d3d855e8a3c7

C:\Program Files (x86)\Steam\appcache\librarycache\1391110_icon.jpg

MD5 8566b7d265d3299e41928f18d265e801
SHA1 728b074ab0cf913a501f71d6c87108d972dd30c9
SHA256 dc265cedb299f7d0ebf039c2e09bd18e4b581b75da92cb4848f6e2b206c01c4f
SHA512 d6cf8cd1b9428a4b5bbe6073c84433493760f7c3a3df7d0fb70affcbf1970e7dcce9eb849bf26f843b1bd6c042dcd877dc25bd698430bebc65530863168e0d4a

C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

MD5 0bed03405ec46db9d151394d6558110a
SHA1 2de1377b17562b03c7462d593d8bfb9203148496
SHA256 5361180dc68ade2aee114c8cc1e3bec247ce0e9b2d3458fc996a4b8c01c911a2
SHA512 2b420a451e7cf4910433d1699c427bc2db665003648818f786ed2147890cfdeb1a41f337cc9c2fd5649b2bd2104f266102433913060aaaab51dbf388d3f89563

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

MD5 5f573153240f02f20d138f0ccefc2145
SHA1 a45eeb35839d5e6f2cd118dfbd34cb01c2f76d8e
SHA256 f731dc29c16d723fa0224a9362a208e63a817db7360ef281711095531bdccea8
SHA512 8bb90b24d893e11c51339fa818a3c36b21e526949ff50e9e87efd0abcd190ce1aeed8800a8f19efc51e1ac095f1ada2189f223b4d1eb578c1dfbef455feebac9

C:\Program Files (x86)\Steam\logs\cef_log.txt

MD5 fcad4452b8ce1b3bf3266f907e108ced
SHA1 ed168ab9c347c742fb08d6160ade5363623fa358
SHA256 cb59ed63b18f34dda370569671d7eb7e9297a0679060767135dcba258c6e8af1
SHA512 1897adf8c711855d3f42d2ee057944da6b62bfb4ee8897a8870cf038afa700d0b6df6a454c9edb31d6d98eee755faa81d1aaf92b5d6cf2eb80163ac20bb57450

C:\Program Files (x86)\Steam\dumps\settings.dat

MD5 58f98e85e36fdd77393741e72f0ff7c6
SHA1 7bde6a61877bea5249d7c41a3ebf54eaa9c38290
SHA256 33cea85174824a3fe6de400e4980ae569a2ac67c64551a3736ffbb05f301d17b
SHA512 eda19c8966361ad601fd799e8aafa82a489e53ef4b9a35644a6118f18b17c1520414b970871b0d52f61ca288aff8424ce4f4fec44557d348fe5c644fbfa4a814

C:\Program Files (x86)\Steam\userdata\1214517055\7\remotecache.vdf

MD5 f0b500f86360574a1e9b49d0ac699461
SHA1 5621b6661119ce156957478937b22b76d030c413
SHA256 c4872ab01e2e71b33732d25055fabf5ef053f91ea9e773ab89972c1d4187d02b
SHA512 bd76d224754522c6368d2f00b53879351a5e5ceb45607e56d5c1e61c72074cf5c013853b72e2ca554e64c002f634814aa52cf8c5e926cb200a215cd2ec6655f6

C:\Program Files (x86)\Steam\config\config.vdf

MD5 d51e4ac9ef1725785fb5b1f7c155c0fa
SHA1 f9dba2e422849d9a956064b8460c1813f406ae71
SHA256 86e2f029a04f9cb521a60b5a5cac9b592eddc62019b2094c270abd28d5a3bba1
SHA512 6f8de7a1f42cc029ecff0a96968e72a3dd20836234960716ff51d83d1f3531ca36598411eee2e9604163337551252434fd0e2093907947ccc9289ec68c42ff4f

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 29e348db795263aabcb5533b608d3d84
SHA1 17c21523a38095c9cdda96756341ed10bdaffe69
SHA256 750aae583b9d68362e592c591f63bffc15b55c4e0c58980ba8b54b1be2e5a528
SHA512 5dc821b7e37596c8d73354e20e1ef4e3d80e29bc71ac03505941637431374d6d1b1111e5c85e50db4438efe0b7e7aa2e728fd69cb92466fa9d5b02bc328b82fe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6d41eaee63c97b3626d6a6fd70a77b79
SHA1 5c62e93a0dbcaf0c8463fd28d32af47b853fd694
SHA256 006ca19bdc39a8c9614bf3fd67e87d9259b2f7e8b81a0608a982430e33d15615
SHA512 4d6b895c09aae565f723b2b779b6651c9cbee4066d90e723a7e377d1722cd17ca6150200dea8146d9b59915a7cd7ff0dc2fac0d1299ec83a640b91e9e3b6ec5d

C:\Program Files (x86)\Steam\userdata\1214517055\config\localconfig.vdf

MD5 eb971e13d14f4c2ff6a80c5046310a29
SHA1 3f0507f1b91da73c1f837a0681162d95624462f1
SHA256 950671bff94812dd1f5e8e15253dd88750f4bb1862e9fa0c1fb0f150b611659f
SHA512 7876d796cc7ac000f7fc1e554581db2cce904d8eaea3181ed8aab6202c286d24c436777d9d3695682f363eab2445cd96e769a117a13d090ca652920e0690695b

C:\Program Files (x86)\Steam\appcache\librarycache\635_icon.jpg

MD5 3d325e63058d54d0d29c96f9a92b500f
SHA1 2263391453e3f77856db1078f0f168fb99dd2c51
SHA256 02d01fd6ca74d92044b8e94621ebbefb17294dcd6bb0c824da2f214823497968
SHA512 20ae8d1d06ebb0c17c40ec2dee29f0b7bda83f83fc46c6cfe9a8022727a9e7df70254320ece9f4e3899a568901f376434e2b0055b1177886b9993cd4db5a049f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms

MD5 6d9a6fd8ec09a0e81c502808ad863abc
SHA1 4fa82747d4338867fb07fde77aae85b094662045
SHA256 86a3177ad0ac372ba6fc5294dd3417d3a17ad6f4ec362d4b3e837aaefb42181e
SHA512 97d961fed4a5478febcbd0bbc61da29ad99f7871c6aac72f451a5409b13bdd463331008ed298156509ca4003f4ac9c5f7fc974807d9528b1606eb08301389e32

C:\Program Files (x86)\Steam\appcache\librarycache\730_header.jpg

MD5 5f565e7dee2204792ee3da3c669a1c87
SHA1 c9f6868ac237770c63dce472ccec0c8fc648b9cf
SHA256 3d60645c8fdddc4bfe8a9e55dc1b4650311b2e8220f221908c8ef1cd94f067fa
SHA512 d1f211c877681f2c8b40813f7595b7137c5d6747a6670cc9766f14f923a3e76f8f83734980d2adaf9c1ae7f45ccbb3026f4ad0e04c1289df6101913b89fb8958

C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

MD5 9e01b37da94b5515258bfa5ccd3febeb
SHA1 26cb578888bea0fe199426179d6b4a2f70055ed4
SHA256 8b94859f6bfb818c8687315aeed2febc1631bbc49c9dcf0279b4dec9de1dd74a
SHA512 9b8a234dd26253f7310b1ed6ad5717e9499192dc56d8e53233e8eeb2f37964c35e9ab1aa72a955a229c456f394b5faeb422707b77408777708fcffae460f318b