blackmoon | 0582b53407ec1509be024523fc82ac8a1d528bd670e931542f81dea17e347bc4

Analysis

max time kernel
2700s
max time network
2703s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2023 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d381bb52634f826.exe
Size

285KB
MD5

e72c60640dbe31fce8b08d8190282763
SHA1

476fd543dbb50cd60ea189369cc5014c1b7811d4
SHA256

0582b53407ec1509be024523fc82ac8a1d528bd670e931542f81dea17e347bc4
SHA512

19a40c4ff023a8109bb9b9c5cadd3e5a1b257ecab5c53fe7bb07520f8e8984d6128bad68863b54a23cf1982a2b6e0ae7fedc8375fab4033a7eaf4436f0ee6b92
SSDEEP

6144:LMYVjTqJ0dIS8l2I9FIs5oGHs+xgjhK2BV+L0CNCWiZnDoS:LMYpqMIfTKd+xYBAL0CALDoS

Score

10^/10

blackmoon banker microsoft discovery persistence phishing trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/744-134-0x0000000000400000-0x00000000004D8000-memory.dmp	family_blackmoon
behavioral1/memory/744-135-0x0000000000400000-0x00000000004D8000-memory.dmp	family_blackmoon
behavioral1/memory/4108-32394-0x0000000000400000-0x00000000004D8000-memory.dmp	family_blackmoon
behavioral1/memory/6012-32523-0x0000000000400000-0x00000000004D8000-memory.dmp	family_blackmoon

Blocklisted process makes network request 3 IoCs

Processes:

MSIEXEC.EXE

flow pid process

2204 5660 MSIEXEC.EXE
2206 5660 MSIEXEC.EXE
2208 5660 MSIEXEC.EXE
Downloads MZ/PE file

flow	pid	process
2204	5660	MSIEXEC.EXE
2206	5660	MSIEXEC.EXE
2208	5660	MSIEXEC.EXE

Drops file in Drivers directory 6 IoCs

Processes:

Procmon64.exeProcmon64.exeProcmon64.exe

description	ioc	process
File opened for modification	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe
File created	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe
File opened for modification	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe
File created	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe
File opened for modification	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe
File created	C:\Windows\system32\Drivers\PROCMON24.SYS	Procmon64.exe

Sets service image path in registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Procmon64.exeProcmon64.exeProcmon64.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCMON24\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCMON24.SYS"	Procmon64.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCMON24\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCMON24.SYS"	Procmon64.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCMON24\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCMON24.SYS"	Procmon64.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files (x86)\Steam\winhttp.dll	acprotect

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exeProcmon.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exeProcmon.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exewinrar-x64-622.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Procmon.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Procmon.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	winrar-x64-622.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	steamwebhelper.exe

Executes dropped EXE 64 IoCs

Processes:

SteamSetup.exesteamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamerrorreporter64.exewinrar-x64-622.exeuninstall.exeWinRAR.exeWinRAR.exex32dbg.exesteamwebhelper.exe1d381bb52634f826.exe1d381bb52634f826.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

pid	process
4124	SteamSetup.exe
4968	steamservice.exe
744	steam.exe
5580	steam.exe
6744	steamwebhelper.exe
5220	steamwebhelper.exe
1816	steamwebhelper.exe
5896	steamwebhelper.exe
1428	gldriverquery64.exe
4928	steamwebhelper.exe
6872	gldriverquery.exe
5584	vulkandriverquery64.exe
7132	vulkandriverquery.exe
5576	steamerrorreporter64.exe
6952	winrar-x64-622.exe
2100	uninstall.exe
1456	WinRAR.exe
7052	WinRAR.exe
1984	x32dbg.exe
2568	steamwebhelper.exe
2020	1d381bb52634f826.exe
4108	1d381bb52634f826.exe
5904	steam.exe
5100	steamwebhelper.exe
5088	steamwebhelper.exe
4984	steamwebhelper.exe
5212	steamwebhelper.exe
5648	gldriverquery64.exe
5168	steamwebhelper.exe
380	gldriverquery.exe
4016	vulkandriverquery64.exe
6016	vulkandriverquery.exe
6508	steamwebhelper.exe
6504	steamwebhelper.exe
5092	steamwebhelper.exe
7148	steam.exe
4976	steamwebhelper.exe
1044	steamwebhelper.exe
6840	steamwebhelper.exe
5632	steamwebhelper.exe
6688	gldriverquery64.exe
6408	steamwebhelper.exe
6232	gldriverquery.exe
4016	vulkandriverquery64.exe
4368	vulkandriverquery.exe
4424	steamwebhelper.exe
5676	steamwebhelper.exe
2828	steamwebhelper.exe
6836	steamwebhelper.exe
5584	steam.exe
5088	steamwebhelper.exe
6836	steamwebhelper.exe
6832	steamwebhelper.exe
6264	steamwebhelper.exe
1356	gldriverquery64.exe
5840	steamwebhelper.exe
6176	gldriverquery.exe
6260	vulkandriverquery64.exe
980	vulkandriverquery.exe
1160	steamwebhelper.exe
6196	steamwebhelper.exe
5784	steamwebhelper.exe
6932	steamwebhelper.exe
1252	steamwebhelper.exe

Loads dropped DLL 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter64.exex32dbg.exe

pid	process
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
5220	steamwebhelper.exe
5220	steamwebhelper.exe
5220	steamwebhelper.exe
5580	steam.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
1816	steamwebhelper.exe
5580	steam.exe
5896	steamwebhelper.exe
5896	steamwebhelper.exe
5896	steamwebhelper.exe
5580	steam.exe
4928	steamwebhelper.exe
4928	steamwebhelper.exe
4928	steamwebhelper.exe
4928	steamwebhelper.exe
5576	steamerrorreporter64.exe
5576	steamerrorreporter64.exe
3144
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

uninstall.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

uninstall.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe

UPX packed file 30 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/744-134-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/744-135-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/2020-21612-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/2020-21641-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/2020-22692-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/4108-22714-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/4108-22748-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/5904-23542-0x0000000075000000-0x0000000075050000-memory.dmp	upx
behavioral1/memory/5904-23751-0x0000000075000000-0x0000000075050000-memory.dmp	upx
behavioral1/memory/5904-24235-0x0000000075000000-0x0000000075050000-memory.dmp	upx
behavioral1/memory/7148-24262-0x0000000074F50000-0x0000000074FA0000-memory.dmp	upx
behavioral1/memory/7148-24467-0x0000000074F50000-0x0000000074FA0000-memory.dmp	upx
C:\Program Files (x86)\Steam\winhttp.dll	upx
behavioral1/memory/5584-24875-0x0000000074F50000-0x0000000074FA0000-memory.dmp	upx
behavioral1/memory/5584-25049-0x0000000074F50000-0x0000000074FA0000-memory.dmp	upx
behavioral1/memory/5584-25266-0x0000000074F50000-0x0000000074FA0000-memory.dmp	upx
behavioral1/memory/4016-25316-0x0000000075010000-0x0000000075060000-memory.dmp	upx
behavioral1/memory/4016-25506-0x0000000075010000-0x0000000075060000-memory.dmp	upx
behavioral1/memory/4016-25569-0x0000000075010000-0x0000000075060000-memory.dmp	upx
behavioral1/memory/2764-25617-0x000000006FD00000-0x000000006FD50000-memory.dmp	upx
behavioral1/memory/2764-25704-0x000000006FD00000-0x000000006FD50000-memory.dmp	upx
behavioral1/memory/5820-29489-0x0000000074FE0000-0x0000000075030000-memory.dmp	upx
behavioral1/memory/5820-29639-0x0000000074FE0000-0x0000000075030000-memory.dmp	upx
behavioral1/memory/5820-29898-0x0000000074FE0000-0x0000000075030000-memory.dmp	upx
behavioral1/memory/2636-31076-0x0000000074FE0000-0x0000000075030000-memory.dmp	upx
behavioral1/memory/2636-31236-0x0000000074FE0000-0x0000000075030000-memory.dmp	upx
behavioral1/memory/4108-32394-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/6012-32411-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/6012-32523-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral1/memory/2636-32544-0x0000000074FE0000-0x0000000075030000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

SteamSetup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	SteamSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

MSIEXEC.EXEmsiexec.exe

description	ioc	process
File opened (read-only)	\??\W:	MSIEXEC.EXE
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\F:	MSIEXEC.EXE
File opened (read-only)	\??\J:	MSIEXEC.EXE
File opened (read-only)	\??\K:	MSIEXEC.EXE
File opened (read-only)	\??\N:	MSIEXEC.EXE
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	MSIEXEC.EXE
File opened (read-only)	\??\U:	MSIEXEC.EXE
File opened (read-only)	\??\H:	MSIEXEC.EXE
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\A:	MSIEXEC.EXE
File opened (read-only)	\??\S:	MSIEXEC.EXE
File opened (read-only)	\??\T:	MSIEXEC.EXE
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	MSIEXEC.EXE
File opened (read-only)	\??\L:	MSIEXEC.EXE
File opened (read-only)	\??\O:	MSIEXEC.EXE
File opened (read-only)	\??\R:	MSIEXEC.EXE
File opened (read-only)	\??\E:	MSIEXEC.EXE
File opened (read-only)	\??\X:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	MSIEXEC.EXE
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	MSIEXEC.EXE
File opened (read-only)	\??\Q:	MSIEXEC.EXE
File opened (read-only)	\??\V:	MSIEXEC.EXE
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	MSIEXEC.EXE
File opened (read-only)	\??\P:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	MSIEXEC.EXE
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Suspicious use of SetThreadContext 64 IoCs

Processes:

x32dbg.exe

description	pid	process	target process
PID 1984 set thread context of 2020	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 2020	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 2020	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe
PID 1984 set thread context of 4108	1984	x32dbg.exe	1d381bb52634f826.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exesteam.exeSteamSetup.exesteam.exesteam.exesteam.exe

description	ioc	process
File created	C:\Program Files\rohitab.com\API Monitor\API\Interfaces\PropertySystem\IPropertyUI.xml	msiexec.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\Interfaces\WindowsSync\IEnumSyncChanges.xml	msiexec.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\MMF\IMFRemoteProxy.xml	msiexec.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\styles\store\store_setcoupon.css_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_down_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_down_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\layout\overlay_microtxn_authmessagebox.layout_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_rtrackpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lg_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_button_steam_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt	SteamSetup.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\MMF\IMFASFMutualExclusion.xml	msiexec.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\WindowsStore\DeviceAccess\ICreateDeviceAccessAsync.xml	msiexec.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\store\Icon_CheckDefault.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_pirate.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_french.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_polish.txt_	steam.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\Windows\Pdh.xml	msiexec.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_swipe_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_bumper_end_02.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_090_media_0301.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\libraries\libraries~d653ab458.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_schinese-json.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_r_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_touch.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_lt_click_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\InstallSubConvertApps.res_	steam.exe
File opened for modification	C:\Program Files (x86)\Steam\appcache\httpcache\9b\9b1a5419e59668b25afa1b8291fdf6097c8faadd_da39a3ee5e6b4b0d3255bfef95601890afd80709	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\store\slideshow_glow.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\layout\notification_virtualhere.xml_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_l_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_click_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\Receipt_Server_Timeout_BFS.res_	steam.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\Interfaces\DirectShow\IAMClockSlave.xml	msiexec.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\sounds\ambient\amb_bigfoot_backing_part_03_06.mp3_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0190.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\textinput\drop01.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\layout\library\controller_sourcemode_hotbar.xml_	steam.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\Interfaces\IErrorLog.xml	msiexec.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_stop_over@2x.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_button_view.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r2_half_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_brazilian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_button_minus_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_040_act_0335.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\trackerui_portuguese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_left_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_ring.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_r2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_outlined_button_square_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\sounds\ambient\amb_bigfoot_backing_part_02_08.mp3_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\controller_support_partial.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_dpad_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_lstick_right_sm.png_	steam.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\Interfaces\Shell\IHandlerInfo.xml	msiexec.exe
File opened for modification	C:\Program Files (x86)\Steam\logs\systemaudiomanager.txt	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\SendGuestPassResultSubPanel.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steam\cached\offline_russian.html_	steam.exe
File created	C:\Program Files (x86)\Steam\logs\steamui_html.txt	steam.exe
File created	C:\Program Files\rohitab.com\API Monitor\API\Interfaces\Direct2D\ID2D1BorderTransform.xml	msiexec.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\layout\library\controller_sourcemode_mousejoystick.xml_	steam.exe

Drops file in Windows directory 19 IoCs

Processes:

msiexec.exe1d381bb52634f826.exe

description	ioc	process
File created	C:\Windows\Installer\SourceHash{13BE68B1-7498-48AB-9D22-AD3AB6532531}	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\{13BE68B1-7498-48AB-9D22-AD3AB6532531}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{13BE68B1-7498-48AB-9D22-AD3AB6532531}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9D75.tmp	msiexec.exe
File created	C:\Windows\gzip.dll	1d381bb52634f826.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7BF1.tmp	msiexec.exe
File created	C:\Windows\Installer\{13BE68B1-7498-48AB-9D22-AD3AB6532531}\apimonitor_x64.exe_7A57C85811F64F36B5D3511C83679942.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{13BE68B1-7498-48AB-9D22-AD3AB6532531}\apimonitor_x64.exe_7A57C85811F64F36B5D3511C83679942.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9D96.tmp	msiexec.exe
File created	C:\Windows\Installer\e6c79ed.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e6c79ed.msi	msiexec.exe
File created	C:\Windows\Installer\e6c79ef.msi	msiexec.exe
File created	C:\Windows\Installer\{13BE68B1-7498-48AB-9D22-AD3AB6532531}\apimonitor_x86.exe_F05706780B6B49ED9A28D61B5BDAAC48.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{13BE68B1-7498-48AB-9D22-AD3AB6532531}\apimonitor_x86.exe_F05706780B6B49ED9A28D61B5BDAAC48.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C21.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7AD7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

steamwebhelper.exesteam.exesteam.exesteamwebhelper.exesteam.exesteam.exesteamwebhelper.exesteam.exesteam.exesteamwebhelper.exesteam.exesteam.exesteamwebhelper.exefirefox.exesteam.exesteamwebhelper.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteam.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe

Kills process with taskkill 12 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
1696	taskkill.exe
5636	taskkill.exe
5756	taskkill.exe
1840	taskkill.exe
4712	taskkill.exe
1360	taskkill.exe
5884	taskkill.exe
3252	taskkill.exe
3380	taskkill.exe
3380	taskkill.exe
532	taskkill.exe
4368	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

WinRAR.exeapimonitor-x86.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\IESettingSync	WinRAR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	WinRAR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TypedURLs	apimonitor-x86.exe

Modifies data under HKEY_USERS 16 IoCs

Processes:

msiexec.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe
Key created	\REGISTRY\USER\	steamwebhelper.exe

Modifies registry class 64 IoCs

Processes:

x32dbg.exesteam.exeuninstall.exesteam.exesteamservice.exesteamwebhelper.exesteam.exeProcmon64.exesteam.exesteam.exemsiexec.exesteam.exesteam.exesteam.exesteam.exesteam.exesteamwebhelper.exesteam.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	x32dbg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r25\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.001\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r17\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	x32dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	x32dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\	steamwebhelper.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.uue	uninstall.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.PML\ = "ProcMon.Logfile.1"	Procmon64.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r16\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rohitab.ApiMonitor.Capture.x86\shell\open\command\ = "C:\\Program Files\\rohitab.com\\API Monitor\\apimonitor-x86.exe \"%1\""	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open	uninstall.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rohitab.ApiMonitor.Capture.x64\DefaultIcon\ = "C:\\Program Files\\rohitab.com\\API Monitor\\apimonitor-x64.exe,1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r23\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steam	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steamlink	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1B86EB318947BA84D922DAA36B355213\API_Monitor_x86	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steam	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	x32dbg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	x32dbg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r12\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0	x32dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\	steamwebhelper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r07\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Rohitab.ApiMonitor.Capture.x64\AppUserModelID = "Rohitab.ApiMonitor.x64"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\steamlink	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.arj	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Rohitab.ApiMonitor.Capture.x86\shell\open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steam.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steam.exe

Modifies system certificate store 2 TTPs 21 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

x32dbg.exesteam.exesteamwebhelper.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	x32dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steamwebhelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	x32dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	x32dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	x32dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	x32dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c000000010000000400000000080000040000000100000010000000d5e98140c51869fc462c8975620faa7803000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df11900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	x32dbg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	steam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a50f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	x32dbg.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	x32dbg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	x32dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	x32dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa7803000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	x32dbg.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	steam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	steamwebhelper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	steamwebhelper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	x32dbg.exe

NTFS ADS 6 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\winrar-x64-622.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\ProcessMonitor.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\api-monitor-v2r13-setup-x64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\tool.rar:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

6884 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

x32dbg.exe

pid process

1984 x32dbg.exe

pid	process
6884	NOTEPAD.EXE

pid	process
1984	x32dbg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SteamSetup.exesteam.exesteamwebhelper.exesteamerrorreporter64.exe

pid	process
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
4124	SteamSetup.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5896	steamwebhelper.exe
5896	steamwebhelper.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5576	steamerrorreporter64.exe
5576	steamerrorreporter64.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe
5580	steam.exe

Suspicious behavior: GetForegroundWindowSpam 19 IoCs

Processes:

steam.exeWinRAR.exeWinRAR.exex32dbg.exesteam.exesteam.exesteam.exesteam.exesteam.exeWinRAR.exeProcmon64.exeapimonitor-x86.exesteam.exesteam.exesteam.exesteam.exesteam.exesteam.exesteam.exe

pid	process
5580	steam.exe
1456	WinRAR.exe
7052	WinRAR.exe
1984	x32dbg.exe
5904	steam.exe
7148	steam.exe
5584	steam.exe
4016	steam.exe
2764	steam.exe
6252	WinRAR.exe
4524	Procmon64.exe
6996	apimonitor-x86.exe
5124	steam.exe
5820	steam.exe
5844	steam.exe
6020	steam.exe
6544	steam.exe
2636	steam.exe
1348	steam.exe

Suspicious behavior: LoadsDriver 4 IoCs

Processes:

Procmon64.exeProcmon64.exeProcmon64.exe

pid process

672
4524 Procmon64.exe
4068 Procmon64.exe
3800 Procmon64.exe

pid	process
672
4524	Procmon64.exe
4068	Procmon64.exe
3800	Procmon64.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

1d381bb52634f826.exefirefox.exeSteamSetup.exesteamservice.exeuninstall.exex32dbg.exe1d381bb52634f826.exetaskkill.exesteam.exe

description	pid	process
Token: SeDebugPrivilege	744	1d381bb52634f826.exe
Token: SeDebugPrivilege	744	1d381bb52634f826.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	4124	SteamSetup.exe
Token: SeDebugPrivilege	4124	SteamSetup.exe
Token: SeDebugPrivilege	4124	SteamSetup.exe
Token: SeDebugPrivilege	4124	SteamSetup.exe
Token: SeDebugPrivilege	4124	SteamSetup.exe
Token: SeSecurityPrivilege	4968	steamservice.exe
Token: SeSecurityPrivilege	4968	steamservice.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	2100	uninstall.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1984	x32dbg.exe
Token: SeDebugPrivilege	1984	x32dbg.exe
Token: SeDebugPrivilege	1984	x32dbg.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1984	x32dbg.exe
Token: SeDebugPrivilege	1984	x32dbg.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1984	x32dbg.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	1984	x32dbg.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	4108	1d381bb52634f826.exe
Token: SeDebugPrivilege	4108	1d381bb52634f826.exe
Token: SeDebugPrivilege	1304	firefox.exe
Token: SeDebugPrivilege	5884	taskkill.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe
Token: SeDebugPrivilege	5904	steam.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exesteamwebhelper.exeWinRAR.exeWinRAR.exesteamwebhelper.exe

pid	process
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
1456	WinRAR.exe
1456	WinRAR.exe
1456	WinRAR.exe
1456	WinRAR.exe
1456	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
7052	WinRAR.exe
6744	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exesteamwebhelper.exesteamwebhelper.exesteam.exe

pid	process
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
6744	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5100	steamwebhelper.exe
5904	steam.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

firefox.exeSteamSetup.exesteamservice.exesteam.exeOpenWith.exewinrar-x64-622.exeuninstall.exeWinRAR.exex32dbg.exesteam.exesteam.exesteam.exesteam.exesteam.exeProcmon64.exeProcmon64.exeProcmon64.exeapimonitor-x86.exe

pid	process
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
4124	SteamSetup.exe
4968	steamservice.exe
5580	steam.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
6952	winrar-x64-622.exe
6952	winrar-x64-622.exe
6952	winrar-x64-622.exe
2100	uninstall.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1456	WinRAR.exe
1456	WinRAR.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
1984	x32dbg.exe
5904	steam.exe
7148	steam.exe
5584	steam.exe
4016	steam.exe
2764	steam.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
4524	Procmon64.exe
4524	Procmon64.exe
4524	Procmon64.exe
4068	Procmon64.exe
4068	Procmon64.exe
4068	Procmon64.exe
3800	Procmon64.exe
3800	Procmon64.exe
3800	Procmon64.exe
1304	firefox.exe
1304	firefox.exe
1304	firefox.exe
6996	apimonitor-x86.exe
6996	apimonitor-x86.exe
6996	apimonitor-x86.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 2148 wrote to memory of 1304	2148	firefox.exe	firefox.exe
PID 1304 wrote to memory of 2708	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 2708	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 4652	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 1760	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 1760	1304	firefox.exe	firefox.exe
PID 1304 wrote to memory of 1760	1304	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1d381bb52634f826.exe
"C:\Users\Admin\AppData\Local\Temp\1d381bb52634f826.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.0.1688313076\421319121" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5fbba03-33f4-4909-9a07-24b1c25008ab} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 1916 19093a19858 gpu
3⤵
PID:2708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.1.1205817521\1794877421" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a18b761-6a7b-43df-86ee-90377aa86f9e} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 2316 19085a6fb58 socket
3⤵
PID:4652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.2.618356030\1841141980" -childID 1 -isForBrowser -prefsHandle 3248 -prefMapHandle 3264 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ce4bd1b-1f20-486a-b6e7-92e84bd51c98} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 3168 190966f8158 tab
3⤵
PID:1760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.3.2081364998\2068520839" -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3324 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f3a1b97-3c62-4058-8218-ce04ff514a1a} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 3688 19085a64758 tab
3⤵
PID:1552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.4.175448807\859499452" -childID 3 -isForBrowser -prefsHandle 4100 -prefMapHandle 4092 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eac0f3f4-df5f-4d56-9240-0f5e76e2a7b4} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 4112 19085a62b58 tab
3⤵
PID:4504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.7.2033885077\897886900" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1275efc-9aee-4286-a9d7-a218e671d4a2} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5352 190991a4858 tab
3⤵
PID:1020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.6.1509110103\642931281" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b23a3574-a7af-4ed3-955e-07acb264b63c} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5160 190991a3658 tab
3⤵
PID:1344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.5.538545383\1946046625" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 4916 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c63f429-e847-40db-91d3-990a9a878b85} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5044 190991a2a58 tab
3⤵
PID:4896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.8.1612680967\1092976461" -childID 7 -isForBrowser -prefsHandle 5144 -prefMapHandle 5776 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce1252b1-52b0-4d75-a6cb-1b710e13077c} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5772 1909a7c3658 tab
3⤵
PID:972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.9.76219037\1641697305" -childID 8 -isForBrowser -prefsHandle 5128 -prefMapHandle 2792 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {029ad796-64f6-4487-bef8-a48508b5efcd} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5048 19098d74858 tab
3⤵
PID:4340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.10.185610474\884503291" -parentBuildID 20221007134813 -prefsHandle 3176 -prefMapHandle 4672 -prefsLen 27171 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {777dd2f7-19be-4db2-be5b-e0f5ed9461a5} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 4544 19098d74b58 rdd
3⤵
PID:1724

C:\Users\Admin\Downloads\SteamSetup.exe
"C:\Users\Admin\Downloads\SteamSetup.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4124

C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.11.2034069539\1922007526" -childID 9 -isForBrowser -prefsHandle 5068 -prefMapHandle 7004 -prefsLen 30344 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6255424d-6085-4db8-8f7c-c8e392fe8746} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 6992 19085a68d58 tab
3⤵
PID:5916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.12.2060104743\154354867" -childID 10 -isForBrowser -prefsHandle 7660 -prefMapHandle 7636 -prefsLen 30344 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2fc4308-c911-4dc1-9694-de1c4b45b0ee} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7868 19099dc4458 tab
3⤵
PID:7112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.13.670989126\1095438646" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6888 -prefMapHandle 7556 -prefsLen 30344 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c5d78d9-23d7-4c0d-9922-048e503cee6d} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7252 1909c02ea58 utility
3⤵
PID:2300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.14.718256251\355648595" -childID 11 -isForBrowser -prefsHandle 7412 -prefMapHandle 7240 -prefsLen 30344 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdba5454-d297-4f85-b0f5-b68195f92c6d} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7744 19095b5d258 tab
3⤵
PID:5904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.15.1118467227\1972397826" -childID 12 -isForBrowser -prefsHandle 5140 -prefMapHandle 5576 -prefsLen 30344 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {071f4bfa-38e1-4dca-81ac-b9009e598ed2} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 11872 1909dd2bb58 tab
3⤵
PID:7084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.16.372796027\1593542378" -childID 13 -isForBrowser -prefsHandle 5944 -prefMapHandle 5932 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c9341fe-ad0f-4909-a530-08019abfa919} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5576 190a21a3058 tab
3⤵
PID:6264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.17.391474634\1996237916" -childID 14 -isForBrowser -prefsHandle 7184 -prefMapHandle 5104 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29b327b6-4629-416c-9fc4-29e12ec56215} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 6664 190a0c44b58 tab
3⤵
PID:5976

C:\Users\Admin\Downloads\winrar-x64-622.exe
"C:\Users\Admin\Downloads\winrar-x64-622.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6952

C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
4⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.19.862425632\1857896470" -childID 16 -isForBrowser -prefsHandle 11596 -prefMapHandle 11592 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd94451a-7fba-4180-a497-1647cbda2906} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7424 190a32b0c58 tab
3⤵
PID:6484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.18.1418744217\2145739329" -childID 15 -isForBrowser -prefsHandle 7216 -prefMapHandle 7392 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf0465db-fc4f-4e47-babd-08b032fbf15a} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7280 1909febbb58 tab
3⤵
PID:1424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.20.2134281513\844873943" -childID 17 -isForBrowser -prefsHandle 7624 -prefMapHandle 7828 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2449501c-b8ae-4096-b40d-70c84e7f1c3b} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7792 1909e5ab158 tab
3⤵
PID:3288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.22.607042428\1649463828" -childID 19 -isForBrowser -prefsHandle 7516 -prefMapHandle 7640 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f603c307-4aa0-424a-b759-d622e499bc5c} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 4568 190a11c1c58 tab
3⤵
PID:1608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.21.1146558728\1647088754" -childID 18 -isForBrowser -prefsHandle 7832 -prefMapHandle 7696 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88aed6ff-c811-4073-917d-8bf768891ce6} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7408 190a11c0d58 tab
3⤵
PID:6548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.24.466978246\31810477" -childID 21 -isForBrowser -prefsHandle 9044 -prefMapHandle 9040 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b735449-98dd-4bb7-8347-24344daf6b1e} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 9056 190a2ce8258 tab
3⤵
PID:6448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.23.2047777139\1563352058" -childID 20 -isForBrowser -prefsHandle 9032 -prefMapHandle 9028 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f860059d-d976-4d68-bad7-ac6b3f024a14} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 11260 190a37e2a58 tab
3⤵
PID:6328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.25.1444421348\1471088654" -childID 22 -isForBrowser -prefsHandle 8964 -prefMapHandle 8960 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67e96a7b-af37-4753-b67f-22acb4f3eff1} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 9044 190a1a51e58 tab
3⤵
PID:6880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.26.1534785960\1117815292" -childID 23 -isForBrowser -prefsHandle 5892 -prefMapHandle 8832 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae92eec3-09c8-4cb0-91c5-0e69e3a51fc5} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 9044 190a10dbb58 tab
3⤵
PID:6032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.28.1326128049\1461499555" -childID 25 -isForBrowser -prefsHandle 11296 -prefMapHandle 7696 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd904ea-fd51-47ae-a5cb-d3148a9cc1ed} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 8980 19099923858 tab
3⤵
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.27.1415517374\2036856577" -childID 24 -isForBrowser -prefsHandle 11348 -prefMapHandle 11428 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bbfa1f5-f1dd-4e14-b128-3d9c90cac4fd} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 11360 19099898058 tab
3⤵
PID:1352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.29.424796567\247567810" -childID 26 -isForBrowser -prefsHandle 11600 -prefMapHandle 8936 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c52fcf-a4f6-487b-b412-46c0706c1f4b} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 9096 1909ae3e558 tab
3⤵
PID:6360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.30.2010974140\130867948" -childID 27 -isForBrowser -prefsHandle 11548 -prefMapHandle 5412 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eddc5c5c-916a-40a7-a301-119c5a26b8c5} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 11268 1909ae3dc58 tab
3⤵
PID:2748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.31.2083918445\1020169103" -childID 28 -isForBrowser -prefsHandle 11144 -prefMapHandle 6716 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a14e9fb3-6434-49d6-96f4-588fee36fb84} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7696 1909ae3d958 tab
3⤵
PID:3320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.32.1533133179\1845106377" -childID 29 -isForBrowser -prefsHandle 9128 -prefMapHandle 9104 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c519fc73-1c69-4da6-a177-2176372bf795} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 10820 1909e5ac058 tab
3⤵
PID:5380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.33.1088549154\1851017801" -childID 30 -isForBrowser -prefsHandle 8556 -prefMapHandle 8560 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3ef7e19-ab12-4ac1-ada6-11cfd2c7eef2} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 7600 190952b4e58 tab
3⤵
PID:7160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.35.879009348\1552830968" -childID 32 -isForBrowser -prefsHandle 8660 -prefMapHandle 8672 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba7b3576-b539-46e0-90ba-92ddea7bc46b} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 8648 190a030ed58 tab
3⤵
PID:4792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.34.767289841\1134222986" -childID 31 -isForBrowser -prefsHandle 11812 -prefMapHandle 11480 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a29988b-1e32-4d4a-9fa0-d772dce067ee} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 8600 190a0310b58 tab
3⤵
PID:5464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.37.845103259\1578182528" -childID 34 -isForBrowser -prefsHandle 11640 -prefMapHandle 9220 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {737c43e7-e984-42b9-aba3-215189b3e595} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 11812 190a077d058 tab
3⤵
PID:6640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.36.1712352500\336375705" -childID 33 -isForBrowser -prefsHandle 7388 -prefMapHandle 7280 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9101a715-c3df-4098-aad9-8b7d95edf8c6} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 8692 190a077cd58 tab
3⤵
PID:3616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.38.376326283\1349165149" -childID 35 -isForBrowser -prefsHandle 8468 -prefMapHandle 8472 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {719c130d-4842-46cd-8e9b-64b068a47a67} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 8456 190a21a1e58 tab
3⤵
PID:3136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.39.1242397921\1349551668" -childID 36 -isForBrowser -prefsHandle 8904 -prefMapHandle 8372 -prefsLen 30400 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {192ea5ff-3863-455f-a446-47be48c2fa7a} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 8376 190a2ceaf58 tab
3⤵
PID:6624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.40.57387775\1983097163" -childID 37 -isForBrowser -prefsHandle 4840 -prefMapHandle 9092 -prefsLen 30445 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff3f662a-a932-4ae6-8bf8-04d97fd7a605} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 6960 190a1d83b58 tab
3⤵
PID:4836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.41.1457823429\1357668262" -childID 38 -isForBrowser -prefsHandle 11256 -prefMapHandle 7372 -prefsLen 30445 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a43f410-d394-4085-b480-2c3742962b73} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5104 190a11b2c58 tab
3⤵
PID:3204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.42.1196862584\1395441142" -childID 39 -isForBrowser -prefsHandle 5812 -prefMapHandle 3116 -prefsLen 30445 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b5d3cf-8c00-47e1-8409-2856e28fa01a} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 6992 190a32b1558 tab
3⤵
PID:2100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.43.728720928\559636590" -childID 40 -isForBrowser -prefsHandle 8736 -prefMapHandle 6760 -prefsLen 30445 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90affd3a-e06c-438c-a9da-56d7f74cd18d} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 11260 190a3988e58 tab
3⤵
PID:4896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.44.287778650\1683854628" -childID 41 -isForBrowser -prefsHandle 2860 -prefMapHandle 4280 -prefsLen 30445 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b713af-b2d4-4ee2-863d-22733e23ced2} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 5812 190a0c06b58 tab
3⤵
PID:6676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1304.45.1027799909\647134066" -childID 42 -isForBrowser -prefsHandle 9080 -prefMapHandle 8924 -prefsLen 30445 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4c9e75e-77af-480d-b9a1-592924cf6f33} 1304 "\\.\pipe\gecko-crash-server-pipe.1304" 8492 1909ddf3e58 tab
3⤵
PID:6264

C:\Users\Admin\Downloads\api-monitor-v2r13-setup-x64.exe
"C:\Users\Admin\Downloads\api-monitor-v2r13-setup-x64.exe"
3⤵
PID:1892

C:\Windows\SYSTEM32\MSIEXEC.EXE
MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Downloaded Installations\rohitab.com\API Monitor\{73FD7D14-A6B5-4BA7-B683-767EB61043AC}\API Monitor v2 (Alpha).msi" SETUPEXEDIR="C:\Users\Admin\Downloads" SETUPEXENAME="api-monitor-v2r13-setup-x64.exe"
4⤵
- Blocklisted process makes network request
- Enumerates connected drives
PID:5660

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Checks processor information in registry
PID:744

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5580

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5580" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6744

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x36c,0x370,0x374,0x348,0x378,0x7ffac5faf070,0x7ffac5faf080,0x7ffac5faf090
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5220

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1668,9047609216860593413,16833241583348192270,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1696 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1816

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,9047609216860593413,16833241583348192270,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2180 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:5896

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1668,9047609216860593413,16833241583348192270,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2500 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4928

C:\Program Files (x86)\Steam\steamerrorreporter64.exe
C:\Program Files (x86)\Steam\steamerrorreporter64.exe -pid=6744
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5576

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1668,9047609216860593413,16833241583348192270,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2996 /prefetch:2
4⤵
- Executes dropped EXE
PID:2568

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:1428

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
PID:6872

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:5584

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
PID:7132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x514
1⤵
PID:5532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3044

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\tool.rar"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51.zip"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:7052

C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51\release\x32\x32dbg.exe
"C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51\release\x32\x32dbg.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\Desktop\tool\1d381bb52634f826.exe
"C:\Users\Admin\Desktop\tool\1d381bb52634f826.exe"
2⤵
- Executes dropped EXE
PID:2020

C:\Users\Admin\Desktop\tool\1d381bb52634f826.exe
"C:\Users\Admin\Desktop\tool\1d381bb52634f826.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4108

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 5580
3⤵
PID:2684

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 5580
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5884

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:5376

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 5904
3⤵
PID:5188

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 5904
4⤵
- Kills process with taskkill
PID:532

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:4232

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 7148
3⤵
PID:1028

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 7148
4⤵
- Kills process with taskkill
PID:3252

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 7148
3⤵
PID:5796

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 7148
4⤵
- Kills process with taskkill
PID:4368

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:7000

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 5584
3⤵
PID:4512

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 5584
4⤵
- Kills process with taskkill
PID:1696

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:2652

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 4016
3⤵
PID:6592

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 4016
4⤵
- Kills process with taskkill
PID:5636

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:688

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:5084

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 5124
3⤵
PID:6116

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 5124
4⤵
- Kills process with taskkill
PID:3380

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:4452

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 5820
3⤵
PID:5540

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 5820
4⤵
- Kills process with taskkill
PID:5756

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:5284

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 5844
3⤵
PID:3512

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 5844
4⤵
- Kills process with taskkill
PID:1840

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:6140

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 6020
3⤵
PID:5756

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 6020
4⤵
- Kills process with taskkill
PID:4712

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:6336

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 6544
3⤵
PID:6732

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 6544
4⤵
- Kills process with taskkill
PID:3380

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:5828

C:\Users\Admin\Desktop\tool\1d381bb52634f826.exe
"C:\Users\Admin\Desktop\tool\1d381bb52634f826.exe"
2⤵
PID:6012

C:\Windows\SysWOW64\cmd.exe
cmd /c taskkill /f /pid 2636
3⤵
PID:3288

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 2636
4⤵
- Kills process with taskkill
PID:1360

C:\Windows\SysWOW64\explorer.exe
explorer /root,"c:\program files (x86)\steam\steam.exe"
3⤵
PID:4900

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\tool\acc.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7048

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5904

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5904" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5100

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x370,0x374,0x378,0x340,0x37c,0x7ffac5faf070,0x7ffac5faf080,0x7ffac5faf090
4⤵
- Executes dropped EXE
PID:5088

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1656,1068229429072152186,9445047846348714269,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1664 /prefetch:2
4⤵
- Executes dropped EXE
PID:4984

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,1068229429072152186,9445047846348714269,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2200 /prefetch:8
4⤵
- Executes dropped EXE
PID:5212

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1656,1068229429072152186,9445047846348714269,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2488 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:5168

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1656,1068229429072152186,9445047846348714269,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:6508

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1656,1068229429072152186,9445047846348714269,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3672 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:6504

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1656,1068229429072152186,9445047846348714269,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3328 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:5092

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:5648

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
PID:380

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:4016

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
PID:6016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2376

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4420

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7148

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=7148" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
PID:4976

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffac5faf070,0x7ffac5faf080,0x7ffac5faf090
4⤵
- Executes dropped EXE
PID:1044

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1648,9694368002902852722,13870600657239035216,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1656 /prefetch:2
4⤵
- Executes dropped EXE
PID:6840

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,9694368002902852722,13870600657239035216,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2188 /prefetch:8
4⤵
- Executes dropped EXE
PID:5632

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,9694368002902852722,13870600657239035216,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2476 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:6408

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,9694368002902852722,13870600657239035216,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3624 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:4424

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,9694368002902852722,13870600657239035216,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3856 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:5676

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,9694368002902852722,13870600657239035216,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3740 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:2828

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,9694368002902852722,13870600657239035216,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4060 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:6836

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:6688

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
PID:6232

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:4016

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7064

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4480

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5584

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5584" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
PID:5088

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffac5faf070,0x7ffac5faf080,0x7ffac5faf090
4⤵
- Executes dropped EXE
PID:6836

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1680 /prefetch:2
4⤵
- Executes dropped EXE
PID:6832

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2072 /prefetch:8
4⤵
- Executes dropped EXE
PID:6264

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2516 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:5840

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3524 /prefetch:1
4⤵
- Executes dropped EXE
PID:1160

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3756 /prefetch:1
4⤵
- Executes dropped EXE
PID:6196

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3872 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:5784

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:6932

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1696,16466839290243750659,5371946700626112648,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3816 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:1252

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
- Executes dropped EXE
PID:1356

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
- Executes dropped EXE
PID:6176

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
- Executes dropped EXE
PID:6260

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
- Executes dropped EXE
PID:980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1400

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4016

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=4016" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:7112

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffac5faf070,0x7ffac5faf080,0x7ffac5faf090
4⤵
PID:6812

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1648,8553428995522084840,4044190794082434379,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1656 /prefetch:2
4⤵
PID:2080

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,8553428995522084840,4044190794082434379,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2188 /prefetch:8
4⤵
PID:2636

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,8553428995522084840,4044190794082434379,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2468 /prefetch:1
4⤵
- Checks computer location settings
PID:6240

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,8553428995522084840,4044190794082434379,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3612 /prefetch:1
4⤵
- Checks computer location settings
PID:5936

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,8553428995522084840,4044190794082434379,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3404 /prefetch:1
4⤵
- Checks computer location settings
PID:5360

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,8553428995522084840,4044190794082434379,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3864 /prefetch:1
4⤵
- Checks computer location settings
PID:6980

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,8553428995522084840,4044190794082434379,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 /prefetch:1
4⤵
- Checks computer location settings
PID:6496

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:1648

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:6840

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:5472

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6488

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4628

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2764" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:1512

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x360,0x364,0x368,0x33c,0x36c,0x7ffac5faf070,0x7ffac5faf080,0x7ffac5faf090
4⤵
PID:4252

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1668,528591784335826702,15843370479626899756,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1716 /prefetch:2
4⤵
PID:5860

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,528591784335826702,15843370479626899756,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2200 /prefetch:8
4⤵
PID:6548

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1668,528591784335826702,15843370479626899756,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2504 /prefetch:1
4⤵
- Checks computer location settings
PID:2060

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:6072

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:4768

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:3780

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:1916

C:\Program Files (x86)\Steam\steamerrorreporter.exe
C:\Program Files (x86)\Steam\steam
3⤵
PID:6100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6952

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\ProcessMonitor.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:6252

C:\Users\Admin\Desktop\ProcessMonitor\Procmon.exe
"C:\Users\Admin\Desktop\ProcessMonitor\Procmon.exe"
1⤵
- Checks computer location settings
PID:688

C:\Users\Admin\AppData\Local\Temp\Procmon64.exe
"C:\Users\Admin\AppData\Local\Temp\Procmon64.exe" /originalpath "C:\Users\Admin\Desktop\ProcessMonitor\Procmon.exe"
2⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
PID:4524

C:\Users\Admin\Desktop\ProcessMonitor\Procmon.exe
"C:\Users\Admin\Desktop\ProcessMonitor\Procmon.exe"
1⤵
- Checks computer location settings
PID:7124

C:\Users\Admin\AppData\Local\Temp\Procmon64.exe
"C:\Users\Admin\AppData\Local\Temp\Procmon64.exe" /originalpath "C:\Users\Admin\Desktop\ProcessMonitor\Procmon.exe"
2⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
PID:4068

C:\Users\Admin\Desktop\ProcessMonitor\Procmon64.exe
"C:\Users\Admin\Desktop\ProcessMonitor\Procmon64.exe"
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
PID:3800

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:4236

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4F3A5A51B001A145A1476AD18DE7AF60 C
2⤵
PID:6968

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1B1BAB0B88DBEA75B7B58DBC3D375723
2⤵
PID:5496

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B560A4287AB231F0DD82219B1AA236C7 E Global\MSI0000
2⤵
PID:6652

C:\Program Files\rohitab.com\API Monitor\apimonitor-x86.exe
"C:\Program Files\rohitab.com\API Monitor\apimonitor-x86.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6996

C:\Program Files\rohitab.com\API Monitor\apimonitor-x64.exe
"C:\Program Files\rohitab.com\API Monitor\apimonitor-x64.exe" /psn
2⤵
PID:5704

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5384

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5124

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5124" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3124

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffac5faf070,0x7ffac5faf080,0x7ffac5faf090
4⤵
PID:5112

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1648,2673213031976475063,1984569626320798957,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1664 /prefetch:2
4⤵
PID:6996

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,2673213031976475063,1984569626320798957,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2188 /prefetch:8
4⤵
PID:6724

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,2673213031976475063,1984569626320798957,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2508 /prefetch:1
4⤵
- Checks computer location settings
PID:6060

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,2673213031976475063,1984569626320798957,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3640 /prefetch:1
4⤵
PID:844

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,2673213031976475063,1984569626320798957,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3348 /prefetch:1
4⤵
- Checks computer location settings
PID:6092

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,2673213031976475063,1984569626320798957,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3384 /prefetch:1
4⤵
- Checks computer location settings
PID:6476

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1648,2673213031976475063,1984569626320798957,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3420 /prefetch:1
4⤵
- Checks computer location settings
PID:2636

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:4404

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:5496

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:4972

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5244

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6220

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5820

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5820" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:1012

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x368,0x36c,0x370,0x340,0x374,0x7ffac61ff070,0x7ffac61ff080,0x7ffac61ff090
4⤵
PID:4676

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1660,8427859089088647806,534988328333204052,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1672 /prefetch:2
4⤵
PID:6544

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,8427859089088647806,534988328333204052,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2204 /prefetch:8
4⤵
PID:6348

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1660,8427859089088647806,534988328333204052,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2496 /prefetch:1
4⤵
- Checks computer location settings
PID:5712

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1660,8427859089088647806,534988328333204052,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3628 /prefetch:1
4⤵
PID:5376

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1660,8427859089088647806,534988328333204052,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3852 /prefetch:1
4⤵
- Checks computer location settings
PID:6492

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1660,8427859089088647806,534988328333204052,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3836 /prefetch:1
4⤵
- Checks computer location settings
PID:5000

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1660,8427859089088647806,534988328333204052,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3376 /prefetch:1
4⤵
- Checks computer location settings
PID:1548

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:5248

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:5704

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:4516

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6336

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1360

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5844

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5844" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:6240

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x360,0x364,0x368,0x33c,0x36c,0x7ffac61ff070,0x7ffac61ff080,0x7ffac61ff090
4⤵
PID:3612

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1640,1859174393558003104,13579505897740995217,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1688 /prefetch:2
4⤵
PID:2088

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,1859174393558003104,13579505897740995217,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2208 /prefetch:8
4⤵
PID:6740

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,1859174393558003104,13579505897740995217,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2476 /prefetch:1
4⤵
- Checks computer location settings
PID:7076

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,1859174393558003104,13579505897740995217,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3576 /prefetch:1
4⤵
PID:4076

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,1859174393558003104,13579505897740995217,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3224 /prefetch:1
4⤵
PID:4236

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,1859174393558003104,13579505897740995217,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3336 /prefetch:1
4⤵
- Checks computer location settings
PID:1740

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,1859174393558003104,13579505897740995217,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3588 /prefetch:1
4⤵
- Checks computer location settings
PID:1512

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:6044

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:5480

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:5656

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6476

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:6020

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6020" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4516

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x36c,0x370,0x374,0x348,0x378,0x7ffac61ff070,0x7ffac61ff080,0x7ffac61ff090
4⤵
PID:1584

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1668,1563723222808327806,13902137572299644636,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1692 /prefetch:2
4⤵
PID:3500

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,1563723222808327806,13902137572299644636,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2208 /prefetch:8
4⤵
PID:4852

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1668,1563723222808327806,13902137572299644636,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2516 /prefetch:1
4⤵
- Checks computer location settings
PID:2192

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1668,1563723222808327806,13902137572299644636,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3636 /prefetch:1
4⤵
- Checks computer location settings
PID:5764

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1668,1563723222808327806,13902137572299644636,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3412 /prefetch:1
4⤵
- Checks computer location settings
PID:1300

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1668,1563723222808327806,13902137572299644636,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 /prefetch:1
4⤵
- Checks computer location settings
PID:5432

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:6080

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:5440

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:6524

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1116

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:6544

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=6544" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4784

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffac61ff070,0x7ffac61ff080,0x7ffac61ff090
4⤵
PID:3056

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1640,11210845519064457915,12400171217860013557,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1688 /prefetch:2
4⤵
PID:6160

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,11210845519064457915,12400171217860013557,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2188 /prefetch:8
4⤵
PID:4420

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,11210845519064457915,12400171217860013557,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2504 /prefetch:1
4⤵
- Checks computer location settings
PID:5184

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,11210845519064457915,12400171217860013557,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3628 /prefetch:1
4⤵
- Checks computer location settings
PID:892

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,11210845519064457915,12400171217860013557,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3828 /prefetch:1
4⤵
- Checks computer location settings
PID:2072

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,11210845519064457915,12400171217860013557,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3612 /prefetch:1
4⤵
- Checks computer location settings
PID:2204

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1640,11210845519064457915,12400171217860013557,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3792 /prefetch:1
4⤵
- Checks computer location settings
PID:2664

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:2704

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:5480

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:1660

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:5476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5268

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5520

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2636

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=2636" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5144

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffac61ff070,0x7ffac61ff080,0x7ffac61ff090
4⤵
PID:3588

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1652 /prefetch:2
4⤵
PID:1252

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2188 /prefetch:8
4⤵
PID:2908

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2488 /prefetch:1
4⤵
- Checks computer location settings
PID:4068

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3588 /prefetch:1
4⤵
- Checks computer location settings
PID:4624

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3620 /prefetch:1
4⤵
- Checks computer location settings
PID:552

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 /prefetch:1
4⤵
- Checks computer location settings
PID:5340

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3020 /prefetch:1
4⤵
- Checks computer location settings
PID:5496

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1644,3211009485107523174,12489207047779449442,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1572 /prefetch:2
4⤵
PID:2308

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:4704

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:6996

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:5492

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:6384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6140

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4380

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
2⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1348

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=zh_CN" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=1348" "-buildid=1686880776" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" --enable-media-stream --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SameSiteByDefaultCookies" "--enable-blink-features=ResizeObserver,Worklet,AudioWorklet" "--disable-blink-features=Badging"
3⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4500

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1686880776 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffac61ff070,0x7ffac61ff080,0x7ffac61ff090
4⤵
PID:2272

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1652 /prefetch:2
4⤵
PID:5180

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --lang=en-US --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2068 /prefetch:8
4⤵
PID:496

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2496 /prefetch:1
4⤵
- Checks computer location settings
PID:7004

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3560 /prefetch:1
4⤵
PID:6932

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3304 /prefetch:1
4⤵
- Checks computer location settings
PID:6900

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3552 /prefetch:1
4⤵
- Checks computer location settings
PID:1224

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-compositing --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-blink-features=Badging --lang=en-US --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --buildid=1686880776 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3096 /prefetch:1
4⤵
- Checks computer location settings
PID:5296

C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1644,9856861509479140232,738875298599511687,131072 --enable-features=CastMediaRouteProvider --disable-features=SameSiteByDefaultCookies --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --buildid=1686880776 --steamid=0 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1676 /prefetch:2
4⤵
PID:780

C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
.\bin\gldriverquery64.exe
3⤵
PID:6140

C:\Program Files (x86)\Steam\bin\gldriverquery.exe
.\bin\gldriverquery.exe
3⤵
PID:5564

C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
.\bin\vulkandriverquery64.exe
3⤵
PID:6400

C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
.\bin\vulkandriverquery.exe
3⤵
PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Change Default File Association

T1042

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e6c79ee.rbs
Filesize
201KB

MD5
11b5a9198234e138c30113041c440745

SHA1
77159d5c6091de1a54f7d81a8ca03915743a2e2d

SHA256
dca42c702ef87fe2ba88039f367124168d365ab9825a2c933a0d712d78f9e52a

SHA512
97331897e4baafd01e84838efc8924b6f64b8ad5ddf25fd0a372208acbe58f263dd157c36c65155aaa80436d3c7b35ee817ce5f86006afc278c23869cee83f0f

Download Submit
C:\Program Files (x86)\Steam\.cef-dev-tools-size.vdf
Filesize
71B

MD5
9679bd7a4e51e384ea428d6eafc1fab2

SHA1
80e36c373d432305c5d23319a0e532934399f731

SHA256
d82fc37374e2668f6569102bd2ed13b8d21ebad019c5d1bf7fb825617d0d32a4

SHA512
06fc8b2a670a8d05dda366d98cf16e34bd78f2a41aa640f908278c9aa13d5a787918b6041762fda89987b80cfdf26e1c92d3c84d12b477ce5708a4a4f7fc5abb

Download Submit
C:\Program Files (x86)\Steam\Steam.exe
Filesize
4.1MB

MD5
b4411620a3551834e4f699cc5a9b27e6

SHA1
5093960cc86613e310d13770b5adef00fe93f3eb

SHA256
3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04

SHA512
47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024

Download Submit
C:\Program Files (x86)\Steam\Steam.exe
Filesize
4.1MB

MD5
b4411620a3551834e4f699cc5a9b27e6

SHA1
5093960cc86613e310d13770b5adef00fe93f3eb

SHA256
3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04

SHA512
47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024

Download Submit
C:\Program Files (x86)\Steam\_config_\config.vdf
Filesize
35KB

MD5
0ac5e09d3a5c32fb9af57e40e4ac1616

SHA1
212039e3e6bc2341efc3e4f2f84af62b9ed66607

SHA256
570356d6a3bf467e6f89ccd025d72699ae9ff63d86b48a7760c82f71a26beed9

SHA512
94c8051230ece94970a515d0c22a8d55d043e123dba25fe6923bd971ed02d65d5daa3eba6be3517b27ab55aa2213703a4154a973dc8eb32f2390a975d84e94b7

Download Submit
C:\Program Files (x86)\Steam\appcache\appinfo.vdf.async1348.tmp
Filesize
1.4MB

MD5
4e68826eb3af344aa0e81789824c405f

SHA1
3bd93ec690dfd85020ec0a38d781f23fdd7d8d9e

SHA256
8dc6316be3b7068c1d17bf726ede3f6103cb7be6ed385d16253d8ef56f13d099

SHA512
4eb3eb7b9cda370b77ca96841626e60f9cc3f8f315d9c8de1d6466e5fcaa9aba1873e90f56cd0d3f684b9772ae74fa0f08e4181782a7e9bfc694a3db0511357f

Download Submit
C:\Program Files (x86)\Steam\appcache\localization.vdf
Filesize
4KB

MD5
fdf5ce560a6214434b20098da1c4915b

SHA1
5722da1ce7a8e7a97b8cc7a9555295e61744d10e

SHA256
821bbcb880eaf1979f1ca695cbbd8ec290feb1db54cfc822a8db74e1b87caa12

SHA512
f9dc0a546fa92ef058f374e720cc874fc0dd4755b9473d546105e6f7b3223dbdbade24cf9031e3b8c3587f3c5e22c7a2ff656e21b0351b3e40073b236f728ea5

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe
Filesize
2.7MB

MD5
2de3f7cf6020b3bb6bc4199459a63016

SHA1
8a30e5e333a353eb069ab961a4c1918fcbb44623

SHA256
f649f4a1d41cd442d5e3f079b1677442a2123eb494bda58ef866870b25915d7e

SHA512
5d1e016c731dd1bfaaf24fde9da4f453f71773a71db956290809eb82064fa0307874cd412be6ad98c4fdbb36e94cd8ae7aa27341aaa1f9f3f9e696afe0cca56e

Download Submit
C:\Program Files (x86)\Steam\bin\audio.dll
Filesize
178KB

MD5
016962e4d00c8b61a59bff3b1741d089

SHA1
7cc61aae2eeeb840e7d031d079528b64c1676062

SHA256
f1522155789762ef175b15d2cd55f3ad2504ad27aa61b647a7a1b3eff0cb3db5

SHA512
2ec5bdeb27098e3bef040811afdc0ea0961fe1fd066aa1afb02ddbca75c1d66cd6464de787510828964dcec626a563b4ad50ffa4cc31d121d9c6f2e00f1d60a3

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-1-0.dll
Filesize
11KB

MD5
07ebe4d5cef3301ccf07430f4c3e32d8

SHA1
3b878b2b2720915773f16dba6d493dab0680ac5f

SHA256
8f8b79150e850acc92fd6aab614f6e3759bea875134a62087d5dd65581e3001f

SHA512
6c7e4df62ebae9934b698f231cf51f54743cf3303cd758573d00f872b8ecc2af1f556b094503aae91100189c0d0a93eaf1b7cafec677f384a1d7b4fda2eee598

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-console-l1-2-0.dll
Filesize
11KB

MD5
57193bfbccefe3d5df8c1a0d27c4e8d4

SHA1
747f1d3841a9175826439d37e2387a4cf920641c

SHA256
f5025e74de2c1c6ea74e475b57771ac32205e6f1fa6a0390298bbe1f4049ac5d

SHA512
68ad2750e0282fb3ae8d40ac7e22dda43b2073342bb160c20d81d61c69b08a6e766756b432c71cc65e99cdafb70152d53563f0b02708fff84dc3e9f376d51c99

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-datetime-l1-1-0.dll
Filesize
11KB

MD5
557405c47613de66b111d0e2b01f2fdb

SHA1
de116ed5de1ffaa900732709e5e4eef921ead63c

SHA256
913eaaa7997a6aee53574cffb83f9c9c1700b1d8b46744a5e12d76a1e53376fd

SHA512
c2b326f555b2b7acb7849402ac85922880105857c616ef98f7fb4bbbdc2cd7f2af010f4a747875646fcc272ab8aa4ce290b6e09a9896ce1587e638502bd4befb

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-debug-l1-1-0.dll
Filesize
11KB

MD5
624401f31a706b1ae2245eb19264dc7f

SHA1
8d9def3750c18ddfc044d5568e3406d5d0fb9285

SHA256
58a8d69df60ecbee776cd9a74b2a32b14bf2b0bd92d527ec5f19502a0d3eb8e9

SHA512
3353734b556d6eebc57734827450ce3b34d010e0c033e95a6e60800c0fda79a1958ebf9053f12054026525d95d24eec541633186f00f162475cec19f07a0d817

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
11KB

MD5
2db5666d3600a4abce86be0099c6b881

SHA1
63d5dda4cec0076884bc678c691bdd2a4fa1d906

SHA256
46079c0a1b660fc187aafd760707f369d0b60d424d878c57685545a3fce95819

SHA512
7c6e1e022db4217a85a4012c8e4daee0a0f987e4fba8a4c952424ef28e250bac38b088c242d72b4641157b7cc882161aefa177765a2e23afcdc627188a084345

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-1-0.dll
Filesize
14KB

MD5
0f7d418c05128246afa335a1fb400cb9

SHA1
f6313e371ed5a1dffe35815cc5d25981184d0368

SHA256
5c9bc70586ad538b0df1fcf5d6f1f3527450ae16935aa34bd7eb494b4f1b2db9

SHA512
7555d9d3311c8622df6782748c2186a3738c4807fc58df2f75e539729fc4069db23739f391950303f12e0d25df9f065b4c52e13b2ebb6d417ca4c12cfdeca631

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
5a72a803df2b425d5aaff21f0f064011

SHA1
4b31963d981c07a7ab2a0d1a706067c539c55ec5

SHA256
629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086

SHA512
bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
721b60b85094851c06d572f0bd5d88cd

SHA1
4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7

SHA256
dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf

SHA512
430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-handle-l1-1-0.dll
Filesize
11KB

MD5
d1df480505f2d23c0b5c53df2e0e2a1a

SHA1
207db9568afd273e864b05c87282987e7e81d0ba

SHA256
0b3dfb8554ead94d5da7859a12db353942406f9d1dfe3fac3d48663c233ea99d

SHA512
f14239420f5dd84a15ff5fca2fad81d0aa9280c566fa581122a018e10ebdf308ac0bf1d3fcfc08634c1058c395c767130c5abca55540295c68df24ffd931ca0a

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-heap-l1-1-0.dll
Filesize
11KB

MD5
73433ebfc9a47ed16ea544ddd308eaf8

SHA1
ac1da1378dd79762c6619c9a63fd1ebe4d360c6f

SHA256
c43075b1d2386a8a262de628c93a65350e52eae82582b27f879708364b978e29

SHA512
1c28cc0d3d02d4c308a86e9d0bc2da88333dfa8c92305ec706f3e389f7bb6d15053040afd1c4f0aa3383f3549495343a537d09fe882db6ed12b7507115e5a263

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\api-ms-win-core-interlocked-l1-1-0.dll
Filesize
11KB

MD5
7c7b61ffa29209b13d2506418746780b

SHA1
08f3a819b5229734d98d58291be4bfa0bec8f761

SHA256
c23fe8d5c3ca89189d11ec8df983cc144d168cb54d9eab5d9532767bcb2f1fa3

SHA512
6e5e3485d980e7e2824665cbfe4f1619b3e61ce3bcbf103979532e2b1c3d22c89f65bcfbddbb5fe88cddd096f8fd72d498e8ee35c3c2307bacecc6debbc1c97f

Download Submit
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\crash_reporter.cfg
Filesize
362B

MD5
49ebf9886830ad965e12c3c5f017baed

SHA1
ef4bdf8dee495ecbcc9dd08cc4fec0d4ac2da579

SHA256
70be1b7eebfc2d95b5c58014178a692392f377086d5b9e1d531e7354279d48e6

SHA512
04b0a99a287b1874c48b04fa3b56b6c5e23f101e6d584046f1f7eeffcf80875a1abac30b4780996e95fe400765c5f174e913c88f82e34dbe6c87578a31d1a98c

Download Submit
C:\Program Files (x86)\Steam\bin\steamservice.exe
Filesize
2.7MB

MD5
2de3f7cf6020b3bb6bc4199459a63016

SHA1
8a30e5e333a353eb069ab961a4c1918fcbb44623

SHA256
f649f4a1d41cd442d5e3f079b1677442a2123eb494bda58ef866870b25915d7e

SHA512
5d1e016c731dd1bfaaf24fde9da4f453f71773a71db956290809eb82064fa0307874cd412be6ad98c4fdbb36e94cd8ae7aa27341aaa1f9f3f9e696afe0cca56e

Download Submit
C:\Program Files (x86)\Steam\config\avatarcache\76561198968553327.png
Filesize
48KB

MD5
df5663d4ae85488193071820f2718b08

SHA1
2ba1936ea940939349f55a825109f0f678a2618b

SHA256
0b6d3a9d815591ad6d2350f5e79f8eabcc23d33bd41e33273b5f2657d602fdd1

SHA512
e32e0f3e3b37627a9fcbaf08547e2db18dd88bd939e668254c34c44c700f1bedbfe537b0106104de7aa0677c4731f4251a15a6e5d3d853c2a86de3215100d1df

Download Submit
C:\Program Files (x86)\Steam\config\config.vdf.async5844.tmp
Filesize
35KB

MD5
52b20fb2240caab8e48dbf0c037cb676

SHA1
26210cee9203d91281c5c6beeb177bbbf20bc8b0

SHA256
f4b9d5b3045c18b60b7be9c15a9d1240f02fc36a06560bfb917567b48fcdbe66

SHA512
bc062929be2857b9689d891bb44d5fa1420a01cbd80bc51bb8d6635bb8394c4e0b45371a622cb89baf094ebf4c04e25c70f272967ce3baf574a5c209bcbd2e89

Download Submit
C:\Program Files (x86)\Steam\config\steamapps.vrmanifest
Filesize
47B

MD5
8dddbd4ebcf391576016a88f4d8e1520

SHA1
875573003391b113fcf8e11fede71424618a44a1

SHA256
86af15e416cd4bd82d8f2b9a7a945dc7c4aa5882c1afc4e26a7f9b9e5a9d02c4

SHA512
99c6ba91e23e05d21c467f0314029c44db83bb1edadb6866096d03fba93782c2bee819696fc0f6a2523ece78d2324f7442800f55f439c8644ffac51a7f124852

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll
Filesize
367KB

MD5
e53fe677e423d2634afa2499f9de893d

SHA1
ac3bc67443015cb399653bb9b632bb2153508635

SHA256
5844ff24211b5a19f66eba92a77e031ecb3c6368086c1d7bd7bab7da300291c0

SHA512
fcf79d8da93fb61d0d59b80a3b9a7adf6c3e2763e68de0f1f31fbbf29139d9d6ba358af92472c41a788e5898cb24c6384015362bd3c9f93c5ebf87582285293d

Download Submit
C:\Program Files (x86)\Steam\crashhandler.dll
Filesize
367KB

MD5
e53fe677e423d2634afa2499f9de893d

SHA1
ac3bc67443015cb399653bb9b632bb2153508635

SHA256
5844ff24211b5a19f66eba92a77e031ecb3c6368086c1d7bd7bab7da300291c0

SHA512
fcf79d8da93fb61d0d59b80a3b9a7adf6c3e2763e68de0f1f31fbbf29139d9d6ba358af92472c41a788e5898cb24c6384015362bd3c9f93c5ebf87582285293d

Download Submit
C:\Program Files (x86)\Steam\dumps\settings.dat
Filesize
56B

MD5
25968d125ae9aa6681bd0fe5a9f0766e

SHA1
bad06eb3e91d86ee296b0ed96a2742cc71b0b1db

SHA256
2f2c4b8c1cd19feea1b768047611db9e1e2ed6b4b815be0280c410a04f09225b

SHA512
4d8f9e69ff819264e3232a69f71a283250546f9f765d6d89d462144fb3045a7573bf2f30d3e1265114804184c4be49463cade1436e40594759263b719cdb682c

Download Submit
C:\Program Files (x86)\Steam\logs\bootstrap_log.txt
Filesize
13KB

MD5
a40592045ccc5510397df7142ba7d4a1

SHA1
617554db3716b339050753a97bc6eda7ff24929c

SHA256
b659d5545499022e44103bf5851246d8bddaee1400cad28a05724d8311c9a2ce

SHA512
6a0fe3cbc144e5a7f62b44154337506246868b07553259f703403b2b454c2b398eed14579c02526904e645635876f4fef6a0d5ba9bd9713b96e681b5e92153a8

Download Submit
C:\Program Files (x86)\Steam\logs\webhelper.txt
Filesize
115KB

MD5
99faba6e277c08eb3c1339273bd24009

SHA1
643a91de58d97dd882fd482ba1b3c07fe8e01e26

SHA256
6397ef0532e6be3d8adb8fcbfe173faf69ab7ac13da01683864cecd351770844

SHA512
fc63129a33b7f7d4c4b3fb740849dac7b19a1b1214b966d42b072cf7818df42d0676d926b15d54d0ec57cc7e95ccd6cd2101bd06f6f49b89c60bed3f7231356c

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_metrics.bin
Filesize
4KB

MD5
af712d644cdd40f4843e3632cf14fa0a

SHA1
2b83f625d54b274bf99cb5e7541d1b808404f9d1

SHA256
b5e40e6eee9ed44f9cdf6e632a435901c683b711fd980676f9092c5fca45d53f

SHA512
a458f0f92290ff8509e6c9a8f56f5a2df02d681d5f58a112a47a270ed22f55d0776a6c48eebe64a9896b4b46be243d48a747ecdd30557454008048f1f9b80dd9

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.installed
Filesize
664KB

MD5
805feab85c8c6b61c5ac1feb6fc6c7eb

SHA1
e1553ba076ffa82f5edcba3c746f3036d28120be

SHA256
92b2986c4301cdf5d7d1d2833f6cb378dc082d039f6adf1785e99192cd52c953

SHA512
daf62f034a9c846d834c7bac80b515aa6324342acddd303d44c5a4ed76176f0463d983373e0bea630f288066b433e265156ce598949a2f0a5d1f58f37fd6a264

Download Submit
C:\Program Files (x86)\Steam\package\steam_client_win32.manifest
Filesize
12KB

MD5
ffd2c27841ade36cc9a80cb8af493016

SHA1
fc8f8fea2aff1bd9057fd629cac4030306fab186

SHA256
56e5da68f320ae0867283379f62e0c02801fb3ae72e0c10793c27ccc5889fb2b

SHA512
761dd3cdf083c726859c616edfa475729c851413b1b7fcd93a9561019752d11de48497393c01ad6ac02df0a390b8d826e48074d8646e5658f98afcd7b8baebe1

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_forward@2x.tga_
Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_
Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_
Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\textinput\drop06.tga_
Filesize
244KB

MD5
c7afc24e396da59a4ef402ddd2ccbceb

SHA1
dafbca40f8420fdf6c426fa6a3f0f6a43fb493d9

SHA256
996cd2d01542cec922c384708dcbfc8aee8773333ebda9a398f0236675f129b1

SHA512
013ff1f14b8c7214c88e42cf5d270324f4bbac6bf6b5eafa7dadf8d658c0eaa97a52f326df62867dab7926e8edbcb5bac89a0e675c57de5558f78b1bce313ef2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt
Filesize
4KB

MD5
8ebd46495dd3b4ab05431c5c771d5657

SHA1
e426214322a729faddb5bc80053af5750c76683b

SHA256
70c39d5d5b16640165de19cee80da4a391035108cbc5f5009372a86954f0fe92

SHA512
53afd923f583eda4db580935a8cdd62413af8e830c04f2c12d15c55e905c114ec11a5e4483660601504c27e9350e9e47c6432f8f699464e11c5050fe846d7dc4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt
Filesize
6KB

MD5
239c03a3dc1c27993da724736d086cef

SHA1
ff88246f8ea3502873dcbdc622378f006c58a2e6

SHA256
b387e2fb971297d3438acca130c53dfdd202ae2ca5b52d6503333734cda4fbfc

SHA512
656922e8f2dec46ef36efba5c85088c47b02e89f62b27559611fcbe6ef85c6cd8462a4532e2d2d7f4faa977ab24f0de6f5f72e3075f8889db9e6e60baa162a32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt
Filesize
4KB

MD5
6def4d3cf1453d5fb69d22fca29892a4

SHA1
09fe62653e55668de75a9fc5b64949ea81eb4991

SHA256
60c29f3c57c44c58daf69be797bfede31967b1ddfc9bb68cb7ddaa0acda67c8c

SHA512
ee4f3f5dd8a8aadde9cff8f8aca8a45fa419c36fd8a4a7d3af9b71e1f7e5d9e1d01c329c70e6da53238822b536e35224e55004bf2e1af4ec17d5b56ccfc58549

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt
Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt
Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
Filesize
4KB

MD5
2fe6613e267857982d7df4368c9827ec

SHA1
d520c7427b283e3ff167b850ab15352e46d328d3

SHA256
2eba5f3f0b0dbcc2cd69c36c220a2355d1ba3cd67b6e25b5846c80e1604bcac0

SHA512
cf2fc8978adf54dce5700eda7d8beb4917c89bf5458131171eab95463e1b3a3315770f4baae07e498e8e36a8478f09e27054ca2d06b4542c86d8459360572be4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt
Filesize
4KB

MD5
2fe6613e267857982d7df4368c9827ec

SHA1
d520c7427b283e3ff167b850ab15352e46d328d3

SHA256
2eba5f3f0b0dbcc2cd69c36c220a2355d1ba3cd67b6e25b5846c80e1604bcac0

SHA512
cf2fc8978adf54dce5700eda7d8beb4917c89bf5458131171eab95463e1b3a3315770f4baae07e498e8e36a8478f09e27054ca2d06b4542c86d8459360572be4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt
Filesize
4KB

MD5
594be5b10d9f551e551cf20eae0e6dfc

SHA1
191c20f5cb0c27ecc5a055fa2379694f5e27a610

SHA256
e350ca62e777da4da6d25885be96d48e7ce3acf021a74f2a4902354a1bf03fbb

SHA512
e27bf6593a177c22e16ddf5a44d82b34b02063645a7fd63943b936028d9c433c89628038768a300c296c2d3bcab2ef6b8532a19f7283952d041865c704f62b0b

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt
Filesize
4KB

MD5
da69785dfbf494002f108dd73020183d

SHA1
34bb6061cdf120e7dced0402e588c3f712cf2dc0

SHA256
8cce22e7f13486f2bc612dcc8fa31d81038e6084a350fa10299d40c3a7f878c8

SHA512
db773783b63ed1d66a59272e05304c174b69f85d2838ae8049dffed6b6b30c2011fd9042dd652f9a1733a2b6891870b426cf1985d41921e5360c9b1ae1330e20

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt
Filesize
4KB

MD5
395286db3e67a59868e2662c326c541a

SHA1
716014d76622612a1bde2d4e1744d024f6d0b830

SHA256
02e48ee4e10354a2b2741d2e57ef565404753779f847906b5ae5c98ede06c01b

SHA512
64cdf1e6701ea57474051e338eee74859fc0ff4acd71ee0718a9b8cd698e94a9793c1901b6791fc0fc268c53fbc1e7e2f94ac1024f3f8765bf713954c194b0fe

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt
Filesize
6KB

MD5
b9e30df8cf272813b121133fcf259752

SHA1
16706f982f16d5feb9c808f94b8cfa50c23f5d80

SHA256
88919d7be26fb3e06401fc0254733d92fd743ecc56da4177b41613e1f094c3e8

SHA512
7beb65c0477b02742741a8ce23557f4f15e8cf1b1ef03a6bbadbf594bdf2cd686d7356d93719111d27b309a10ca75846765a13bb3eb4d0411785dfb13a675fc4

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt
Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt
Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt
Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_korean.txt
Filesize
4KB

MD5
d75580775d67a85353189736222a8878

SHA1
ccb2275c8f5d119640064fd533ca15f30d93f331

SHA256
10720923c1048502c5191d6d1d8580e35e707b24d457941dae94a87371af989a

SHA512
757dd94a1e3debb2520855a3d00e44e3a98b5764caf9c16c8d088fc1a1f1024eed742f1051635721f4bf2c00d1dac11fd975c09a7f5df78d1863de88f9bbf9fe

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt
Filesize
4KB

MD5
d75580775d67a85353189736222a8878

SHA1
ccb2275c8f5d119640064fd533ca15f30d93f331

SHA256
10720923c1048502c5191d6d1d8580e35e707b24d457941dae94a87371af989a

SHA512
757dd94a1e3debb2520855a3d00e44e3a98b5764caf9c16c8d088fc1a1f1024eed742f1051635721f4bf2c00d1dac11fd975c09a7f5df78d1863de88f9bbf9fe

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt
Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt
Filesize
4KB

MD5
5462f47e56b978659ef56f196db013f4

SHA1
4749824d4e909369f59217d4980963ff17353f3f

SHA256
cbfbe91d4a4661df814ea447c03f4ca872ef3e27073a1eb746faccbfe75afc8a

SHA512
5a437968fc06619cf553ced32dba9c7c948f4364f02c8017986e9a4f09e9832b849c7e0567485ca1beba34a258d29b2612ea3ed6045c81777e9a5201139f81a3

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt
Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt
Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt
Filesize
4KB

MD5
31bd3d4d8de5af4642b21d586d5ee54d

SHA1
552bebb93c71cd8acd72558db1810530909fb276

SHA256
52f256ded29ce22945b5bc0ef7a227189dfa91da69265ec13283a7067c239071

SHA512
cea49fc70b18a1294ec7e564ff7f4d1ff7efeb0db1cf1b088da6adcecc282569380f225e9a150d1666c5c1977ba4de0a5d9d667c72cfb8569a50546b978e9132

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt
Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt
Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt
Filesize
4KB

MD5
e9b8fccdb78bf9d275b79c75b2ff3e7b

SHA1
4b549411ed4db0f0a3699e76531353c226b06a76

SHA256
41ecfe0ffd6043a66a41bf9ea032712f2d1bbc19b434c6c666a107ee379f21e4

SHA512
4ce905a31f3a410712722271abd7e0a9a6c43646b61a321912b4a8e8f6fab68ab69add1d701c501bb069b8ecb65ecaf3bfa9be983933d0234a8c81c24bc6601f

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt
Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txt
Filesize
4KB

MD5
5c7bc92e0d948e3bba3f26f64a22fe7e

SHA1
bd259397a312bee9b8262058c30e0e354eeea93a

SHA256
5e6b0978fe8e2d14905f46e089b06681d6dfe76dd0c1551c168171ac4de75969

SHA512
8a6e18ce3d38a9658172b1871255a9941c572114137e468f130956c73ff13f282a46074a1dda6404dbdbf317ecdaadf01324194b8f8c081f862037784f4946ba

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_thai.txt
Filesize
7KB

MD5
1a537a1d30fba1d3db449a9207b63835

SHA1
ab6903b4c8d6bd3571960b1218714b8d76b1880d

SHA256
49b6b664d50a1ae0c732bcfbbdd1db1812ddccf00bcf5f40200f0e7cff5542ee

SHA512
1215b0d017a6e3ea207edafe8edd500a91a7a971b2f989d8006fa65e475ae32ec00df3e8ec06b4077f64f5b789c536bfb9d8b9945ca0e0731d68e48876bd8459

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_turkish.txt
Filesize
4KB

MD5
29f9a5ab4adfae371bf980b82de2cb57

SHA1
6f7ef52a09b99868dd7230f513630ffe473eddf8

SHA256
711675edb20b3cb70acf6cf75f2eea8e0d87c8ace3e11c8df362b4517427a34f

SHA512
543fe63f791250e05e8fda24fd2ceadebb4c8925e8927de49ae490895c87eed3e61a9ad50237532649f99fe3165836261de215ee3f66ffbfc6d677ddeea7732a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_ukrainian.txt
Filesize
6KB

MD5
cadd7a2f359b22580bdd6281ea23744d

SHA1
e82e790a7561d0908aee8e3b1af97823e147f88b

SHA256
3dd0edfbe68236e668fb308f92fe7c6493dbb05bfca85a48de93588f479ccc99

SHA512
53672dd13e6ccbe96f6d4a61297c595b6d6cba8de92caa51ccf8ab1d8a82eea5a425eab348f295b9ec27de0026ef849d9230f751a46e040be8863923f91b8519

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_vietnamese.txt
Filesize
4KB

MD5
f8a86b74ce3b446e3111d1480b5feaf7

SHA1
af21c55fd6ac99e65db55af9b8f4ffe790c4382c

SHA256
8a049b6126e904dcb9ba5d8af21cc0ab25ca55221cf2cd48eea45504fe23083b

SHA512
70f8009f5940b10b77a6c152c8c73f3dd425fb9ac917014504e8116ef00032888de686271e0262cbe7a55c6e605e837dcfbeb54ece71e49646b1030195fa0845

Download Submit
C:\Program Files (x86)\Steam\resource\layout\accountbutton.layout
Filesize
3KB

MD5
fe4598fedf18d393d3741783a46b353d

SHA1
2893148fac0926cc61b7ac981bb8809f5dd0b011

SHA256
3239f2fd89f86be9e2aadec0f26a3a5784fd648000dfcec8d075787fa8a7b862

SHA512
f1da5f8826cfab36dfaff6579bffa999c68f1d1ca506f9dfabc5b5aa0a481213aaf1747d1d7c7d39dde0c27fd09775c49c45848337265e8d7a598a74fd46aaf5

Download Submit
C:\Program Files (x86)\Steam\resource\layout\accountbutton.layout
Filesize
3KB

MD5
4b070a15e0f4bf428b3a9dddb77d0c72

SHA1
1fd1e0f6ef5914dc6b2f51610bf4a34d28fd9322

SHA256
03e9a5bb072067c922868e3dbba4502740b468fc081628e956b5edbd7caa7afd

SHA512
7250b291316b75ab76ed0694d70ddbe5542b9489c9f9a383ed81d53670a097187cadff1f9a25fbaac6cb393a7a435d0e002b078586f6b778552d21cd7f333c9e

Download Submit
C:\Program Files (x86)\Steam\steam.exe
Filesize
4.1MB

MD5
b4411620a3551834e4f699cc5a9b27e6

SHA1
5093960cc86613e310d13770b5adef00fe93f3eb

SHA256
3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04

SHA512
47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024

Download Submit
C:\Program Files (x86)\Steam\steam.exe
Filesize
4.2MB

MD5
5ec88800b1671d61c30e8601a4ba553e

SHA1
6dadc0bf8ac0c54e848cc0d21ec8d98db6e0e7ba

SHA256
87d0cd59c8e17b9cece911e09e494cefc5d02959d510af08a9e3233ac2f2d58a

SHA512
ddd92481f1d4dfa59a8e829a1df8b220f79b1e6cfacccdadc9227b856855025defdde6a18ea2b79be20aa295b738eb2e4e8237a5ed30f7f016987390b6c8ea79

Download Submit
C:\Program Files (x86)\Steam\steamapps\libraryfolders.vdf.async7148.tmp
Filesize
233B

MD5
f286ed21607f5dc0cd7e2184a775840e

SHA1
195f4f8e741a16bce7b947f81d44b9cda42ac0d3

SHA256
d5d9b68aef7dc6da3c49b0d6bf4888427bbc595cb2fa86201b944a79fd5ca73f

SHA512
e3e1dd79bbf4aadac3a423a6b8b6038312f20596c70a5c724a89a9278b7c3a125ad003c64db9f0e50dfa36efd9df4a26af4ee65b8093060af514e4ceb5557534

Download Submit
C:\Program Files (x86)\Steam\steamui\css\sp.css
Filesize
215KB

MD5
5fe14431844386c4aab7f412d3dc01b1

SHA1
a8a90e7a1cda02107e4abf416f7bb57e4f996dcb

SHA256
6bdc78159be401739cba647f5b61758298e003aec4e4880c242305075d33b363

SHA512
71ef629297f9babfd7f305ad5bf866a6f909e16db34c010408fd5a55ff81e391369cba416b4f1a0979d92949698669cb65ca8bce4ec8f26b82e49f408185c7af

Download Submit
C:\Program Files (x86)\Steam\userdata\1008287599\7\remote\serverbrowser_hist.vdf
Filesize
18KB

MD5
f5141e64dc3f3589da7ff98771d0f630

SHA1
7caefabebb925ad017848f30e2e5f381a7d97130

SHA256
6ee282491cd94325b7964ba7a33e9d9c10dfd7d1bdc48da35c6b6164ded19163

SHA512
b3ef9df030e8eef48673fb935bbc8323ca536b931436964333148eb4437c591765394fb61b6a6af04895d870bdc0b8588f3ea8cf686fdfa2a06a38c54a18f546

Download Submit
C:\Program Files (x86)\Steam\userdata\1008287599\7\remotecache.vdf
Filesize
584B

MD5
a0a808260a4898767eea9d32c57a6aa9

SHA1
5bb3f797d16dc6d44b88cd48e7cc079bc6a3a61f

SHA256
e5310fd629bbecbbfaab8de4a9fb34982bdf1792a34f4da3105f3e6313580a63

SHA512
068aa3337a2eaeeb3f9ea53c9a065cebe03c6d6fb09de1569df80ec51face85bc31dbbc979f3d16b6f286d844c1f56df70979f58f9648fad53fb3b5112df3ec2

Download Submit
C:\Program Files (x86)\Steam\userdata\1008287599\7\remotecache.vdf
Filesize
584B

MD5
c3574dd6cded6ffe0a02262457577531

SHA1
1a36d20fe54cb479bf440529ebdf3d18a2019e19

SHA256
1d59365538fbd3bf109f45008baa680ab2a7dc888f89f0580d51aede9aa8df68

SHA512
881f0d47c25807728f318d8ba2c3a51cf80712106e71b2a13453a6504ab2e902b0d4f726b6d4116e8e81e03882a4e2dfbdadde42c1d48c2102ef756bba01ff6b

Download Submit
C:\Program Files (x86)\Steam\userdata\1008287599\config\licensecache.async5584.tmp
Filesize
1KB

MD5
c2b197118c0ec279df62f88eb1e3ea88

SHA1
b45ea330a165d60a0a0637031d2d1f1bdd381ca6

SHA256
6134a2922fce1905214b8aa5761c84a1a360f0b4fabdb3bdb3cc96d22156fed1

SHA512
d4374ad2c1c30eb46da3e47849a0ba6cf86195a1e5760954373ffdba503499b6febaf3c50977b9f00c1c300125674626d584bd71e98a3a054ad5de7513076081

Download Submit
C:\Program Files (x86)\Steam\userdata\1008287599\config\localconfig.vdf.async5820.tmp
Filesize
15KB

MD5
c9fd263e6b825a23310cdc2de6469a5c

SHA1
7fe667d968aa69584a8c27d85248114502c82116

SHA256
30ccc7a2e4ad4fd7e4a9b6da8790a752239d1f3e6fb35eb4a615a91d0b4fea30

SHA512
6565b7ac7d084c2580e5d5c4095832e8237eceedac2ab6a7a55db79419f60e3bc550e9e7ff75cf02c6580b614512f08d1c033261cb151af6ce7938a78bec01ba

Download Submit
C:\Program Files (x86)\Steam\userdata\1008287599\config\localconfig.vdf.async5904.tmp
Filesize
9KB

MD5
c65b876c3b33457e6b54698b52265191

SHA1
dbd4225a669cb4d84117d8d1307188908fbb9ed8

SHA256
b7a67d591b65c6599d1afed19a3e37c05a76b0f5269c100349bf6fd943b8d33c

SHA512
43cb4a06d7c45d061924df25d512581611d0573a758ddbea9e7f30cb2aa0acfbc757dea09c2dde1c97433c31a2bd3a1848db7d071ceae19c93477a55b2b7fdc9

Download Submit
C:\Program Files (x86)\Steam\userdata\1008287599\config\localconfig.vdf.async6020.tmp
Filesize
15KB

MD5
4a962dc2076f908ed7a64b765931d771

SHA1
6501bb10ceb650d9034f7a602b02b486c38ac034

SHA256
20d1b89cad5e9b9f14a87e963f56cedfddf4aea58598f6de6bc653e137ecfd5c

SHA512
ea7f93d65b656959119e3007cdc030bb19588db8a606dbadf4e5c7e208403b171e221fdddd0973a296e828cddde10d0eb6cc98882f1435e80cdf9fcb51ecd8f0

Download Submit
C:\Program Files (x86)\Steam\winhttp.dll
Filesize
89KB

MD5
b09400e86790cbb161e9eb50779d7c69

SHA1
07497ceba59a4da048a1dc3ee1106f7f8775433f

SHA256
078eb69629d8310e7f8a1e4e9f7cf4564041250d07250e628f2a2fca753018f4

SHA512
834276049ec33c0eed6fc2452fa5401cdfadcc95bc00de5ee019766d8da5f4d20b849c36ed5e40e04f91c23679d5f0ea55b7463be75be53faa4bb2a03b94f6fe

Download Submit
C:\Program Files\WinRAR\Uninstall.exe
Filesize
437KB

MD5
36297a3a577f3dcc095c11e5d76ede24

SHA1
ace587f83fb852d3cc9509386d7682f11235b797

SHA256
f7070f4bb071cd497bf3067291657a9a23aab1ca9d0ab3f94721ef13139ce11b

SHA512
f7a3937f9ffb5ebaac95bddc4163436decdd6512f33675e3709227a1a7762588a071143140ed6bb2a143b006931e5c8b49486647800f0de2e5c355e480f57631

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rohitab.com\API Monitor v2\API Monitor v2 (Alpha) 32-bit.lnk
Filesize
2KB

MD5
4fd50a7b82faa3845cd38b522917d925

SHA1
722931cfd648909d9b9f3ada31f75367d8bad027

SHA256
8a59ed4e6e1335a9a4c5f93faa4346e4cc4a130a2c2663826449ff95f486ec24

SHA512
e1ed2db397cc18dd80da90794c2afa616325cd67050f82287081b592fb57b82741c930c8ef2ebcf6b8573a2021259d0925f3f1278b65053efe1f2c8488dab10f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rohitab.com\API Monitor v2\API Monitor v2 (Alpha) 32-bit.lnk~RFe6c9d43.TMP
Filesize
2KB

MD5
c37b6d8f9ca16c9f6e186949defad8b8

SHA1
bf690e3cb237cbeea026e3c3d0343cd427a936c7

SHA256
700d71a7feba8887c0a32f6313b769cbfcdbd0e5793625b0a1e20adb68b1859a

SHA512
ae97767fd05bdb8839dcf95cf420688728ecf31eb261980b611f4feab3ce401a076ee3decea021b0ee54879577d3a27a8043cffa237349127a762cf80f6b76f2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rohitab.com\API Monitor v2\API Monitor v2 (Alpha) 64-bit.lnk
Filesize
2KB

MD5
81a2966c2d63dfb66feb0e888306f4a9

SHA1
b1d4509661493276ee229fbc83e4283e39c16d34

SHA256
47638471543f19ff33495d9b96d39d128287c084d0e59e106ec78dbd90379c59

SHA512
9f44f542656efbcc327b8998d913665079b92ad2449722ec24ff268508552aeb5130122a08c6b3715f2198f73023a55051adb368cfbfc624505c3ac454edcd66

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rohitab.com\API Monitor v2\API Monitor v2 (Alpha) 64-bit.lnk~RFe6c9d24.TMP
Filesize
2KB

MD5
1e7801c69aabd219bfdac2b8925d5f5c

SHA1
0a592e54ec80944ebbb1fb30bb1c8518774ca00f

SHA256
998fe2b5a96a1cce86fd1ecf4d8d5faba3b1a8e302cec152f243d8eb8caa8741

SHA512
111d6727dc0e9523f96bbd24eb1d602e17739c0a0cc2a1ff77f7ece65c964552c2876a7e3624f347bf7ce6ccf515f8f959db3d54af8f4e7cbdca8a1b1779eb74

Download Submit
C:\Users\Admin\AppData\Local\CEF\User Data\Dictionaries\en-US-9-0.bdic
Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Local\Downloaded Installations\rohitab.com\API Monitor\{73FD7D14-A6B5-4BA7-B683-767EB61043AC}\API Monitor v2 (Alpha).msi
Filesize
6.9MB

MD5
b8a42167e4c1977f582ce5f570195179

SHA1
bb64631ded3867758ddf086acffee74caf741d02

SHA256
66cb0e3d4a90cc516a6c6fcf3f5b51bcbf2ef4503f9af3909a50a256108fb27e

SHA512
cdbfb2efbc39f6c265e1478f91dbb2882a4ded3f8a840d036c58081abb11c6ffead33b1061bf8558ea9e04bd03126f2fb0ec98aa814a0661047f7d375eedc15b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
Filesize
145KB

MD5
b20298352a31db6c6deaf688cfe0b2c4

SHA1
e3c80f6adc8d43f309023dfcbc54b5f8e571d18b

SHA256
a408c09abf1ead3400d22c6e36c1c4d1271d1b03112326c974abf99fc6a1fa6f

SHA512
a5ff95450a23daa766763a3c617a64370db250fdd6eff0e37f76edc141536ebcd747e615d582ce86d7c83ecb399bb79c7c514e15ca69ab12915f11ff276c7f3f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
Filesize
145KB

MD5
a024ccb591c01714be12f7f9e74fcbb0

SHA1
7a6042abb1161f65e1a7c5cf6f49f56ffd9fe62a

SHA256
6cb53243c42b02645b3b5f9ec3f82e5b661ecad61428c4f87346ef44e545f26f

SHA512
a378e7dc44cf5069226c60a1a15a56fd1dfdaa322c821e69a482e8779520b99ac1b57323909b8f4d207eee3a2f6367161aed35a6e720786f26e7dacf4c06687a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\1063
Filesize
20KB

MD5
4f8a7293cb5768d65a29534a53ebaf48

SHA1
e8472e559bf7457afd735a35d27e6ed9f9f363dd

SHA256
16256805a80dca3307018f5cc39f122494399ec8f3f71b618c1fa7099aa9f6bf

SHA512
375d5b0e8f08334c87bab31999a4626ad1d57ff6816e3c6eae34f603e0e744d8c97ab5304c9777a3d4ae13e4f4ce7f9b451dae6fbb8fa3f106947db28af2a7a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\11468
Filesize
14KB

MD5
578b32691eaebe6e3dc139cf5fc0ca72

SHA1
e008547291abd4cc2f87ca9a82ff7e33449900de

SHA256
d82eaf11c20cccd6f0123b134a15b6430ee9bd4cff1c9fd4b62c7cb308f02a7c

SHA512
70d8bd70485bf83207fb41678804b17749b5e5f39f7dd572c175e0510221d0dd462289eaa75cdf89976de303d639e2a8d2a75b2dd6523c0b8a2c869357fa637e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\12391
Filesize
9KB

MD5
d1bdb4dfc54d39944080c202ddaf636c

SHA1
b5055951b8d6d80392e95c7831fb3eeb6b7cdc50

SHA256
8571162e08a9e9410b76128d8e7fdbb1f79bcb1dbd209369bc89829b5a1d3cf1

SHA512
fdc5a626b70e3bbaff502ea4f882f0be9d8bdd2ec3fa1d73745e7f0b43413c6994324ee7aeac4d923ffea717de1c93aee6dbfae755ce8e3247a2ab93482f507b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\12606
Filesize
20KB

MD5
a766ab9a374710ce3873ebf63b3f5c0a

SHA1
3e6e2278159a8ab32de9ed4f67280ead24166622

SHA256
f93983a0e87f0035522e1f35b7607343e297bf79cc19ca33fb486e5032052333

SHA512
5086306fca7f707d9ffbc27553a1def07627c0cc68e096b82acb26396ad1e7d99736274ffc971921a6fb66c8889120341721d114e70acf83cb113edfe4237cfd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\12737
Filesize
14KB

MD5
6db5b5261ef944a51b4b4ac560aca118

SHA1
1c0a36ecb07b852e41defdeada87b77a35fce615

SHA256
78242ea1a4eede9808cb2172921a2618bc8f738996e019df8159717f6375d640

SHA512
51616436052524d25994367a44aedbf30d3b0967aa16bba8e6e2eb401122cee8095cf8ff0c77fe3d32c038a4a4250e76aa7e172d629d61f57cabad8531663b6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\13768
Filesize
9KB

MD5
12eba49ebc900cc1968664f6b1c7998a

SHA1
8aaae68637cf99895b80cb49719907ad880d287d

SHA256
aa637ba0a2d5ef6fc3c8b685d688148ec3badd1f90a8581baac61917fb585e09

SHA512
e4942f8133585f3ca99d877913b0b39f5f7c9eb24d7599f65ab2cbb0fb77c67d3691bdb807589eb3e58bbbc43737d64d15011d8503e2bed7c4287a6464b716d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\14629
Filesize
7KB

MD5
f8677f90ebbd3f493530da7ab2ca7f87

SHA1
35a0c66aa2a385210238f822f30e2dfff8a6afcb

SHA256
adbaf1253b6bb044846749b1affd5f794ef86dbcec6fd195ebb4915c0c8f7120

SHA512
c27a00407ec37c9a2088343de36adbb1eaecb35d811029fd851961ee46864cb71e75b947c2d12cbc17850e3b058282813e53d7dfea047e0099ba8606c8b028f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\14777
Filesize
14KB

MD5
a2055ec4ccc0c44e2d6dc5d49eec3fa7

SHA1
c2bd649f76eaf0691992c052f714a6870fffe225

SHA256
39f5f781e32c7210ff2dcc072d426f3af84941a70da43eba1108586896c82b38

SHA512
4a4cba20ea09ef12ef87122944a8a0e1c629bbae836d4a6b49af2d69fa683f6299b93fbb1ad87167b50b0d732490f544c10fd7627a1945885a4f9a64808dfaf0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15032
Filesize
8KB

MD5
c28c0c56fb8af05523a00e82b3b3e934

SHA1
8d5602ad405788f8b0b9c796eba032ac0ec24e89

SHA256
1936c49cde5144c63505b643bf72f98410e706f0bbdf87ef6d1fbb603878818b

SHA512
ae56f9e91d8b324ac108bc8f77de80a7d28ef7130fda4161dc1f5ca8f2684ebb8ffff2467544dd768d2848bbbaf5562f6638534dfeb8f502646192a52b7b9fe3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15441
Filesize
9KB

MD5
794c15629b928be8bfb38434b73dc554

SHA1
97cb2359f32f5ebbc2648d4c387b0a456ac85914

SHA256
983391b07bb2a7cfd4795e2e8c68827ee6863a4f50cb1e0d4a47eb2a419dbbb3

SHA512
57e06b7c1e384d75803b3550302f330aff7c7f7dd4dd2206cb9c9dc0cb1d87e985f46e87947b0d9ecdc8f15590ae995940134d2b2dd5bb818f8bdb0e040dbe56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\16329
Filesize
14KB

MD5
413bce142f5262854515fbc10c8aeddd

SHA1
ad017309ab4c0d90dd0c5164f383ac0143214d35

SHA256
cf54c8e4088bb3d1a462c4e401aedf36127e5ee053725a27adbdbef40e751b57

SHA512
eea9ee894f250cb87225bd926c95355c791fcfb122c98e4bd24da919118ae60b28d92c8dab06005be7536d9de5c47abe30f73296c7be4f7200f2e46ff2e33469

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\16989
Filesize
9KB

MD5
0d38df86f0dc7563e452640f80972fbe

SHA1
d1e803764de4666f0a73ecfb5348a0d996b49255

SHA256
1d37665cfb49701f7644a39b47e542dac5a84eedbc2b5aead0df97ec07a6d09d

SHA512
f7d0fc148552d8a35625b39c76510e2f04c08bc96f268d12d13e4c4719a6af8eb8f0086233a2ba10f5549a222380b4e90c5a93ee032660499d4a13a579ce6d08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\17380
Filesize
16KB

MD5
409f0744957f335aa867666f2c59735d

SHA1
7d8f83fa1f6b3ea8342088fa3db7b34653c11a71

SHA256
fbd7821fd2a9125213cb81a81e3c877ed479fb5df27a727c3743452c8c0d1e3d

SHA512
c61766ab1f70e59fb1f1a5edcab049547907d3bd4bc2bc7b05ef2e8ec25f2befe809728526fe4bb1e3d76bcecb1869acb7d5eb4b77cb80fd245cf89afc455131

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\17984
Filesize
9KB

MD5
5b58f74301a5931418fb9e7e8a544646

SHA1
27ae369bbfcfa6b3137a6153addbdd308ac2272d

SHA256
75c8b786281bb575f9aaa03afeefd14a8ddfd956aac1d7ab20754003c8554b02

SHA512
69064c33a209cdec0410bb6f98a68c5fbeafa4f7969111a73a85b0ce21a1308152bbb9d787c20e15a0499a7ba47e47f85251c3b191e6b89d27373febc41e0759

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\18323
Filesize
8KB

MD5
51d90c6c932bba32e666c2783341adc5

SHA1
3c94c7290024c1c03fdf6a847d8e5d8b526b4c17

SHA256
29197776346dfc8308c6ba40816c2110bdf0b94a6864122e2fb5aab171538eec

SHA512
e62917ec4a40898f612c3845a1ecdadff2296419e6fdfd14b888ecf03de6698a3e4889e1012e6db6ea5595e60097feef8a0881e9211bbf358e036e049ba48fe0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\18764
Filesize
8KB

MD5
e844b8bd72d25fbd2317d5d657135bbc

SHA1
2fa198507d30c794f402667ae69cbb4c48c9032f

SHA256
3343323df86d9e238cfc84f7a307a3452d4a03815ce5392211f158021a1af54b

SHA512
e0932770d085b6b98b8c5c673fc6f8d7050948b5cecb11ee6637c4d0fc44b24c912e7a97ca10c9c77b3b328cb4a08b59f7c1bffe9df07cb3a866d7e5953d96c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\21128
Filesize
9KB

MD5
ec9b28ffba3acfbd3f97527bd93e0a37

SHA1
6c53ee932d88309d4ede610ec98fceabe7abd426

SHA256
1810a62bd746946d32e5d12be411ef0b1eaa1634de32a0ad4dafd18e281484db

SHA512
fc8f4e984b9f9804064292dc9ea01505df467540d08278bde6429439bc47dedec27af50e7f373660c82f3e21d655b27f5572fbc00ce242b36862a7ab72c9800f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\22668
Filesize
15KB

MD5
c66c097330e4c80f59b4da8969ec3d2b

SHA1
695b9f3ee6fb0594bc5af25fb24dac0e9a2ed181

SHA256
ccdcb9067a62d0dcfaf73ee89f7dc2f0eb932d19089cb6de60fc08236f155ea6

SHA512
a3494127260bbbf19dfa0a6ef42ab653eb09371c592ad3a67126fd9baabc434c9b2fa24dc6c85483e614594de47c4f1d76f0925338383abb178c2436a5386334

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\22743
Filesize
10KB

MD5
e6f9fb34c8c53da76a64581bf9462cfd

SHA1
fbdba46a20089ce4fe0d615a07e9bf5f2f690fec

SHA256
94e28c478e9e1f1044b9aad0ebadd77ec48b8d49a71cba7066929f77c13be996

SHA512
94a541003d1225fa288dfafbf9a69c8ea6377c9386c704251415f4574f0cd280524ac253730954ea4e06846db0c2fc2e24b20e4b31366115e3296bcbcde3eb71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\23021
Filesize
14KB

MD5
0eb11f6aca26d36b14d628f854330e23

SHA1
29969b3a601582ce4dd5365a944af3303a56b0f8

SHA256
418a0a20b8e8f57485e98c2229db7a18f47bdc2723a5f293b9c45ca098d6c121

SHA512
bd32671c10ed78359367bd61930b8dce1b3325d293762aa6a84ad957495e9c6a8c61c0f30028d2ac78a99acda82b5710565558366ad0647df3f27e4757162f3b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\23790
Filesize
16KB

MD5
e455271ae428397f4b7660e1f3bf1a00

SHA1
381982ec5dcf6fb5bc2530c10a923c9d74b2677e

SHA256
2bbbf9b0fcc176c811306c37310a25853f7bf721f6a1d25d7946e1b17f76a9a0

SHA512
2a543b9f7b43bad596f8916919969e328b860b87725d9cd78f2a1dae8ba7f05c6e6cc9a44d3e990d63c568f2a5c6b16b71c498a763fe28687cbbe13abbf15aea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\23954
Filesize
12KB

MD5
4e3b7dd0beb226dc87e0f2285be55e7d

SHA1
d16997d0a17d9177aa7d9cace6b9e8692cb6d90f

SHA256
657537b4e95e956ad480d5cd902c41671e70dc544ac1e9413879836325f3247d

SHA512
e6e79f556fa5a2cde6343b8378b4e0d442f53d6f115dcaca109191a9a025dc0796313e65778294b3c5b94fc40830678f293e895a5f2ba150e3bde4737eaecd7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\24051
Filesize
7KB

MD5
431400a47a1068baab0b26f6cc54be93

SHA1
e9a409b3321aeb1647d142cd05548a4b5de0f35f

SHA256
567ca8ee1bcffd808c744368cd2ef9f046171e19aff632d470a4c87f5000b680

SHA512
de5d203f94c0b9e1e44d5dc8a3d1f44277ec5a2e465671d33804b161fff9c95c5b65622a23be000bab9425a6ea1606b72173639a2505ea01e5d9277dd4e0dd61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\24789
Filesize
9KB

MD5
7c94459f427a6e82ffe6feaf93547d6a

SHA1
a29a5861545c73a0b95d861bbdda5ee131fe7af6

SHA256
85c19f068680ab6370d76ef69752cfd4a7a43815d7b8afcf37c6851971600612

SHA512
c171a2ecd353739df5e2544d529d8e19d77d3755cd6023ee8f595f43fda5addc6c11d6bfb7a4e2401e612be0feb8caeab178fadcb6874a1d2b75efc87ec2c65e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\26846
Filesize
9KB

MD5
d745f2c7a18f40fe4e0d93db53b199e8

SHA1
79be62d95aa2030a5cac25b93afd4df078f7b900

SHA256
694310faca57c32543f926f308ec52f3983d2a96a567b1a47c027027b739a256

SHA512
589750d4dda698843278530677207e9140c949541bd8c4ee9f87cc317989e259dd1c261feb4841271c4bb010c821cceb12da4e6a0069d4702dd278fd16b8deed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\26929
Filesize
14KB

MD5
722156d1c97e0c232b1e5c473076f6cc

SHA1
db4c753a5b2736190a071a31a2b5f0a40066c589

SHA256
9f6299e45687416529054fbc35af811a38189c62296122a8c83fa81bd1b4c444

SHA512
6eddad5ddae2fcaf2af00f7a985bd2ba9851312b1d64963eb335beed50168f35cd29684fdd7293cc50c1a6664a67fc4b44fcb3d7cf4a708e84204dd82c7effcc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\27694
Filesize
9KB

MD5
e5c5dae89f8bbb1550ac1b1bea88e82c

SHA1
f4698ba53e4d2ff9189e4d26adbdb75aef93fda4

SHA256
aedf282e5fa7ad176cbd822db5cd16e651fd456eb444f03795e5b144238715fd

SHA512
7ab7731fb0caf55200c63a4f194dc1ebf718c741836f3a982a43b3e75b75851e60f52d2607cc1137bb229ceac3dd196c8b0102b3536d851451ef912b3791f196

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\32257
Filesize
9KB

MD5
a931d9c01fd022d56cec423764f3061a

SHA1
f3c5cf9ecaacf3bacf0d17fbd3ab8256995c9c77

SHA256
2e6bcb678812a12801135a9a281331da6e7e37d3118644b9fdf63846ee336b69

SHA512
3beb7c5e4ca93d3cc69db02f0ea867205cd30825add62215d7086a714bccdf9cce59fd6523ae0bd3fd4e1c116e253f30c9868a8bb98e568e2608e31380e29ca1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\32441
Filesize
14KB

MD5
7011e6713a55eb544b37c7c03142b756

SHA1
e48c6d428f1ed904e43dd28c34f1ab61beb744f1

SHA256
f6a840849d9d5792023d4256ee827a8a99595c0945d4a3f6ed2f306f2c2d740f

SHA512
8ba5dc6836e162a41ec8f6d3f9f2c17ca3ebceede02bde4598ef53247389075a23aedc34cb7bd2c2937abe8c690ccf2cdcf8956c679ea7f6c5d8229480d8507b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\32465
Filesize
10KB

MD5
f7eb0ca0ce0f6d52172a2cc58a75c65b

SHA1
944dabbd312ff752fb04003ab75ddfc4e9f8b26c

SHA256
97b9c7a6bab8ffa339185db0a856137c885dea7f27db12cec221930179d66930

SHA512
3ceedb8f29ef030bf08b7ec682f88180648c4340fb302149470945f94ae493ee1a29e72726e6c9df4d49ffef33277126856e119b886babe003969d93c1cae10e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\4662
Filesize
14KB

MD5
b729b16a028f2d9a60de0e73c04196c5

SHA1
88882a125143f38a373f20320f6a9e1bc253a622

SHA256
e4489c7cbc5761cda8db37a34d3987f452f8fda3f7f70cee5824c914d075723a

SHA512
6551c157f5302d262c129a79d0c0b3dfcbdb735b56d7adbc13880e4b0a426c89a88b683b0061cd9c05ce182d81c1c8cbfee6541cb2a04419633c89d5d6668868

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\5756
Filesize
14KB

MD5
f68036f8f471a10e641b1585177cc774

SHA1
5da652cc9393c1f2e7dda81f48e154a29d93ce5c

SHA256
f1cad12353a88b5ec18de746c6b324b609f4ce22e275c1a636fdd89ccefdca60

SHA512
1b84fefcade27a3a57f8df75c743a88ad5723ed26b846486a20bd2f0866384785443f4aa2322bfdd99efec023b569cde939b1c6cde27673cbb357ca1b5a8ce2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\7813
Filesize
14KB

MD5
3072dcadd202892dd4df9bb847efca26

SHA1
15b0013c9f2f5d55d1961b8924f167f2ddaba448

SHA256
05a27aafc8516a32a501ebb050568b0e4b8e2634eabb63d6f0c4a2888eba140d

SHA512
ffb3aa7b8ef2b0506c2ac20cff45d6dedb930dc903811b8a0e63b0633979325179815bb6427a766da497d0a6048a005216bba9a81af6b0de32244b6a19f6c8a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\7985
Filesize
7KB

MD5
c9d88eba6e0b85e47c2b58f998bea061

SHA1
a472715dea0d14ba41559ebc58c1149feb909b9f

SHA256
1c5feb55b6b267581dd6b6f7e27546f0278f03ba2d19859f88f86bcce7ba902e

SHA512
4320d2895c4bfe696f322813d67696eeb57265cde79ab3cae54d1a50e5d13ba96972358a6cd58f6b24e8c4d27ee1ec2a5335604489631084279fd65f75f78049

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\8105
Filesize
9KB

MD5
21ac0cfa611384755a4abe608dfd5725

SHA1
ab2f7fc3998665fa6a9cd536da2be3cd4ac2cb9a

SHA256
474201f99a9a6cb1f6f5788c421cfa4f16e2838b0f2e75314f63ab7c3e8ee205

SHA512
1f0045706a688c8ffd040fef7049c2d19d967be56becff55d58a5ad3d5f7d5263cba3c78c006a282c050e367f44a661da48a4a1e8a01b025bfac7188f165325e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\8561
Filesize
12KB

MD5
450d0884e4798064985b18c8f34760a2

SHA1
29a909a4d803b669719d509109ad9483c7a0bd1a

SHA256
b1f5d1fbf261d7f5a8c410afde707064612f14906df1e5ed1222903450f59229

SHA512
767486898604a9a46e0c25111333594bb7dc9f81a8a4af4f45cebfe2312871a39ae12f42e99517f6de62e4467b8608a9d8644c198555748f211ad2901e07fb1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\9959
Filesize
9KB

MD5
b267c6d9de4eada09de050d154ee294f

SHA1
6f9589e9d19b4b11d66c633c744917be56b1bdf8

SHA256
ac9a63aa96b50c3f110c29364cb09571c979d416f714d6d9e1bbd451f11e7002

SHA512
bdb0e0f0ed39f7f838214ce726dc0b93357e1660652337d647048b82f83eb5c72ff708295ddebd8b373525fa7faa4fb820d26fb209cd2dd502c7a6bcafee71a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\02867E57EE78F256668A615B3AD7ABE9528E24DC
Filesize
3.7MB

MD5
9c8315103fb40c0f32e65660cf5ceb75

SHA1
46af090939dd4a8b67e5a3d0d2ad672d2c6b3990

SHA256
9a9ced5b4b839d1dc6bc9746299a224e43f1a9749664893ef7890384962ab47f

SHA512
2d4f6ac2a1482586010af345b23775d5acc74d2a0ca2f7a4ea0753d6b04826a911f9a60b47bce21ed624cedc3e78172550dc362a7833d75536667ede42e0f16b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\0EE0EEB9430DF2BAE797FEA84315A20DC5F604FB
Filesize
101KB

MD5
820893dbfc502d57adb5d383bb2ee8f8

SHA1
07489e30b44095be3d76d3019a8d37c4fe0f4183

SHA256
60928ab6ff4e0ab729fefddf629398f256372cc8a6e786b9bd5307ddb15cf703

SHA512
f1b50a46d7c8f3de223c98c3e8ad423dc4834d0635509a6ac885535d9ddb28ff7640ae88a14bfd296f822981ac700cd53770d03dfe84b1e1f41bc0cd54b7162f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\10D90294910D23CF87ECB37137CCC3AC6F979406
Filesize
101KB

MD5
5a64e6c77ebd33e7b52a729a5ffedb6c

SHA1
00545f40915c1580e2d0e68f457192460f0e1971

SHA256
cc63c34ddc82179363c6ef0a5ac426eea50b3e27b181fd1834799d39267b084b

SHA512
a991566970f5495c9a3d5f26dc094e25611d0277b85c177bf38c68a94af6734309072831606f92fcea8107fd05a665d9d1653da3defbc0b61b8049c1847fc6d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\1F579B6AA9F780BEA2AF0B913555E0442A98A898
Filesize
281KB

MD5
603edb443802e1b7bacd7af0115a0336

SHA1
1e039d841d25a22ccb1ad6f9b5ff5f238f1ca41f

SHA256
11ee08c400a5bb63a5ccd45a9145782df1b37d31f95f579987588c90ba66e7a5

SHA512
5b5bfebef0a238190cbca980a3b814a6d47606df31da56afbea8cfc1ce2d593a479fe0f7ddec048d5d9c49fd1d4e48c4072ea74e991aa212f50364081d379758

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\202B6DD3AEA22171F941466E5C0D23C87B7741BC
Filesize
44KB

MD5
ee11f92f0145c9b0a2df837d2661e8bc

SHA1
6185bd79f14796d9684c88da47015a6b4c3c7007

SHA256
750caa37b9df2552b6f3857163e3089e58772733c6358ec9b46a0a499552cd43

SHA512
7f90f80a64bc9401b4933e7f5a428851b9a82ad4b4850c414d727eadb168961d18d177f6f5c0df10abb8b79263dad06b864d945ef62479cea4109e663d3f0754

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\3688F6A6CD7E95717EB5289508AC20AC8928FC30
Filesize
3.0MB

MD5
85a21187e651766f3ac74e3691f34e1a

SHA1
366a11a6456f02aef6ea802a804e235f1e67de80

SHA256
afd7565a195e25e7c013ce06feec4815e2fd9f238b7fca1c11c79417349b0e43

SHA512
0dbcf912a936d4c41579be00c4ecfb70c19808ccc44a5818be8f98f43d5984a82d8798cc32756d6f06578901e94e25de995571c8987b6e316717cbfc169f7c9e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\4231F1B64AB101478CBA1A6631314EA3FAF05AF6
Filesize
1.1MB

MD5
880501a5befa277e4ec418916232a874

SHA1
87f5dea1d287cc0b4618fbbe36fc7b0433544bec

SHA256
aaa3df590b64f912c1bbb0b5b0c800782fecf8ff2851f7b5f9a746e11991f439

SHA512
5a17264ed6e0d2538e9c2c004cd61ff05606dc25fabe3498f6c997adc6a2e9c57afe33997a7be008434333d046400c4137999d51a7d8b25b027712f3b8482ebd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\45B175656F39A9D2B3837ACAF71417318FE35B7F
Filesize
74KB

MD5
c579b935a142191f592acf026864c8ba

SHA1
7af4ace0bd703c0b056c3182f47172f99bdd2c1c

SHA256
a67da2b5c2d56f58a22618f61fd081ec223594f2a3bec7f35efb656826d768e9

SHA512
e17f38d9eda1b55d230fc54271a83672af2a526c4e643631c851009783cc261f1d894ab39a347f9a04dffc180f562e82302029f123e4b5ad53eed479d51082f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\501C4FC99F591F49F1795709C24D53DB0E3FF2CB
Filesize
95KB

MD5
46cb35fa2ca0d6e8b5b886fbf6ac45ce

SHA1
4af8f0149447fe7fb54f0d3be799bcef5cd5aed7

SHA256
165b162d50e8d368c9650c7bf2ff13990b5599cdb979105e74e07cf7b3e99a26

SHA512
3b54315f2cfdb8c417775419dc3b22a81061596b224bff4b37cf4f98542707d594fdefe8464d4e4c144487c6dd9e6d314dea9b701b64cbbb80caf706ed402c5c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\58D46C4012E4AD3623A4EA72BB3C1CDD25B3FF87
Filesize
14KB

MD5
f587df43d3b10a6a44ea8185060b408a

SHA1
1f624d0ad8d416e007104c29800cc65fc3e8778a

SHA256
9a7e2bc5b41973987af26622df9f23bbda3f651663d3fa49b75d7b77a09f7621

SHA512
716ef2a23e57851049d7f9e849099be415bf08ef8c5693d9173a5df30aa325fe2c8f24308e09867d89f20e2eb2a46b717f3efe0a22ab876282068da93b08c388

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\59B504CAA36ECEFA6753FA76A7270BBE76BE054B
Filesize
159KB

MD5
251bc5c22f74e3d9fa629ebd6462d6d1

SHA1
c7e17b257af43f728543935c614d0be538d4eb35

SHA256
b8a90eaa8f8b42cd3af916be0ca50badd8490818481f25dcf9953a9b7bd8a742

SHA512
e68317a446a72bd7ff6186d61a38700847943d09849abc681aaa80c56f5c56c1dfb7a00b07a3d8658a59b9b1ee6f302d6212faa0cf5e76f3cc5a16f86fef80f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\63A72944F3171CE3FFFFED69F911817CDAE36406
Filesize
100KB

MD5
8ded84113ad1ed0e62be9c1c3e92642d

SHA1
cd6325ceec9a777d618ec51ea3f551979b181508

SHA256
974fec353beddc1051cef71ad952364cfd9b02275cd24f4cc919fdba00b91ac0

SHA512
93d395452b7b18b69094f8b450245e97da27b9d20f1a7a22a79ad9ab83eacffae542bc3b0cbcddcbcd8a53194060d0405ffec4baededfb1ee99d2c1313b48ab3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\6BD064076FC54E70A3D6BAA5D9F321D9E3B4E372
Filesize
423KB

MD5
be3e70c37c3ac3c9d0030b7df869e82a

SHA1
46bb9fb0e062865fc140130a7fa71752674925dc

SHA256
c6070c10d8c706fa6051c8ce3e51fb2dda9845734dc37a6ce680815b064deeb2

SHA512
d009cedf37ac358084ba5e6c2c2fec3f0c0112532136f63178eb0557e89d154e5df89b3a28063d841232ce998bf725b0a7418c52d0eb20fc1d98384bf11c2a79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\6E1895B33D5F91F34072ECC4DEA16128B135F807
Filesize
898KB

MD5
b69d07fda3c860de12fb66241c5027cc

SHA1
d4499862359c98a0faf59a3cd9344204c38a66d9

SHA256
558814e8ec68cdf830e948801ffc6ad30354c6ad2873be28b136d8a1647fbeab

SHA512
f51da8f2efe23ff08466e2d2f900a98147759b2d676573df4a7ee7bbfd7b27e42af9d09b711ee4e8c7ac9bac152de83667357ee599c80cb17770bd87c61a5a3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\71D465A57D0D68E0FFE2326839D79CCBBAAFE43F
Filesize
29KB

MD5
e89b86985668f45452cd31d21ef26d45

SHA1
cdce24aff411200d1c6c4dacb307942a23ee7dd4

SHA256
548c5ea9b85cfb39b9274cd7dcb86119e2d173509781f47fa350f587ac1fd0f8

SHA512
71fabca66dbebef397db9523de7a98277a663e430c4cbb520f01cab9bd11d2cdf4896ff49584f34a1ae4f253f86efc1c4b13deba4c9df167ecc6d128de787227

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\766C473FF403B489979EFFCCC2A8571F097337E7
Filesize
1.1MB

MD5
961aa578b927d81ca57e594c2fe86bec

SHA1
43fd4c7a020a04127bec399242858b91f880d71f

SHA256
4001f6b683061e1bcd3c6081edab1eefaff6cb182d71ac1ca54d38b278f28e43

SHA512
d8427a29dc8659035c57f8025ee9e6751fa221b34e14bccc20af6688604c0eb5d1a648b69314e36d915ca0d99ff876756cb297dc20f6ca57e3bf655c5bc2d6e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\7ACD2999A72F1B5BD25B72A4E97B10D63009E0CA
Filesize
148KB

MD5
a6f03377d633fbb74d3c79f2bd7f889b

SHA1
c294259a5b73170c11b1500e477b2fc9b1c32c36

SHA256
01d88905ede642d62dcf6182df2fdd6d372df3efda22f886460a20ae1df231bd

SHA512
749a28512d98a526b91f8e76661b7708f73e13ec4b116debf069010427ca25befbca6e197eb205c6af21033c8a23390a71e4314dae44fefb6fa094d0e125f159

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\7ADDDCF59F9AC19738498AB785B9DA22607A36A5
Filesize
53KB

MD5
ed40ad05fc8bb871750fa8b6591daa4d

SHA1
e3551193997225a987e0f1dae9609d1b0eab6744

SHA256
a128bb48048f2958f61987453f1696c823eabaed8c67f1201786850728108496

SHA512
35a9711c91d110d9b2c8a01b5675cb1a0ad46ce8558ab815033f19d6e702f7b65c9c97859ec348da26394fd35d72056a5030d0a21ade2888f24701870f0ea8fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\83694C4B0C983BDAFFBCCD945F9254E4CA2AF6FA
Filesize
47KB

MD5
72a09373737f7746dcc754b31ee6232e

SHA1
a9a2069fb1a99e960b5c93758d89333320651c3d

SHA256
b4132468eaa44c898f7de922a1c0792da121930e728dc6c93f90bf089b732644

SHA512
05bab8d8f6e7ac7d1f71738496d1f49a143a42987d182ee57df8aba507255eb0435912544d9ca8086308cfc938b70144125dac720af476a8b3c17ce088875ee3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\85AA09749BA677B76E86E00818593D146C5F5965
Filesize
111KB

MD5
f835797eca310581c0c0d65dc2eb9ac5

SHA1
93644e0aae925db6a130dd02cb700d2c5162591e

SHA256
928501d43e405abc576130c197c14653f4a3b4cd18910ea3d35349cc6ce75c52

SHA512
754069a5ec618bc7a5f009373616d8856f0fc37644b5c4af17d2404af234a82bea0799708e49f47570bad9dab6a3b5f0d4cdd9fee087e2703b43604acdb2d939

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\93C73B3D91E396885115B9D2E1BA5CD360BFBA92
Filesize
134KB

MD5
b632685153a6af3b689ef2aa0f5bbe8a

SHA1
259108bdfbf2a51f1c4929a7f6ef2fc3f671aa31

SHA256
2ccad78074e5d69cfee5fbb0f2ce477c101af537168658ccaecce239274cdc4a

SHA512
2d26c56c18c71f5cb82ab917752ff87607c1626b3f94c891fcc15e0eec96411350e339192c797423408e284a672e41e0901e03dbf311fd955484c287920b8fe0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\9835AEE8BF8B1EFB5F9B5DF277FFE6BBA35F480F
Filesize
18KB

MD5
f4ba4f84c53e3ba466e9d49f8e27203b

SHA1
c7aaa963b4c3b5490a5290512f90f4a852f50412

SHA256
74856f2daa9307048d5a7692ef1f8e1e7e7ce638f45224e3b6e5755ce615bc61

SHA512
53ae2e85db1622606247eb8b6e9f40c7265a21edbca2ffb2ff47e27213efb62b68e93933d62ab4912dec29ff8cc4ea0cacffca9b45bd2759a66645ed46ca926f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\99ADC5C94BB8BCF3D0F5467784D370A363D812F4
Filesize
248KB

MD5
f8238efd0e8b30e17f20d21d5a62fbf7

SHA1
c147d838386fac70a2894ac12beb46be0d2927ba

SHA256
c44b2f473cf9f07ab54c10cde3edc9216a740fbac47c96b5147c37ecf76d4cf9

SHA512
0fb328c3327e1189227454f1e78c37bd676cc6f3f41ea667c3218e01475c81273f5b663a5135c4af9e80fd514319aea385eb8563a8165c990261faa7455b2c26

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B
Filesize
24KB

MD5
f9dfa67ddb180b77446a908747f0c236

SHA1
59fde2798367fdf4f7584826d1a88e3cad7a33c5

SHA256
c0417ef90fd711145606a1a375c3fdebb22e01aae3704a5526cf78b818050ef0

SHA512
ce3c62592400493a8e1aee0ff4c106edeaece25f272368edfe416251472845d93867c02d304cc102431449cbdd4d3bdddcbcd084972b7ae321ecc713fd0d09e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
Filesize
24KB

MD5
4aceaf0385bac8870ac19b6fbc4e5436

SHA1
645aca0f330235d260c83ae0373dd1dd826128fb

SHA256
87d82736a897e5c03e9c6899e11f0a36cae41601f1c8003ba811e37f953c4b59

SHA512
84310b9bc94619639a5acc83569cfcaa3e56a304581c377ec85c9f49bf647416f40aef900d7d6a301c475eaa4ec57b131ec87348e737f11003cb1d891a3adbac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\AB4CFAAE86B97045B9D17BB8A054AE3E079CC4B9
Filesize
346KB

MD5
74c4ae0b1ae3510bdfda92eecc9d2479

SHA1
bb25da56ce6e0c62bac1337e0d19b2447b475b06

SHA256
fa68f7a3f8eacc8ed76f05beedd5350272623e0e826cc2de8e46147303b17448

SHA512
65f37b50bf3c54038c6c3a4af6df660592135c7ab365e96d2fc711c5e182c3b85cc5735c961160ca650e52631b6b95598a3905503035365ce5421b2cc57e7f37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\B6CC53B0972D295D54F95FA82A5838EC5616B026
Filesize
322KB

MD5
145e17c5c231d670a73152ee28f763c8

SHA1
d5fba63c4530c0d9ea699f347c9768f86f53a0e6

SHA256
8155543105a5c4fcc699aa838f828870caeed5b95f0bf4519b6981b6f55102cd

SHA512
d0bc8d29e6f20dc1a9a621fd50b85d2a15582e969e38896ab53b28e5135770d5fc246f596f41ead16f6cbfcbbdcdedb113c86d2c0b1e9273a8310c926f4b0cbd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\B81F84622A8CFC45DB47E23F987D96120CD34A4A
Filesize
322KB

MD5
a0fc718f478a8f0d71744259608f3c55

SHA1
a0d76bbd04cd5c10fbcc2e5e0c39cca3f4b6e480

SHA256
189cb0a0abde524c80e59dc0fed2a619b691217e535d034aed40ffcb00b4ab8c

SHA512
4c871f0f8d98fa739cf2a795e5821f8efc6f4b641e891dfd9b46691e5b2b39164eb54545d72cfdfe474f86077a4a44661c1e7581b8afa7f6c12fcf39911865e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\D26B3E7F2F0DB73957EA23765D05C8953CDB775D
Filesize
175KB

MD5
5d8301ff6b0af3f6426f9bb8bcf87216

SHA1
7e9b71a5e2defb7258ea66efe97f8ce4288b9d11

SHA256
52081cfa81ac871e815dd0ca6b544698708909f255945a983abc4e79d141dd4d

SHA512
7669af34defbde1fd53bd744835aba6c4d13b24079e0db646dee31b58a656d69a607464604853c84759de2410d487b58613e24a408862d6f83e4dd5991901086

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\DACB1AD3134D5FADB7BDE0AD7B870E24BFEBAB82
Filesize
118KB

MD5
e23a055f6e75494310d5bcef7cddf5c0

SHA1
04b3f52d740a4e37cb7d07d521882170ed145745

SHA256
bfa59e0b1a78ba6e3a8db39a7ae167e2a5d9126f4c12ca8d9f7287066086cb34

SHA512
bfb1f27bac52c2a6b5ea2dda6ecadcc90f10b29610b11d112da34713e31013a5ff18e82842ca9f963bf6e4bc08054b459d0ac2cf203c15eb8b93334e23682ee7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\DBE0F386593EE892468A708FA166480F612962AB
Filesize
364KB

MD5
c210ce1a36a13b6048884e70e5dad97b

SHA1
e38678ff6ee03e275b921f4d3db9297d62a020ac

SHA256
fce7a1e6207f433c2bc906aeeaa3a0f9d9e77eb8b346eaac5570e3bd4c619117

SHA512
af5d710e067282980d9cf7fdef8de98d1ea02d5e6fc74162729966db73e3b6aab38d078b9d0e464de615156da72feeca211776067fff9d27580c27f3fcb5d4ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\E2195B15E085550C47C77CCD6B686DD370076298
Filesize
67KB

MD5
e4fa6e88388658084ecda003407de726

SHA1
3baa072f97a00cf26ce6f7ab09d9790b58f5e197

SHA256
bd7df8948ee90fdbe97fb9ddf8e0987222aa0a6f6e0a90bf7ac786c3a9c0ba6b

SHA512
bef98d3d37110a8b8f9a24cbfd306e3ef3c73ae6eb2a2a7d3278a2cc4ed2212ea8a06998a2a4db7fa8898175f24c0b4cfb23916c1378f404b3442c306a3fc73a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\E9E8B02B67A171FB28ADD328DB91E7741763C89B
Filesize
68KB

MD5
86590abc5d174a8bf7dfe8289373ef69

SHA1
24dc4608d0313e0effc5f64ec8c46a5179b18fc9

SHA256
21f908bb1af5ba8c8216bd9c91110d31c797e072dd6611dafa59acb21a6bcb5b

SHA512
ff65d3d09c9dca0dcac7b6ae4f3bb0ae53d679f060c959de5a9df5ab314b74d344a074d2e6f9e33b6887af1c449c75d6a84790a537c050def31bafd43dad67f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\EB8FE3163EC63A6325BE66CBD14774354E29278E
Filesize
520KB

MD5
44e6d742edbaab779a3600dd639c94a4

SHA1
d962c5b28def81f95331e697eed3fd5b64f1ad4c

SHA256
96d354a8ed407fc5ad6748f5a25eb735d200de1e449b1e594ac1604c191b00de

SHA512
c636ce5b6ab1b113c73b54257edf03a02a6498f3c0a57020215618c71fa748c358c66fbacc8d024e34d9c89d8875defe6dbd6e7397ec50f39e06584ab3cfb708

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\F1024191799870B12785EC8CF95ED4019EE3FD36
Filesize
346KB

MD5
8b68e0394791a0262da2604397239b21

SHA1
a1fba1fb25748b785ef0146770f08661df5deaf4

SHA256
90c36bef429f456aa0b9eb62411d3118474520270e309ed721e0dc5944d9bc70

SHA512
ddf346771e9915c28efbd1b3f49bacb5cefc1fa5be8b8b30d9487f3e23f61b3f9edf84675c0dc3c0a5d1163cce2792b7a3491f0348c12c4809044281e7c5dc18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\F512704D191BD487F4DD51E349AB5B469E7D80A1
Filesize
925KB

MD5
a53cfd6ec16312556f0f9970fbf34c4f

SHA1
4a83e8d2721064611a6f44b2735704642bd0925d

SHA256
bb7e9f0572798807a8a405627d921e0ac0af8cbc096370429e53a6aae06f82da

SHA512
d839230b47136f6401a5650acde0ce1ea473394c21da8ac98211f8cff5d1bce6e28ceee3d2f0aa7b4889aee0e1fed207b5f401cb443a5ac99cfbbe3f44ca8dac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
Filesize
30KB

MD5
58681d253a50cfea2851e2a4e7f671b0

SHA1
bb1135505b9ce857e8498124f1dc684545f93d0d

SHA256
8c45586843e564d2e17ea244373a67085d70f3710d006312047524d39d8e6f9e

SHA512
f6676738ab0c4336e6a8c815cdfbf0aad6841413d9b391d1cf7c045b5f69209f8c30cfc10dca30387838caaa0f7a9e2455a2a8e40fb2e5d21f9bc7c29e2939dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\FC0959EC89CC4309675052BC439D6B087ACAF778
Filesize
416KB

MD5
1efc1d75e0967368d6e401096fdd7f11

SHA1
ab458478b105db6647adafb69e541b5738fdf5b1

SHA256
7aff5f123d9fdbc87d19650da2116aee1149a8dff08ebfcd189affe15313fc5b

SHA512
0a9247b8350c1b6adf7d37de29df6d4e8e84a6ae06605a29a3fd64572ce5cc2fcd9c6321b1978039d7e5b73be1d1e801572cf0dbfbbfc8f2abcac4eac5453915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\jumpListCache\44I1JoqZ_sAIb_7focVrew==.ico
Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\safebrowsing-updating\ads-track-digest256-1.vlpset
Filesize
54KB

MD5
4f9ef3d3a71d4cb49e623e3f4b7b1162

SHA1
c2d65973b44b051d043475e9387fa7100514acbd

SHA256
48ae004f3c542ac764dd5a1e894918ec4b250b5c1f7209256c191cae13106b1f

SHA512
f7017204ad37ceedbff4e8b58ab4edac75748d2f36693e59ea9d9157f637d29b53c6405d994ac9fc62712f2574013e95c4817ff49229c78dcc23cac805b13ed7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\safebrowsing-updating\ads-track-digest256.sbstore
Filesize
1KB

MD5
13c5c1e4d58e3694584ec0a8bd75e70e

SHA1
d20aa246e73751b67bcb4e15b88356489a62360e

SHA256
b7cb2651fed74e639191f187a1b095063f9e4c25a412141311fc169e016d61e7

SHA512
c1981645ed0bb92234e3cd35055c69fa595aa692c43fc1e83a8bc0c6d94996725f53dac9c91842c68fae0f4137bff3cff34eddadc35c5f0ce5e59e3250e81f1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\safebrowsing-updating\content-track-digest256.sbstore
Filesize
735B

MD5
6c0ddfa4aefe6586b8a70e9e9a109ccc

SHA1
b6f27dd7efef7deec55b0a75368b39fc9fb95926

SHA256
a9cb5ebd95c2d42e45a2afbb078c056db73540da54a8c18b50432eda1708d10a

SHA512
1314256c66afb58b77e79f159f969e95f73b98b84f5ed443ebab0351a21d00cdabeb8629473db3365be2e68a23c6c6806003004d1b71e3b2dae77af5ab75cd4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\safebrowsing-updating\content-track-digest256.vlpset
Filesize
15KB

MD5
4feabd410f1b44c8ea4588c7446d4b69

SHA1
cf843a53041152387eb10a480279c5c05823d72b

SHA256
1fbc5d48484f5bc007ebfa52c62f4c5a341a3a7f30d570ecb74e339c4ea0d80d

SHA512
b3a7028e582f0ad61fa6ba94a325c0a9231f496c92839d3fe104d92d6a908eb7e3aafd2bcc1da81a3a681f5fc948a607efc38281c551431343fff600b2360703

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\01b61b72-2a33-4b48-88ad-6e1ea6b20133.tmp
Filesize
1KB

MD5
f84831807662b5d0d070b93f24c4bf85

SHA1
6221963c9ab577403e664c966f80d16262b36825

SHA256
f5614703720dd7a2cb65d22721f25c4deff2f4f590fac3812755c51027706504

SHA512
c14a1381c98551698e49f910cecb74e613bd3a7245eacb2b1c86f5ce78583ebc9a267bc21aef37e1d146a7a08e332ee14a1574dc03795b3041e29795f4c745f3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\f_000003
Filesize
19KB

MD5
a98889b3602a11263bdde727c87180cc

SHA1
983e07d23d46d424e7b0a174d6c6de81468d2cca

SHA256
eb248e0008621151e5c37fe62058596f6950e8e733b57ebd5461b0acc15542a2

SHA512
cafc7aabb108d4a323878548b5af7a0aec977fc84f031ed421b49fcc83ea3d17ac55bcbcced6016d392794978ac81c3e46f5eedb407174ace9ca58ffcaf5ac93

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\f_000005
Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\f_000027
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\f_000088
Filesize
29KB

MD5
d432ae102bf00da44f935f63c665f62d

SHA1
d5732c670abe4a74b36b1373a2fe606875092902

SHA256
b8ee80cd36d9e001141e72694b5681ed121d036dbafdb69132d8b3b5375c84be

SHA512
8ff08612d5609f375d2424b73c1aa90ee915c2b665215f1d5b4db5c18505287cf4cf042f5770dc7b06abacb0b190b946183120f3ede0c1fb444cf38f877d78ce

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
f698a6e0bfd6bc6592a83516684eae24

SHA1
3fcebf9b7ce84c5f2c3906cbde3e3a5c1dec0a2f

SHA256
ef7c3e3e69e49240e79b44ba0193d8448547ae30b68373125f322fd9baeedbf9

SHA512
b4705354ca040b26af216493aebe2b5b2e23347b7b2ed6b2d4cd1cd4f657005a890879b5fe7e7382397c41c16d3d519295eec20f65485be30e9f9f0bec7d70c0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
6f0f35f41db4afc3ae40b521261f09b4

SHA1
b065ec463bda09be631a4d55b03b8ac400dc6f3b

SHA256
b4361d2cbc796c88bf7fb1c5c5a1943562dfc9fc143615e5ef0ccce03e5823fb

SHA512
8eccc752f32db3b895a9a3f59c61c1ee6f3302ba8336fd8ff751baf933dd2774668f50dab5d5ed801fbe885410febcd16146de77c4a7993f559644907ccee8e4

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
a090ff114bda65782fdaa34646ac0478

SHA1
7239695bbe2fd0e60648b5996753e6f3bc1b5999

SHA256
a4979ee684ff69cce5aae81f92bbcb65a6973cedb554e3a28191d8c2d5c00c1d

SHA512
e75271a7ffbe80b6c75d27041fc296839f7b67386729c7fee43e0f4757b816fa1c1c7ed084af70258def1ddac00a83941cba8e30163d4aea055ccd47a44d1fa8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
dcab9eaa1ac990c51f5aa9ed2d74fb3f

SHA1
2a57d5b4041279d2917cfeaa71b66f5752ed446e

SHA256
b1c005359d85c54e403fd9a35d29dd9c6377806c27cfebded9d757b03f17b157

SHA512
ff43740b26a3d6a4980c0d5655f14bed00871fe75ff06f0f4fd290705f1b288d17afba025e18323ed9069ce962c0453aea5eb36dfe050fbe1fdb4a4aefde64c1

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
5da3457e353612b208cda8f4dd082fe2

SHA1
f01e4d217f841debe01aaa9a5f29798f811e76b1

SHA256
6b95c8289264fddede6554d7ef744dd1ebdb7d59f45e2d4ab19a0e9f88116508

SHA512
32c8964b613cc964a83cb46846701de2c8152c4c248e1711ee4c660d38fe330b44d910ed25ad0f41ee125a1674b3929861571ee9a098e7a8ceac5607087158d6

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
9da25cfc6f2deef1fc6b81e33df90b6c

SHA1
9735c5fe6af14cbdaaec1fb3be6d30073a5eeb67

SHA256
dc40527636553b7492cea1c9264fea4066612ea89a63560d39b1a024dd10d20e

SHA512
b526aee8de17f9f2fa3999f025f6e000e67c0d8b311e50dcccb5b27c9a66def507af33c1ffec2944a2eacbbe223ff43efcb2f157c07dc265073dafb70b73e8ca

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
15e9d5e46934f4299999f526d2b024ca

SHA1
ab478be7a9c1178a9294ede09a0f9a4a8059d134

SHA256
e2a96820884dccaa636c1444150c2f13e22c2a71800e4e2af70cc7f43804f4d2

SHA512
3dd0cd5ef545447c39abcc1d9e71bd372b1ca1dbb9c8cf5dffe378026049d0e90ef5ff69f3fe0143f949f2883f655d05567c202e4d45207cd7da0c39e4ba64ef

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c07d765518f1aea1ea8842f7fc6d2433

SHA1
bd3ad3b3cd5607f581ebce03162e2493a54cf039

SHA256
6f23ca2918874b9b2502109e7417f5303f907b3243a04e87c0a51deb9a44a641

SHA512
b08dea3fcbf58b5deb5d80040f23a889b2c9d4c84f56c7f9790ec9a93609f388d4390c839c1bbc1e8ab65ea181100fdf175666e9f7c9d802f156b12a24f15029

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
921aff103d60507000a335a8021fd190

SHA1
9bf94a1c36005919adb5ba7f810e833984467063

SHA256
40d64907ca8bc4db9d7d2f3552eeffc37223b9dd7744996f8ffbc491fd159af4

SHA512
7ee235247d80cafea23f4e67b566aa9f9ad08fe979c30b0a4d9eb661d431558b30190218b60e06c582a117304cb6bcecbdfbbff27fcb183870d9f41c02401772

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ecd3e1633f1c71855d59626322894e10

SHA1
cc44ea805be9d91392c9f8108e416fc3c103188b

SHA256
e2db6f24791470b9464274bc3563a1b3f129c6b783751af5641d731df1a0731c

SHA512
dde8d0d2bf913f3867dc43486a8c85ac32e21b500a4ca18e42fc54a3411e36a5973d68e78a194e26f37378774fbf43cef98e81d3ad85564dd07b4a6ca8c4a68f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d931da6dc4ac48955b6264a1f82b203b

SHA1
2ab89639e28641812099d175e669b662eeb08085

SHA256
d082dc81337c1298a5d734ff1fa166f1410bebb912e24105f14f721f9dbcbdd7

SHA512
020a2e63bfc62080fdb8477e20afd874f92d5bce573b31ac80eeea2dae2c9e5545dac3016308c15b1c5de4851b798d7467fcab11ee4e3df3f53a2bd6752fcb9c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe597b7f.TMP
Filesize
48B

MD5
91da72f07ee575505e8fb22a1f4fa8e3

SHA1
be4f61f2a69edc3da2cb8e35d1f4ecf517efea4c

SHA256
221dd0aa84f8480704befd5d8e21d9792bfa02819921f3470ca3651678c83c9e

SHA512
7375b06c2897352d92e57d3b4c57dac33912eb7148e81bb718551539e278679211681b5a302d3e8ed1969d0c9189a57a7c1db04e67289af1e2f61fff875cf90e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1
Filesize
264KB

MD5
c20928aee45892e424e2fb02a5047fd1

SHA1
f3392b6ee7dff6d87acba9d8f2bcf25cd1a77695

SHA256
908500541dbe5a3f4a87c3d40d2579449f98bcbbf7eed86ef67b603fc7e278ab

SHA512
2efd4d3be8b3bf266ec7ab230238cab4fd9836a03df0a55b5c4608860c5b6cf75425562a33233abee48bc232de67c0b0ee9d4ee73d7893ea7020e9e1418bc432

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Local Storage\leveldb\000003.log
Filesize
39KB

MD5
4f8397b27b2535547cc3b1fca1d44f7d

SHA1
652d9326037c4b9bbbc6e3a65e1f96c967e72231

SHA256
70748380ae7f138d6a7a7136235d66f273afbd9329af5580c065ff6364f3e811

SHA512
e5fd111b40de8f25436c7b724e413fba8ec0a8ce1335ffbf211edd8c5fe3d1898ea7534bc2f2b405983e0c4eb270f35f1a76ea4e6f4e1cd53b5bc16bdc769238

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
533dfe7f5a8241d26ca5cb7e08654d0a

SHA1
6d7d699dd3fa2d37a1243d269a833d532742730a

SHA256
86691e70bb5156b8a58469cc59548935f848dc172a7a10f35c1f09600d0f43ff

SHA512
349e8cb275b6272b68971e0965d2c4b35768ce1c9023da63920d371d9d2bc410aac886bfba19e1e27636278b905f43feaf990cc15590dee7432a4920896789b5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
7b0d3cc07eba9d56f441ca881735668c

SHA1
e8686dbccd12f46993598f6cd05658e1b33c0a0a

SHA256
4238d05ed2ef17418550e95f0f85d6813db131bf7c1984f9ea08e035f215d7b8

SHA512
3f00d40857baf7b69f952a0887137634816f30229947e8e0985a521d7e73757bfefb39e5fd4a20f0cd3d5c3cf0e24f8fb82364d0b47c6b42a140bc6d3596eb19

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
32ebc14a1ae318c23f3991052f28bbc4

SHA1
aef38a7ddcc74e5a172e630244af4def475c0838

SHA256
5c96aa8199a0cb5a0ac48f6f29686604d85972ed2e9030541bb4d1b4a62ed28b

SHA512
f9b78c51fa7ac5dafd64ba15df2a75cafb6ec90a3faa4f5ca14714d26f6130a62361cd0c846b0886da97cf0701d667a0b5da88b7481defdc725bd6ce3de82ce9

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
187B

MD5
53d78c860595d4a80df62723916e35fe

SHA1
96c1681e7f01646561cc34105635185105f16cdc

SHA256
fadd70320bf4be1e31268c19fa82fe6e60b1fde0440fb37bda5d1cf50be56bd6

SHA512
2b1c6e0460f0ac0de4ec51744f0a3ad64403286b9c0302cdf98cb85718205b389e0a7213418eaa84cc852a5018e71295952eeade136ffcce5e22cae9d123d5a8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
57f3ed8575d7d067da383047d6b71245

SHA1
f46af98bd267d9102040d91df4231d71d4c1a8a2

SHA256
e84990ac7eac9524910d43a583ff59d674fb0cb4c11ccc038b13256e12f6b3d5

SHA512
796c8ad3b6117a50abc21d78f015c9f6c39dab49ff545a96472543cb541bcf4553b5adcadbf68fe21b968d5a7d537ec70f5fc47af5ab2df8f14c3a47bf23955d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
7a6365ca58dc6faa386412f6b9ea5be9

SHA1
876ed1d89a7217e1a614145949525ece459b0c41

SHA256
d27341beb5223f5fbd74864980a62554435f52cf0b5aed7fb1affecbd201ae3b

SHA512
8844d5498055d4971e1d36dc5ff3928be4625d6cdfe91955023a27ce90e6389d20682c0d1076722a8ede59b1b97424594cef4123e568cf5f34bb94f5ae2e7cf3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
518B

MD5
7c1026a7153d41eae8103ece574e6880

SHA1
71d5c56a8ab60de7bbe2693bba4d55077503f419

SHA256
fb216c56d6b5c821f7bcb48fe823c28b0f3501f13b8f7f0f099e7ff88af116e1

SHA512
0d203c646fcd95c8dfbd8475474d8ecb5551c500828203eb9354e1d0b59c99dba2250834767b15080413cfe9d2d4e5e0e2a5f5bf6d0c323409f58361bb2460e3

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
92900f8ff979bd24317c2dd31bee972a

SHA1
fccb018c7f38cec93d501a47c57520291c62b073

SHA256
1e3c6c43317d8a82e4b90d8a56842760b2fd29048c59e131cfeef7f30e62381b

SHA512
580cd578cb26fb709f482c826bd372deeef04e892ca8428a96dd6ef9694c245d53305c46d81adf2e0880f293c7eb2fe9f2508d96e10e09f82c7df64c8c6b0e4c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
1668d8f939c7915abc67e0373479ecf3

SHA1
d50ff5212304e87a59091ca6c21d84f70c810f95

SHA256
f50121cf6ec34b4389b17cd581232642c706b513c6eb3610a36ac1b5b0407a7c

SHA512
ae79e1ed5912727afff17191f717ec9c7a81bcf6f62b993bf89b01e25076f2eae83bc15e698cf7f6834ff4fcc7d5ed35fe1efad248ad8deaa84bec45cc93813a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State
Filesize
606B

MD5
da0ba81dece3068573e8d81cbae91994

SHA1
a1db4902afec4e856183f9996efd560b4c765b92

SHA256
9dd4ddd48895cfc7f1ad1f31229492c8c98cd2ee75f178c1bb75e311422ff331

SHA512
494e208a96a2932ee6cf849f4472e0fa559d2d4c34964353b4da68cb87358e6fc6493823f2d50b3fb70c865f8ec9758d1d0d24e501403e4366df0adc71922323

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network Persistent State~RFe5a5593.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\000003.log
Filesize
28KB

MD5
9d49cfe2846d9ccbe5cee2310d0d0b39

SHA1
ad5fc93f8972995eb67a2270c92b7965dfdd82f2

SHA256
4102daef1a8201d5f1f939be59aea84457ebba381f9e881511bbab4674b4b146

SHA512
1760802985eefcd1e28a44b41f19ddfb632ab0a7267636c5dbf3cea19b007735c6d42f2f08339c51a06ee73d95d7e0bf2d524a8df20e5004489583c892741f52

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
82d172e0d3d4c056c6c6ac06932720a8

SHA1
efd130f7e3b1f57ee2170a33801caad74d5374ef

SHA256
fb56ec1f602061959e5e1c6f50238d5e7eafe7439af5fb0195c3aed7b96f8295

SHA512
6805c43f5d447a2872f3d20dec63ee2be05496eb3393d53c7e09cdfbb46cd8d220ed864ca05cc119674be846716f1078ab4d084556b53ab5cdc42f7b513e60c8

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
61f7a416d9fba03f5211fd4620794d03

SHA1
39ff80389191a68979a28617f5bc5700455897f7

SHA256
bdc125bb5cca353d17e25b669024780ff1bb104b7855f215759a1edd5d0dab37

SHA512
b8f5b89bef98799b8967c34815568f764d51bd587439077017d96f8dc601225c1195572a8b94cd585db20d6b50b90867aef65126c42b44f733da347644d2bb8c

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
537B

MD5
e3069cb3c5a271506003d8da7fd0666f

SHA1
dadccf5f495acd5ac804e639b846d92ed9a20caa

SHA256
faa3c5c4d0587982a142e72b0589185a46ed2d8c7ba8c947166b3c82f8616ddb

SHA512
6ede488456aaeb7ec73a4fd41c426bd088fbf0ba9d347545a5765294810733fb06891992c9e36eb7d867fc99a2ab062ea6f6f1dfdc0bc6bc84121876fd5cd9c0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
19e77c4f75ea210b994452688a7c9b22

SHA1
3a01a4b7bfdaeeb74e878ac9f551d04fac5df51b

SHA256
01cc78e00adfde1a519a53fa54b52e34a06e1619de6b797443b8cc9fdd08f06f

SHA512
a47affc9e0f29ad751455e86a9fb093447696cdfc2c1d6d6d7b55f4b8aa76819c251918948695fa4af6c7be01359a8ab79fd3f66b953ff2cddb713ecdd263e87

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
e90f97074e8d6883a2017baa5707097e

SHA1
b0ef465dff574b8f199667e898f84cf885f086d7

SHA256
9a3b7844caf54f7304fd03599379fbbaaf909fbd4b0a6939225998e43a4de0fb

SHA512
97c4c44c92733b911030f7eed726fe19456edebefad38946ddb85704801a760681d6b48f50dc8ce92efb44cb21dbfe127d7bd513a1bf224ba73f82f204c5cbaa

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
a4f48e37d38260e40315f158618d6ee6

SHA1
0772548e4636d0877f3678c43c166dcaac0c66e5

SHA256
9dbf3cba810f8d92f93db4f29eed5d5c3320af1f0c06c0ce29011fdd19092bb9

SHA512
2aea7d0b6681d59e1a736dd4d44dd84cc0d1b0bfae1a9f75b0a3cf67381b1766770c7c4fab5da8efbecee0b9c94324956471dfa177f9b5593f846c60b5f381f2

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
537B

MD5
559a3cad4be250b2d37d1adedf1dfbc5

SHA1
4e4c861cb00e736de1f2970739939700c98d63ec

SHA256
9814e9c7935516fbdee04042702758082595fcbcdf062717eeabb35fd41f5f0a

SHA512
cd70b67c0280cc81c0ecdc046bf4e3d84e4316450b52a6250e038c8cba583912039bf451df03c6366a3e2b60776ba5abc1afc0573f4b122dd09d1a0a02ba914e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
ce5b7f9cf33437c01a19fab07ba02fca

SHA1
be7483dae65b2de78dcd5aa052e3f48dc085343d

SHA256
b4a2f6d1c5fcd566dfcf5be85c37cef2812664f1027956fd40b7f90ca1dc071b

SHA512
bc5a9c8e197f8d83f0f750e5461d50ae69db593661f6f8e4d6ec4627517662a507e9c3a4692fdd053ec03630b4308ece53e08faf5aa33494e16996283517121a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
1eb144499b096704f877d6e73dec0ce5

SHA1
1c37667631beae1992a7dda0f1ba813bcc1d331a

SHA256
714b83dcbe59618967f9209d1ff47056ac8adc131827f41c69f6ea88a3ef3838

SHA512
498fff4e3df069dea453a929f10f821f1d4c7bc86bff6834d0d171840b5e778beb4559d49c00a138abc4f7235c26135593b337425ba5bbaa45b2c59082d55004

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\TransportSecurity
Filesize
539B

MD5
997de3f7fbcb4b0158fee0f81ae9a127

SHA1
97569daa1a65f0eb6c3c98c20c257dda5c06e2a8

SHA256
0fb4604dba4dde46c466a75a92be965acbbe3c36ab08925542502e53cb3f9b73

SHA512
d2dc4f8393527b485b7e3d2fc744ef23c3bae3da1a8f79962920ad2b314060cd82365356edcbdb445f1712492ba7985f645b054f5c099d4ea0be00c3a427d31b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe
Filesize
2.6MB

MD5
f887d8d20ed10524ff74b3e037f775d5

SHA1
49577ab39ace16b7c8ca2f94973891c637a88c4b

SHA256
1c7704dcdef2268c0ede14232197ef99f9de4b21d64d2f85c8871824af90add5

SHA512
c001b38e0f4a95e4a09395f40dd65bb9bccab16b2d9c7edc37873ef02768c16d0855775750e3b6b5a2b4c6e99bc2fed3e391de6249bf4eb7138715f0e591171d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_is3633.tmp
Filesize
1KB

MD5
ebb9b414f76173d72b2b9ea52ca2a438

SHA1
eff2771b54ea2f83fecf4ca62db7a5dd8ebfa5c3

SHA256
884b7444c1e3b2d8816b61c03e4bfb83fc003a2a819670682ab3ebe344e28854

SHA512
288792336638e48da95a999899a3e7f521ae603811a4565e343344e96537a14f97c15b7084ad4e09de641dd92c96e186fd66667a4b06cd5411d0f1a46de7dde2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\StdUtils.dll
Filesize
99KB

MD5
98a4efba4e4b566dc3d93d2d9bfcab58

SHA1
8c54ae9fcec30b2beea8b6af4ead0a76d634a536

SHA256
e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48

SHA512
2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\StdUtils.dll
Filesize
99KB

MD5
98a4efba4e4b566dc3d93d2d9bfcab58

SHA1
8c54ae9fcec30b2beea8b6af4ead0a76d634a536

SHA256
e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48

SHA512
2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\System.dll
Filesize
11KB

MD5
a4dd044bcd94e9b3370ccf095b31f896

SHA1
17c78201323ab2095bc53184aa8267c9187d5173

SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\System.dll
Filesize
11KB

MD5
a4dd044bcd94e9b3370ccf095b31f896

SHA1
17c78201323ab2095bc53184aa8267c9187d5173

SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\modern-wizard.bmp
Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsDialogs.dll
Filesize
9KB

MD5
0d45588070cf728359055f776af16ec4

SHA1
c4375ceb2883dee74632e81addbfa4e8b0c6d84a

SHA256
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a

SHA512
751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsDialogs.dll
Filesize
9KB

MD5
0d45588070cf728359055f776af16ec4

SHA1
c4375ceb2883dee74632e81addbfa4e8b0c6d84a

SHA256
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a

SHA512
751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsDialogs.dll
Filesize
9KB

MD5
0d45588070cf728359055f776af16ec4

SHA1
c4375ceb2883dee74632e81addbfa4e8b0c6d84a

SHA256
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a

SHA512
751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsExec.dll
Filesize
6KB

MD5
c5b9fe538654a5a259cf64c2455c5426

SHA1
db45505fa041af025de53a0580758f3694b9444a

SHA256
7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7

SHA512
f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsExec.dll
Filesize
6KB

MD5
c5b9fe538654a5a259cf64c2455c5426

SHA1
db45505fa041af025de53a0580758f3694b9444a

SHA256
7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7

SHA512
f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsExec.dll
Filesize
6KB

MD5
c5b9fe538654a5a259cf64c2455c5426

SHA1
db45505fa041af025de53a0580758f3694b9444a

SHA256
7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7

SHA512
f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmEFF0.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2FFC14CF-7112-43A1-9815-7036F33D2234}\0x0409.ini
Filesize
21KB

MD5
554aae16acc564b63af8549188334ccd

SHA1
9a3b99d2ab664ea07b0ab74a930c5ba6b4b60859

SHA256
6e780b5929ec3327b6b19aa77134b6e4544b4f0549857507a44093f9cd3fe48e

SHA512
61a1809fb0fb965761d5d37314f2d1d8e55986da0772b24b2b78d847adc1ce9c59a360ca50fd7d13e41cf64dd686b6d7256759b7825c5600aed8fca4a6da8b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2FFC14CF-7112-43A1-9815-7036F33D2234}\_ISMSIDEL.INI
Filesize
20B

MD5
db9af7503f195df96593ac42d5519075

SHA1
1b487531bad10f77750b8a50aca48593379e5f56

SHA256
0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

SHA512
6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~34A8.tmp
Filesize
5KB

MD5
8a37619fce713c5ed63e9a443c5be19c

SHA1
7229b9507ca72afacd3dcc93070a2b9a808ac44c

SHA256
e74fb02a1e9779b890dbb18ed9b3a7e224c7b70212bac178f191f4c6a98ed747

SHA512
46acb3acb0e4bb81bc0180e0839cfdc49212bfee22375ccc2d348ae9f14816116c066f4758c6d91d2cc366e61b22a9e0afe4459d56b4e8b9ddb2f9783f8d87d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
20KB

MD5
14b2e8fcd950543defebc1c888f93dc8

SHA1
2bf51047e2807a593e88d51e29ec43522e745380

SHA256
6d01282be73b98950a9e3001a5041bb38a9198f1e91559a5f7957bb354652015

SHA512
7caa4b255cf6461be2df1e80b13005bf83ae6524ddd0a1d7b8649dbe249650a549c6867e22f0dbb376e56f389612e85d66d3f23e186dc95aa53a8454e2248f95

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
13KB

MD5
9334e12d25b7f7c1a4762cd3c86b90c2

SHA1
0ac2a8c564862432cca1e79d3e7446bc71bc9d0f

SHA256
c62651b71ef54bc8d0795574e7fbd13713214b062224fd6c5968b5a4a3cfdcc2

SHA512
443a762cb12e8fc055fbacb9bfdaf57441e0a08c5db4d0fabb16d1566435a0002bc1e1c5d816f326b81218691b5854096aa7e38eb7d2be4616bdd486a3826124

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
19KB

MD5
7ab22787d8182e03f7af9999a2b0d93a

SHA1
c0799aa20d4a4f17991648d98bf231d19edcfed3

SHA256
9040e1140fddd0c3836c1bb03dc813e33137c14b5db1d073ae5279ee3d28ccd4

SHA512
376f5dc792883d03ab629b8764ce502e525abe1f911a019e4487dec61ccf937d7a5c986dd53571725605a0ba8f9dc91064b57a361b10ce39f556ef54e9616047

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
18KB

MD5
edc50a89584dfab6a500b7b3d964f394

SHA1
1f5e0bc449016c4fe8348c8126383fe2a416731a

SHA256
25c37275044682cf63024bd9797393b04cec6b084dbe9dcea5bee652649928f8

SHA512
4771f050437d5be679450ef73923405252d95a14cfc031c83232d634c39ad09fe3e1e7cb31f2c1994af5e650f6887a7af7c66a4ec5fafa681299e81edbf9a68e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
19KB

MD5
7a8ae82296e389c24b1c7ff361366f95

SHA1
3816470d18348818ffaeb024cd952843a8f359fd

SHA256
a059c0314c6c37d5ffdf0874ae49ce752613707292049277667b0eb0b4396647

SHA512
7968223e2f8f82b2627d151824b09578da9ec27b2d7ed6b0d91485483e7bc822a2119b247d0aff4bfdca287572e46c1c951447a3187f3f37fc38af85522dc694

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
19KB

MD5
c178c402150522faa706efe45f89b1f9

SHA1
d3970c506d8e8aca9686eac7a4650f247cef3563

SHA256
f5468502447c2a3a202cf8f4612cb9e0e8ceaf36b80b2bb69236c8952212e8cc

SHA512
59ef5eb138cedc48522b4301b54d61bf3a52a8cb86bd9250449f07bcb0328e150429522c7c6d75dc74882523b2cf3a56ccaed0d5249abf266e1e6fc18047b1c0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
742ae3e70f4986e8b7750902a9df3f91

SHA1
3467015a0b4b6ff6471f08346f1e13daef1b9c12

SHA256
77fa7f853a5d6ea70127f4e66fab1b206ca30d42aba85b89a80c641873f27809

SHA512
44b7e59c6409da2afc869c758be15ff17dc48ab8afcd2dc2bf0162959e85a92c052ec1f95542bc79c7ecdec66c1e82ce35a1bb076ba06716352b67ad031dd22b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
8c230c640f3920e52cb6c0d553a9c6e6

SHA1
f1070580e629e3a476401bcf55ab4d2123a52433

SHA256
3514271a64a8df05b81092130a3e53175a8705373519529e10f87900b1de0ed4

SHA512
fe7d92a509aab145accf594e8a59f0e9b464fb325c605aa506b6247fdb4e9ca610efa86ba61628c7014f16aa7868fbfde903a01910d2580f276c5afe278ff267

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
7KB

MD5
c168b9f37841e3b15ed9399c2147f860

SHA1
47e911d9952bafcdb028bc0bd78aa3c0e4e03d68

SHA256
a0c7bf4351627c373972ee8b85095d1c7763b662570f27822e9c7098b96fe1cc

SHA512
4b2be8fe02878dfdf4acea057ebe172f7bd1beafb42d4560060e3a1a23bafa82e0a596812660021586a1f64961105b49108bea5cb096863b35388290fa7c22d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
a4fd50c3a8ce96661ab8f9f181a1741e

SHA1
4201fab97fd53bdbab55dab295e1889a9bc4e71e

SHA256
d905c3c657d079deb7a7419517fc868d5434c2e472a007319bf20279f4abe820

SHA512
c6bd277868e0b9a28bbf1107ddca3cdb6732dbb6f7c286d68910186eaa214ba3ff720c658b818c0402000adbf64ddc3c279e6ba0a335f40923180459167e042f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
e577182dee3c44c9e0a2286df0f86a56

SHA1
86ec57593d4d2ba524c7e48273e26eda8601b006

SHA256
b79bf2302d7a365acbb239312ee4773f361994aa5be48d0ae44129602e0e7e43

SHA512
d778ce3bd9868afff41ec1f2dbc82ba31a495407faec1b23b4ef70e0651e5398284c5937e1e983d2291464699ba8081df41bf55cf2d265934e378f91473823ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
f4e0a7eadb40c7ac8c0cabdebb2a49d4

SHA1
810618475b9ef956db6b6be44a6a91bd445e6e3f

SHA256
914dde223061f3f5b992bd37452fcbba41db15f2476b3a85511617faac28f299

SHA512
db7861c0a706c3eacc6a6d958ddd964af0d3425ef6baeeed7abfd7544c5a6e3c18a760bf8ef297a0903d657d35cd27efad92cbef47df87777645f1007f36c91f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
00861f0ce0e70a56f704fc44ed438bb1

SHA1
0ec34d7c060f810f57915e7c4de3a38361e41f2a

SHA256
771c0ede8857a6b157d8bbd6697d602a48da4eceaf6712f421bc267b402f8807

SHA512
47c14e8d0de363a149c1235dc82a4ececd94e8c18a707a373c7e1e5674d5bfd072ea181649571ce09c7a7733c72585f60b037b419f63386068dd42b11f3715e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
4a47dda7c3f4909b09a77c20da5c7d4c

SHA1
05c29ff7c0f510b9b2e3db92c9d920cdcd2bee90

SHA256
65698e96b1c35d8df1a6a6489c7772dff4cd30577735b77723591233c0b106d4

SHA512
2a98e301ed58b30f73eefbbe01a35e3e1cf8b5b839ae84fcda3e378277328deb8377a6a656914b5129593631e8d8a784dbcbca1fbc36a1ec761b928ad094cdf0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
b4d80bbb6daef34e39cbb45e867c169f

SHA1
971860f932a15cd86f2701c0d38a91cced0f7dd5

SHA256
e9e48c57276970b60baa57f8484f89b114cf95440edeb735c365afaf2902ba25

SHA512
8bb2e293e89ce3d11d781e1db07df8d152ed57fc00e72557a327c0d2667a87a854ea898c928d5b8618faac86568bb9a16ab1e18e557dc8fcfae0588973cc0b72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
62f08a2b2ed6551270d219d45b6179d9

SHA1
fca8b12d112f33751ac86eac8416da837898c8f5

SHA256
782e2c65f530e418a3ae3caf63af1867fd21d12314324e590ed3ebf055dba4fd

SHA512
8cd447613c08ff898ccf29cdf3dfb0d7071343904871ef5b383652e96a55c32e9c032efc9adb2c6f0894bb6a9ef1e28e8f8992b1db86d22c52d58922e6b35919

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
bd260e47cea3716bdbc22198bf876e13

SHA1
4d5469b6e659e15df6cbdd0dcd39e7f504bedd6d

SHA256
3bfc7d3dd3f6c4bdce9c45c3ba4d1efbbc3ba3bf25d5b6c48e4f276d61f8c09d

SHA512
3826f43da9898f3070de32c6d20b46ad8ab044c2ec84a37ad880256984e8bcbdd9767bf7876ad2b76b6fd469b04dfa6c5cb381fb6ca1cfd12995e0db01626113

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
9e1355380b83b5d097c49cc270df7e24

SHA1
ae29b5c01e2733165b6258a70b937d1bb766aa88

SHA256
c02135b30d30d749923d2cb2eee7d6002dc978e2a1bc612331f28641d256dc6e

SHA512
b483c500ad9c510b2d6d67ed10041403313abe038d6fa698b9de89abbd4285e1b27a1b75afc925ece935dce31cb245fb4ca05cd42249c19740694b9965e49eb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
046851a37d1c5f35e96040014903a138

SHA1
659fcef080ec17a0eb150cb7e7eae0b9c47b2278

SHA256
ff7b7a640ecde5449cfc10f720d039151447e368e4e7620d2e0fa3127ed2164f

SHA512
a18351e60ed6ea208bd5898e73075f91536f610969e9e6fa3177657a008f04b597aea042338f8f9e49c42ff445dbc80348a29871e614f66eea82eada9131b463

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
b294f2e1f51afcebbbd9a49989d6ae4e

SHA1
b101d130f3bf039f536c4e7d3c74c125a856f02b

SHA256
7079443492115a192cad0e51d4b807c4d7ce69b67397abd6e3ae005b82059a06

SHA512
8b5a416559c1f68bad70ba8d39f75a2a75bcce9dcaf70bdc7a0614948614eabb9094b6cf116fa84ec22929695fa2cf845078e0c3fd5e2d0b3806f50086232b7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
250aeadff0a13c092878ce2315c0016b

SHA1
2bf504fc0709a15b9f78c2b5911a1736509a5dff

SHA256
90d0e631cef81f86540b09a13f92df74a32d329e9e727f311f4d40069ea41a0b

SHA512
c4b3770a956417c5cae4261ec51385c6b1202b148b0754363d5107183f0e77520a0d9b51b753097db30057751cc815f55fcf7f89680122104a504660b6c3353c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
1ce499639c76f9e61b606a80144fe92c

SHA1
247bb9e339a81e0741e2e4f4cdb0e095de269eba

SHA256
ff9ca48440cbe8b21c639da7407ddb75906351d0b5c0b6af3fb2f872e42eac7f

SHA512
ace7610b330d37449220aad3b2bdf1b52d9a84744b544fbb2e468237c9d44a09b6d2cdc2d7f31b6b3b98c62e48bb0048a8b82b8a60faa65385b4f43cdc2b4f06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
e3e21825679df1c0f16523929d046197

SHA1
d2de44179e9f1fa4b512a0d9d8d719b9d868d777

SHA256
e5e92887b95f21c68a2432fe1a3adc26895f457648f25e957ff5bb84ce110a8e

SHA512
f65f2a38a489dc01cdc6948807edd912468fa8aaafe757e35af672fc5f666dc24101812d34728046e92b5b82ed374d3392c44e6aa2982e721c08f270b2870280

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
915ba3803e78c3c132363305eae2bd59

SHA1
4601b074467f714ed1577dc48b0d2b7581b7a05d

SHA256
82ad11c44d30fab92317504550167be764650e0d3c58757b53cf243d532f74d5

SHA512
3b67a9073cd621c180cdf1758d36d8f685a4ee275e709110b4b14ad417dedceea404f3f286b18932bba2f64daa0c18228dc0f00ac24712fb7cc4794b7c624505

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
b7cb9fd16efb0eb9aaa9252484a7b095

SHA1
192cfb6a4fed524f8866d323b9f6929f99111152

SHA256
246003400cb208d4f15314f9181496da7cfbce1ac8bff375c3f903f98b1d705a

SHA512
4669d25ca7f9f5265fac4b0039133d5fd13d4908a44ad2fa0d6fbe64cfb4812aa37cda391c7c7113c10f56109f0ce16eb94321e7bcd05e9ebe867dc145721079

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
17608d992b09122db95392b2098d6f3f

SHA1
5f636c6e7f440f7ff8cc457727a001b0fa6afda3

SHA256
49f97521aba5dc8c971e2d8a57aa0a6e95204887c83937fcfc2062ab0366b970

SHA512
447ee5e625dc821edb82ada3087464d0d0398940567769bc0bb65c0a4d9c92c749f1299cf77822ff9563710b3ae444bf7d89ecb264c94fdf6b8a93ea50e63017

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
6a694a7e0558d551fa17f1c75a0b7779

SHA1
e4b30e9ea88b6fd3ae152f18143ec884752cc144

SHA256
f876ab24af0fe3aae25ea96cf9878807b53ccc0e9eb8d0769692d97336dcb720

SHA512
9e5d3f1ca4cf046d506112e50429ab35a324d80d774d794ed4e0ac7457cd3188fae63728a3d6bec4f44406f72057c2ad0cdc0e147e7500e3b10d0d76990eebde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
c7e921b9b736ac84d2bd66465044617e

SHA1
818f53f9b6fff874924e892150b9f24d8c12c47c

SHA256
b36cbd5eefccc68ea91b4117dadea55e4a2a77c35680a0a543272ce3bf2187e4

SHA512
378a8cbd2418e512c39e39d32aa8f01c16ae571d9497ce0d215aad552666a214e966d17584de55457583204240a4a0a4aa12c516253313b18c245eef5f1e25ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
99fd69771e7c91ca4300a66f2adcda78

SHA1
cebcdee0e05691d12e9ea7f193b6a54f9ed9414f

SHA256
84263d6b4933ec483199e58bcf76958d2e038ed5c47ae3c259ad8bc6ce384daf

SHA512
adb81693064414529fa9319e61a71cc6d625a34cef3958cd61831493200446561de959132fdd17140004b26e37cd15dca657e18c3651bd69aafbc874407c4a5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
fdd57bc8a43b8ec956b15c9b32008b22

SHA1
1cf995bd3b2ae616b751b266bbf5ad0ae20f0354

SHA256
3556720064ea94f620675c921e743185cb9aff9f4c870e3df9ec430c2b15bcfe

SHA512
ce6ab2481b76d74d4de002190f82e3f7de4c22e398f2bf46b931227e82624f25ae5a8e05716c8ed7da2d82cdf5b907edc66734c4c7d2f48b2d5665cb1f9e875a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
33ba8b4360f054ebbd049e33d05d79d7

SHA1
d5af9182cf09af1c7be92b9779c184e59e96200f

SHA256
2c43bed97399731df0db69399fbd9ba9d51fb501f7cedded83f3dc041a37a255

SHA512
d7f6cfefdbf94818ea2bd8737d06ba252d15f3cddf903aff0885fe906e6146b0a9e95e5a3f80b887f9dac5005277ec5b1b06c280c90a74913db7c18e637c91f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
b1a294a5f35fcff33474883cf457d380

SHA1
2a49ea64cc09a6a0947cf267d4aa3f01b5c15810

SHA256
7750ad264a7bf283ce0e51b0abd65ca30c35c170f6cba296161b1f882d6dd4aa

SHA512
730f902d961c120b04ab1cd4c8c42bd2ac2641cfd7a6c0c012f35234fc4d7c3071bbe610a2af2792383d27b801a175707c9651160830ac7dfe07314ceee95cc1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
fed67cbfbb11e60afb47eaa88f13ff05

SHA1
0145b8b3ce38fc4152465cd6fb924bc5eec9d73a

SHA256
7f950d939cdb400474619991c51700b371988be41d4ade0166d41c347eea9e2a

SHA512
538c6135126f969e67a4d1d8545ca94d57a9b5e87b317af2cdc050f8b4d8b1be70dac2f148088e8499f6e3b3a167b14bc7ed24823d32a7172afb63497b398c62

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
d51c33943fc0ff9443c30fe69e3a8074

SHA1
dbec142aaa74efafa10d9bf0fc7ec2c3f8be6290

SHA256
71012f11fc051526cab0b94a4727d99ea3655b32fa6767d42ece7cdbe1c64c32

SHA512
e8661b03cce0c415e5648780747551aa5088415ba5ac9b10d9ac937ce05a4d6e4781127cdcf62f8d0ea844cc81f034fc90a15a7d5130ca60e9f750278267aef6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
6KB

MD5
ce233de370e90f44ab94bb177a665e60

SHA1
73a3a61463908c69488bc3362f049bd782380a34

SHA256
a2fa4bade4e14547341304d1fee2395853552c43e8001b86d1e5eda548be53de

SHA512
c3b1cf8206375f37b7d32cf4a81479ed1c14a5f8a7648931898c5e4c49144377873a23047dd79be65647a2a6b2d11ba70d13cd0b928aff02b34d7b3bddfd65b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
d638d5ce38c8ce4de2ad0f4a290ee65c

SHA1
dbc008bda80db488c6501aa3cae8705b4777ba72

SHA256
a9a3dde9061ed6031005efd3426c7d134e81813c5dff7023c9a4a0a6814a54f6

SHA512
da6919d1081d9356c3f14ed05f15b65c250536fa890e028128a21a265be25290f16da7f8730393a1265d64c92b79620972e9ac068276cdf094de8acce43ba186

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
1dbe9c7b7ceab659243eb380b8a36750

SHA1
c24a9e53147622773e722fda8e5f4a9a2b5b63eb

SHA256
48f39b4d105d639e5a7b2a8027ed8386ec2b96fb319af79f073791201adb0270

SHA512
960a91570b88d0b1ed66ce7420dcc9e91b21e91c7cde887faf112f4e99f430a0b968a2232ee99b8f70b531b2e69f6df4312c4ff76d3ac7c895477bba42fb31a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
0dcb616d4e7a7db55308a8012aee734b

SHA1
33fe6ab7cc1cf1d7be084b5337e4466e21e406c5

SHA256
ba7850bc11dcffa43da00975d462fa9163bae8dc4593cec3d7d99c57b2e1f5c1

SHA512
3770d2034af7e7d30032e6fcd5e4bb77d5098a1726011de77bd5ddf6a526ebac9dfed864ad75ed26a824ef19daff2566c7debd5a1eda7b42e043799a500a5c63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
77e74c36e6b5653fb5adb111e11f571d

SHA1
47a696af7aa23f37c5c93b269d5f6294d530eeb1

SHA256
ad9ac68554453f007d11124352c8473a17ab337d1c381781f045f85a895e81bc

SHA512
8aeebafd3c3cb842a9d1cb8465368aa6cebe7df45ebe8a17a215f8004f5176e141d9d43a7decc076576d9ba3c3e1c864ce3956e43074a2a88baeb3ab43644598

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
22123750be377949271523aa7b6c58e2

SHA1
f47fcd5cd481e69dea26c9adbfa4fd44eacd7dc8

SHA256
9eca7da7ea884fb8c1e5d1c33845900a9f64cfceea8dca195cc89475e49f1472

SHA512
920a6ddf0d9a37f4296c7a82290e2195b1f5ee5cf71ca5dc0f40233b0fcdc4b1191fa000e43d144e24dda1b1ac3ea58dc74a5d5e4534aaa9dce9a82151bcbb15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
9bc2246422c3a83064e015421a1ad194

SHA1
74a791c31631edda5407436ceaf094463c6152b3

SHA256
40403c6b15fedbe9b3599f0876c77a1299272be41f1b57c7c5ab85722b5bd045

SHA512
853ad0c7f15c35291b1435b94b8f97c40afeb0370aacf0dc17f1c57d9e246fe8753f319dfd96df509793f72a012edcf2e1750bc42a4719d0fefc8a930bf64b22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
3102ef57423c4e8e1558ca6994925817

SHA1
78dc7bdec32ddbe32a6033a6ffc93627359ded31

SHA256
865caaf9cef2c15ccb1b5cfa9eeab4c37d2cb47377b7abfc4138d9656bd2ce6f

SHA512
58f7aac8b8ba8c9fe1b1308bde43cc3bdb6daf47255bca01c33f994c9f0c315fec16c76cbd8fe09d0fde0437c1480caacebfda64680b3c4a87e93eecf704877a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
6f1152284335bdb8a12be41bc3ab2d79

SHA1
6edccf22f0507719987a57f217fce173f5c65ca5

SHA256
768fe470653692e83855bfc247b082c5e6a8a454663514051dc60c9a5d75619a

SHA512
66d4625791e91cc2f4d30672f5bb4ae8deb5dc6335173cac61b64b1b3f8ac1bea6c20a370be7cb976a0e45a58fc5eed703b0c038607b1c1c3b4e619f3c1a0984

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
d6c89db8bfc867f7e71bc20511f9274c

SHA1
964ac881af5a34baa106dcc57c39015f2e6d0344

SHA256
b27d8de7e23c7a0e0d1d3b1de6206b60762e54486d0e7b7272abe2719977831d

SHA512
f6dc52e3c1ea5e445b4e89d00d05cf689a62884e05f25179b680fdc250a1e93704e4e384417c75946c99e7e1f40dd5b7bde6cae7db2554089dedb232e62ade02

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
ebf32fde78be4e19fa7662d2b9fd22ee

SHA1
43f8321aa8ab9e923f0ce01a6e3cd132c92732d7

SHA256
612deeed7f52f4ad836c2fcacfe1969043894fc14acb09f7b1846b8c8b64664c

SHA512
bd5900cd742e1078727092a3654865ffbd16334beb634e0c1363772fb8e4af2634c1a44ab6a7b7284f6547cbd86b699166fcafbe94b0a15ca3cba03fcb890d94

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
be351f4b0dfb588063528a7b349f230b

SHA1
794f618a8e67bcc6fef9a4c58fa1f5fae92c352d

SHA256
63a2ddfa8415e9b81618e43ad35d90661f07a0ad7e10c60ee5953d3a3a135a4e

SHA512
d97eaebf2adf3a3a6f220429bf3b4adf667491fb44d34ddabb4e71b6652f1142c527edd1fa79dca87c936d3ef04db8270e1c4bb6630bf8409558259d60c6c2ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
efb5da4ef007b882c4bd56b69d595327

SHA1
3177a347e8e26a77aeef0fbef31e0f8044c864fd

SHA256
169d9311f4e72c4bc3a181c5e388dab88dc0907e08d91ce8bc12696225e37f8b

SHA512
c3de2f6a5fb86245e202582a33634977a9c7c048c2624892683b0ccc654a4a8b57a69ca89dc19a599b9d653beb7d3b6b5e796f95e46da0e2ed0ed5401bc7607d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
7b7ad71b0ca0b156d6b88e45a51794d3

SHA1
c0d565eabd1d364315d168afb363cfb34efb935b

SHA256
f27a67dcf3353ec802eeaf66c2adf41453ba8d9dd003221809c16e3bbe8c9d2a

SHA512
e40062ebef777b5fa35be09b5cb86afb421d48af60dbaf87fd14a61b063307c9bfa5478b01a17c5d54321dd34d1f4c93fae5ba39ab33242d16bac370f8fde3ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
1896a98c99e02eecd85823d2ba9f6253

SHA1
bdd3be909d364acdc5e949212118315331ade4fe

SHA256
4d368c66a944b8ac5e497a9379abf3ded54e0e285c44bf22284ed5c76dfac53f

SHA512
966b31dac93db2db18e7cfcc6772758dffa768bbd1bf206a23d9d788b745e1d6ffab78d2a775ec5ef902fdde7fdd083b0bb4de319a66f79f78a19451151aff1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
dd5b2a94b5a6dd2194afafb341f82994

SHA1
26f00f13227d9a4c8d704710b3320a0d00fa340b

SHA256
d7cbb844a57be82b9d4823c7c0354fdc218deb8990c7633978ae6acaca01cd1e

SHA512
67dc496c47a95e099871d52b97e21d0c650d5481ddaf9f2f53ee9b7cc8b75105c4bfc7062375a46bd5cadf13c4f8dc95b522623a202acefb328b336eb4bd4e7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
86318a1f24567bce479ef66b53d90f67

SHA1
c0fc881becd85a7b3d4ac62419da1ff42f1ac3b1

SHA256
5a7d743e53a36faf92824f9008a74ed6a89f7c179573636f25826e5243c80d3f

SHA512
473812543124dd103018989c164f047a7f50d82a36866c5c2aa88945a47e6555585c091b18cbee0a69d9ca7bfcba0c58a35b144b39171cc6d3ca07411a78be06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
8c72214a374e233003f28f9ec4279d8d

SHA1
f4fb0cd9c4060eb34e09ec16c8184277a32c1b7f

SHA256
d2099043e08203500ced3c7335e19a21aed6cd366c29a27f335c92e0821cb360

SHA512
8626b40d9a2b7b240cf32a01f010c611ec44e72ae4cbbee7db80faa693c8d6b64197d44492aa36e7c8cf7ba34b00f6e8248519e8e059c394a1193407af7e6568

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
Filesize
11KB

MD5
3daabae2b0652ac7df61fee7dcc4863d

SHA1
fa29eba03804d74ce9699c31257ec31339409660

SHA256
cd3fd2d6dff0888b0425b4c715024ed5c26a19ca90b72846a8c997cb03bd261f

SHA512
e0415b92fd69529bf94ee0c781f6faaccc0391e40b9877dfa300d8c2c4e8831ce0c81f3f032679fee9ac06a9cdc10a011faf2211a3eb5e5ec5ad834cf48bf2c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
7KB

MD5
d32cd402163356b73c961b31161d56da

SHA1
5dca194eddbf32d76a12313e9575d9a439ee5f2e

SHA256
a1f64dc399fb403631eeca5da83e1329d6fa61c38e184ae916f519da30d6ecb8

SHA512
fbf1bfd70da1d11bfe07f455f4945abae30ec8d2e8b9c1b5e3dc41407f907d71d32f9702d718a290f575f3adfeda718260d711f82a437d246f943fdaa52402a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
7KB

MD5
6c3b5eae18d71737883b370484b338ed

SHA1
9ca97b703279ab21971fe11fe87005cafc48e609

SHA256
5fd6880eba59dc45214c2341bae05b0c0ecd1dfc6a348aeb5a95288dce95a598

SHA512
f6daaf53234249517669576406ab07139bde5cca62768adf2ea8d117b2280fbd904418a18562c45f0278875a3702bec7bbd93c5db879834f63f4b5222046f821

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
10KB

MD5
d31a0191bd5ca06491f9e5d17a7f1a3c

SHA1
d0fcca226b7c6c695618a5b50a177630d72ef624

SHA256
aad5e34f4183f790d0ff64e1ba146ca6b65b204c64ff572549d5c10977e1a1ff

SHA512
2d8ebfec06f13f594b426e46bf1025868f2c60146b9a7dfdd06660faf9f7f0239e3162d0f644b7472c82f3b96b7a99716a3a7be108756ac14d5695364bb3ca26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
12e4b800514efa87b55d9da87f73b85f

SHA1
a7f32fe64524378608b526393fa3b229d3bf7ad1

SHA256
bbe846061cc6cc87a85424e63e7db004a8fd7179a2d570640ebab1c1664f3a61

SHA512
ce034905c58787bf610eceeb86df5e98ea5ee91aed48de471b855efedc7dd32b8718feaab35b6802d1cc16c2eb8ed7010900110eaa2ff460ff7beada370a00f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
65KB

MD5
1dac7952266b0a51ddca0f45b6b94563

SHA1
af53e9758ce787165338f5f7968e6c3e467bd7e1

SHA256
b7c50d5d6c7202b2347c477d687a7ac9862cda4bffa7dadf0b7f2a713c02ae0e

SHA512
e8c8a6d916801cc3b92726a61f07c8fc16ce2c5ea64fa75f3fa36d5a1bd078c091f8e5ea2f371bfa5870cf74c9a2cd7331be31d5a189ed22774568b50a9eb24d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
ccc16dc6f9243c65de4b822456ba73b4

SHA1
fa1d612e4488077a9864b1fe681799db08293397

SHA256
2b516e42a3509412401269f0828d61027d2d28d27818f0f5af8d1852eb1b18ba

SHA512
f45beddd23e9f04cfebaf7ad641b03b23b39e09827f0995dd4d4b004b4a67e99d97c1dfb59f353e15a83b36e1deb673d106fbcb7d5610b7986a1c9e173b38d0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
5cbcc64a07fc8bd7d39a7610097b51ca

SHA1
844504e99d19f2689a2c9e2af3771d87cd2c57ac

SHA256
dc0fcfcffc4bb91a18024c1a3b8126114f0128a30e36d61993b7b6d1dc843ee8

SHA512
d9264cf9e4d176c824e1ebcebbcbbe4c1ce9ed128597fafd273d9eff737837d43e26f2e7c190018a3a01596117acff3c01dd8911ea29ae1bdb52b71157a58582

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
66KB

MD5
84d6e25f47afe7c01105f9530cf0c0a7

SHA1
55c106f7d00d23d74320e1ac4987a71d50f09423

SHA256
7985c8ff450530fde361639678ab8f434122b6bb39951a09f5d825a738fe7ac2

SHA512
f26cdae3531107fb615ce56b5638332bba2b2a720c6ff86088c33ae3f9cda1fc5ad39a6832da12a09b77787c489fb6e6f3d7d8b40a05399d336f5b93b327fcb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
0c8db5888c6f74405578d1aed22327b5

SHA1
5fa0d1eed148df9024c685e1484a6f35fd715440

SHA256
b269a3e830a9d379fbbcad66b0c4e836627e93a99ca7cc70f159b1561d29ec8f

SHA512
74c469cf100a32904983c5b944dd5cb94528d23cd0c3c92f4bf381e71d4dd0fc1dc3f864255b7506a6b72e0b809425dfe850a22bd88e5e03d54eae9f0fad78b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
43KB

MD5
c46bb01db03ae7b3fa5d4fc4827b35c6

SHA1
42b8059bd720f84ce3f9341ac83a893f14c0014a

SHA256
fa2b28b8948d4d1e9778daa7d30af574d841436b5cb13cc41fe2a0ffba346bce

SHA512
ed311c3b13dd05cafc26137c734e554030e3eb4ff9211b5a2bf6a758a6fdbd5fcc6c2baeeb414cfc862f637362b99a8760a34d98536b4a9c037988b0058175a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
eb2ada0026e4b28ecdcad00c0a17a945

SHA1
1158ec4a78665259e4d600f621da961271e02f74

SHA256
37e4e6ab93b66debaa1c352021ef08f47f315654d4f3000bc15b627b2adbe691

SHA512
04d4dc69b6f89ccc9e8596131579e71e15d4f4134635b2b6cd9b52ca4794cfd3b8756214302e9bd2843956dd16c98bdec6c44dd2a8ae37485717a30b6974cdc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
43KB

MD5
29ca21314c67872eadf1b398f3debef1

SHA1
365d59529e55d190627d401608e00f3ca17726e7

SHA256
b2fabc3609e78ed2fc6af5a1c234bac9aa0e3c8b180711132b16c120249f763c

SHA512
b855d6f4892e17f67c5bc73350f522e368d21d842a0c65140ce1d7eaab7b91158be43c035049906290fea071a00152eed6bb3d69566c77cbf4ea054fa9495f4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
43KB

MD5
13f6e604489751675dbb9ebf7cf484aa

SHA1
1819bc2eb005a72f7a1da2df27e2500089ffc955

SHA256
46da640dffa3b3eb287756341ef56538de3edadebac6951ba28541e55df1f730

SHA512
0781592dedaa3cd50a1f28cbf4f15908c4f6e8b4d5438b50e0048bd728c85ea7243ef1bdb003311e8501ed6de1f4d8ae77e1e1f52e54f38244c59e8efab8d3d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
48KB

MD5
339038f1b2a615d46d212e89fa1e0d7b

SHA1
69d1c010e4e7e2464817bbaf31e9868f8ca4c5cf

SHA256
28ce06ef889749f19ee484ea53609b64f495420a79519f7dd48fb3c27316c629

SHA512
be47c2481028f87d179ad2744cfdec76b39c64ca17d5d8422b34b29477d7cb949065e77ec73e9f6b0b87af2b5d868b3d99c4fd4e957d2380eb4335c577a2b14e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
44KB

MD5
b49eac8e9aadde80da4a1b2dc71f65e2

SHA1
6989fe90c1b71cd23663fcc68a2d2472f87509ee

SHA256
43d358536e599f5fc0ce78a41b75985185f10c5acdd7dd45684d7db8ede522a7

SHA512
2b33c299211ba8b0b5eaf95890aa5ef05824df769e57c4873b92eab61296e4d51afd7f860a2e5d63060f825d774e0c577faa9f1228f3bfd6dabf70b91f6d8756

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
50KB

MD5
fc38faa945f25d7a0cbfb3ff44108d8a

SHA1
0e794c5fe222970fc78452c925a02c68bf746cfa

SHA256
c8da725e77374d3281288c73b577de63295e385126fcf24e08e094fff109711f

SHA512
24997564194110b03d7505c2d7458127aa85f52fc55abbc472f57e214d22cfe742881187b90a44e95e7e76fce0be03419dc97d26561eb302ff30339d15c0bcf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
49KB

MD5
8cb1017cce1c457b49562721a2363dfa

SHA1
6c5c19a3a1dc87b1aac45e07167cd152b27de556

SHA256
b9e820f6fc83ed3446ca68f01d2b1e21a60f428e0274bd325f4fa4752f22232a

SHA512
eae6cd8ff45a6610158093eaa1d69c28603a2592b6ccd8a8992247d7777fde4644ed11520c4a8238068970ce7a60a107f04af4bdccc3be251c273379416e2f30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
56KB

MD5
6490ccf510f96c846a41cdddb427ae43

SHA1
8091762636eeadd91bb8b7ea0a6640f58511cce1

SHA256
61a692437b419918a47d698512630ec049171b5735ab2c1a32608041bd3ecf62

SHA512
d289efaf04536810ab44349ab8ef7a677bf5e98da70f4033b41f387d96f0a9691916a9e24917581cc3245430415ad882e51f8f438461c26d2500ee51a09562ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
55KB

MD5
8df7913861d7ebed8d4884c6680af9e5

SHA1
a09f6a17592b9b1dd95acbdc1049b4d92cea4cfa

SHA256
04001feae8ce3b57736d138576247a73e18ff7b7a75bfb8013750e9ee1c71a47

SHA512
66c2da69f91da357a140565bf7ede64c051c2fa399c75c8e205ea443b7a4fd299b0835db16e88f57f5de3f392dd52eb0aac6e3f1c29a2790988de9f4aeadcbda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
63KB

MD5
422c510bf54d63f4b4025e7cd81386cb

SHA1
7bb06033b5902adc0672f82d0360947d3b70b63d

SHA256
7a22c055c13db26fb63153e24419259ceee02d4926079fa7d0e07df94607a124

SHA512
5c04c386fb620546b053f4df2a244c01aeb6e84a9c8ee5e9281e3894ce0ec37b3bec6462d60b20d0f397ecec009a5c7a9c71fa6ce289deb8233c1b915ebd916e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
63KB

MD5
ad1d27ac10d733933d0f51b07ae106ce

SHA1
58297aab61aa4ea1e4bbf251dd87d515ef4c305d

SHA256
10990609bc47ede9c419cf30fe406c6dc8a66a7cf6b4eda4b36e7de2a59d773a

SHA512
59fbd60783ec9f22341cbff23e3544b6fcafaadeea9dbab62feffb764a220cb48fab8069db46e626a15e5d72e9f77dd8f6a27f6b957c60a5e3f49c11494c3d02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
66KB

MD5
81955a1bdd5861b44a6662fb93aaaf6d

SHA1
0b7268b3a7b680d385111cac53108f0d25b31664

SHA256
3d6e011eadd4771a3dcf3190afb771eb39ba38988af7ac726a0c38d2875ef761

SHA512
c50bb9ab1df578c85bf351e4b7f66c533d9607a9efaed6ce13fb15104dbc58b79418b1770c69003ff85deccbd452c8dd208e4ac964cc0a8bbf064c452c37fd21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
65KB

MD5
1a32588e6d36258b080bb32d4d1c544f

SHA1
9e11f773ce43c1085d373a5e6f5c10896b0ed41f

SHA256
6db08101308443758620c6b0360b40b2888c6591e246e979f3117f419b723f23

SHA512
719881f279fed3cfad6bb38fad3cff5a57cd71626d0e7d1e48700f145846b11702a0f226cb6e79fe169a227f3fa7c215fb27536fb2816586f35e861ca2c002c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
64KB

MD5
2f7b01c8baf6e07c48f2eaa0c35a204b

SHA1
fc47e68e4279b7e71566444cd52217af637fa0bc

SHA256
4b18451f2a996cb5041b2912e6e851274b5d10d6141d34626cd170c7db4fe8b4

SHA512
1349bdf20deb9f83701a0aaf038866cf230ea870ccb9f703ccbfe07b42767c59f25b890757b8919f939fc410fe8ef23e313d96754e5821b67e31501bbe28a136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
65KB

MD5
544632b70bc4eeb69a56278cc5bf19df

SHA1
dde426a43b4e60571314dc75b33a6aaae23b9662

SHA256
e086dc2a39189947b4630a8569f7b62f8f7dc13b6da91de3cdfa06b75914b0f2

SHA512
ef78e317ab1ef33eb9ead602d5865cdc7225b1a1ca60b472f90c1e1a5386dba7380e8c424be188a2773c64c2f50ec42fddc28d083f84a0f59b052d862af6e7d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
66KB

MD5
729e88964be678c74ecb99b89a0088d9

SHA1
8e90274843178573616fb912dcff2c7e18f96046

SHA256
f301868a9ab0331d9c59262f477e4874c3cc7bc6306c36c29f4bd50446332ac8

SHA512
a4844bc42b4068130608c8502c202d3d57c131f991200145678464b06549668d7be2bc9ae262c297298d104ec9371ae3b9ce98d9ef7c478e95ee5edc9c8f6180

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\storage\default\https+++sourceforge.net\idb\2672389209aldlro.sqlite
Filesize
48KB

MD5
480be32bd2ef21dbd064cf90971fb617

SHA1
f7938195a0322612bf09d48f1403cfd4acfc7803

SHA256
0866ec165d7ba52025171c9fd90ba2f1f68577d487d575cd0efe5a79c3952eae

SHA512
612fd172104d3bc2b16da9f971e9a22b54104c4645e4356a42beaee8b4fe623d6ec5289fc2a35a6b29d68c0a3110b997df8b9e469129bd64a607f258137f5fe2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
1.4MB

MD5
874fb58bc36d9279bcb2467d4f192eea

SHA1
70c551f8eaa91149f5d1c3dc4f67b8d62fa642af

SHA256
36f9c3446603a5d3c9016105217f79699d24bc3a5541644ccf0c09ef8df8cd95

SHA512
09298cf0d18eab8bba6bf97788f41eb077efea4732fcaf6227d455e9c9334d06d24bb5bef7587f04860c4eb752ab987763d260b317760531fbf33b0485a1f6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
8.6MB

MD5
d050b2467c6b32a152e4fd970422171d

SHA1
5921f1c1e70c0f0e64a02d0add6f19f3f71c3bf6

SHA256
51fc88f27e18bcaa7172d7751c429284a2e31e052ca612fd0f7b49d345f62bf9

SHA512
adc99aff31c5a5e1ce997d7e1e409b6ebfbd6e19b55a733c6c60689c2433c627abf21035ea31bc5b2ab6d2aeb16eaa393e5b236e7d4a0efe9fbd8099383113b2

Download Submit
C:\Users\Admin\Downloads\ProcessMonitor.oiwCKx1s.zip.part
Filesize
96KB

MD5
6bda125e6bbd4984d818fd1b379e1d4f

SHA1
4680e87ab9b072b063be465edcc7acc53b784dce

SHA256
9b0bc627c70fcbb549f1f656ef8ec77bb4d2511e3ed58c4eeee2ddb5713293ca

SHA512
765804882cf1f65c456d7233a1271cdc9705c31f20f392733c3fa8cd2bb405e302e5c683ee56f225d4d65cb62bcdafb304d4bcb513a623cfe24400cbcbfad324

Download Submit
C:\Users\Admin\Downloads\SteamSetup.Hq5o5ePe.exe.part
Filesize
100KB

MD5
7aff3b2ffae2233695e6bef877de46c4

SHA1
1bcf3a37b6b1189487d28501f51f4f52bd413061

SHA256
5ddb9e8878e1be97b09162e67439fd9568d9c55785ff0e8f300e34a3478078e8

SHA512
c623597e07e4c2f9c8099b8cf19990070f3b3585e33cc77ed2df2b5e0579ecf0fd886ea50eaca2646a3810d2cfc10c7b466dd7d226acd87965eb31f5e8076ec7

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe
Filesize
2.2MB

MD5
70f3bc193dfa56b78f3e6e4f800f701f

SHA1
1e5598f2de49fed2e81f3dd8630c7346a2b89487

SHA256
3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

SHA512
3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe
Filesize
2.2MB

MD5
70f3bc193dfa56b78f3e6e4f800f701f

SHA1
1e5598f2de49fed2e81f3dd8630c7346a2b89487

SHA256
3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

SHA512
3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1

Download Submit
C:\Users\Admin\Downloads\api-monitor-v2r13-setup-x64.IZc2SYnY.exe.part
Filesize
12KB

MD5
6ad39fd60d7ef2f012d53bb29b1dfd1f

SHA1
87670943cf0e4ebba23980d5d135f68b942ebd3e

SHA256
7ed36f485874d1d291fa592970ab42acfd52426ed0ab7344d9d77a305d703895

SHA512
ad3530cfddb94ac2135a0433eb0ccef08338482d6e064fe8e5212c4a53bbfb6c47c4e2acaa946fbf9d11d4961e07e5a3296c83c71afbbf761792e80b406cfa8c

Download Submit
C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51.vFMelkGh.zip.part
Filesize
15KB

MD5
b50ed0492f7846fe18dd7659fe0a28c4

SHA1
f30cdf6f6644d6b8950e0852b7ab1bb1c17dfcab

SHA256
1543da4547b55acfe1ac07b84914742c23b053ccc34b4625ec2c4b6e082515ff

SHA512
d30e69901f27e42686369bef55c0a289c5f1914e81fb14c187580a190cb1b45b474fda705d62fd7519669abed04bcbc04d9c4ae75b20d4093d73154bb3d38417

Download Submit
C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51\release\x32\db\1d381bb52634f826.exe.dd32
Filesize
2KB

MD5
178986f5d8fd7dfa9acfe8a6f870c786

SHA1
d6cbf29e4afc2251a784aeb6c341986204ed4f5a

SHA256
1994e5f3bd603f641207a3c1ff75ca055494e55712807f7fbecc00d0eef83d29

SHA512
6b11390a9f8db47c34f148e734d3c1d1ba363eb3176db0c555c50f3cfcc9eec503fa91667389777f53132dab608f0747159759ed56f928596629409a0fe6a905

Download Submit
C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51\release\x32\db\1d381bb52634f826.exe.dd32
Filesize
529B

MD5
9570032b2245008d4db451c11ca73045

SHA1
e577e5835eb0bba3fce0eb504c4ad0518290d063

SHA256
6112afb19403fcd43c2f4fda6afadca20279c8f46ccf43e9e0209fbb03cb24b1

SHA512
38c9c5c3c03cae1320800be23b8320a4728ab7a4821dec2369b8a84587f9615291c0fccbed48d1b15be45804775e08c9ee91b2c2442c7a52f93956d6755bf3eb

Download Submit
C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51\release\x32\temp_E619692.lz4
Filesize
339B

MD5
da2c97b3940fd63fbcd56ab502d4bb9c

SHA1
a94c28c791c396e4cb73c22be081485cca52c454

SHA256
e64f6d791bbd510885462a4dc23b2b1cda501617813c4d8ae5f9f2a6de9f6859

SHA512
acf1ac77d5ce452c6a67fa0d97ee27e4196fc3e9b66714479a136c4c19767ba155f151b4d49f1585abecb87faba17d52e2980d581dce99f38e1417fd4ce2b009

Download Submit
C:\Users\Admin\Downloads\snapshot_2023-06-15_13-51\release\x32\temp_E7C998C.lz4
Filesize
500B

MD5
3f4f920386c6647795e873bfe3c39afc

SHA1
faa184a4783c3a6a2fb21ea13daf1c599e416c1f

SHA256
4c28c723a4d4a88b40b17216a1833738872c483de7a62a455cb70f46096d2e8f

SHA512
56e15048045918479a8c1ab8e80a8e73fd774ea5e3441aed92fcf850a1098bf60b78a2c6ae5cbf356c01df29def0f2040c5f7db6eae55f53573204f643a02282

Download Submit
C:\Users\Admin\Downloads\tool.KOIKj0xf.rar.part
Filesize
18KB

MD5
d38822c8f77cae03c2e3ceb98f58314c

SHA1
34486e279b1ed2f233f279cffff71744a27bf315

SHA256
22ee311bf2620057f55ce4fc4efed20887300cfa0420341b96d5801448a2a1ec

SHA512
f937ca2268c1412239092dac3886df1ed3cd3bfc7d6e39d507493f581c985bfdce56d7fcb29feb733b75760229999a3a7b6c3951ad9c4d55e4854c9b66b7d4ad

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.xSqwIkH4.exe.part
Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Windows\Installer\MSI9D75.tmp
Filesize
217KB

MD5
f0f5f49b27bd489fe0bcb3bd94d6eca9

SHA1
4e03c60afa2a39efabc6473040a4f5262e8c8a57

SHA256
16adf43e64af3ecc46a9460af85926446bc2aa73dc76ba9b1d7900ef67de9bc7

SHA512
f293edfbd5bc83540b66d9ce6665e7f04c4272dddbebdc1ca6a2eb0ab708e989ca36e1b882ed559ead44c7f9e00349daeb1194faf07a82249589e0706287c338

Download Submit
memory/744-19673-0x0000000000E00000-0x0000000001276000-memory.dmp

Filesize
4.5MB

Download
memory/744-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/744-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1816-19698-0x00007FFAE1C70000-0x00007FFAE1C71000-memory.dmp

Filesize
4KB

Download
memory/1816-19798-0x0000027590220000-0x00000275902CD000-memory.dmp

Filesize
692KB

Download
memory/1984-21610-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1984-22747-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1984-32527-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1984-32415-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1984-21854-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/1984-21611-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/1984-22713-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1984-21640-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2020-21612-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2020-22692-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2020-21641-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2636-31077-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/2636-32544-0x0000000074FE0000-0x0000000075030000-memory.dmp

Filesize
320KB

Download
memory/2636-31236-0x0000000074FE0000-0x0000000075030000-memory.dmp

Filesize
320KB

Download
memory/2636-31076-0x0000000074FE0000-0x0000000075030000-memory.dmp

Filesize
320KB

Download
memory/2764-25618-0x0000000008520000-0x0000000008521000-memory.dmp

Filesize
4KB

Download
memory/2764-25617-0x000000006FD00000-0x000000006FD50000-memory.dmp

Filesize
320KB

Download
memory/2764-25704-0x000000006FD00000-0x000000006FD50000-memory.dmp

Filesize
320KB

Download
memory/4016-25569-0x0000000075010000-0x0000000075060000-memory.dmp

Filesize
320KB

Download
memory/4016-25506-0x0000000075010000-0x0000000075060000-memory.dmp

Filesize
320KB

Download
memory/4016-25316-0x0000000075010000-0x0000000075060000-memory.dmp

Filesize
320KB

Download
memory/4016-25317-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/4108-32394-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4108-22748-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4108-22714-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4108-29071-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/4108-29072-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/4928-19803-0x0000023FFB740000-0x0000023FFB7E9000-memory.dmp

Filesize
676KB

Download
memory/4928-19801-0x0000023FFAD20000-0x0000023FFADED000-memory.dmp

Filesize
820KB

Download
memory/4928-19802-0x0000023FFAE20000-0x0000023FFAECD000-memory.dmp

Filesize
692KB

Download
memory/4928-19715-0x00007FFAE2EF0000-0x00007FFAE2EF1000-memory.dmp

Filesize
4KB

Download
memory/4928-19714-0x00007FFAE1ED0000-0x00007FFAE1ED1000-memory.dmp

Filesize
4KB

Download
memory/5580-20065-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-19819-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-19788-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-19932-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-20241-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-21394-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-20817-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-20616-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-20544-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5580-20299-0x000000006F170000-0x000000007040E000-memory.dmp

Filesize
18.6MB

Download
memory/5584-25266-0x0000000074F50000-0x0000000074FA0000-memory.dmp

Filesize
320KB

Download
memory/5584-24876-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/5584-24875-0x0000000074F50000-0x0000000074FA0000-memory.dmp

Filesize
320KB

Download
memory/5584-25049-0x0000000074F50000-0x0000000074FA0000-memory.dmp

Filesize
320KB

Download
memory/5820-29490-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/5820-29898-0x0000000074FE0000-0x0000000075030000-memory.dmp

Filesize
320KB

Download
memory/5820-29489-0x0000000074FE0000-0x0000000075030000-memory.dmp

Filesize
320KB

Download
memory/5820-29639-0x0000000074FE0000-0x0000000075030000-memory.dmp

Filesize
320KB

Download
memory/5904-23751-0x0000000075000000-0x0000000075050000-memory.dmp

Filesize
320KB

Download
memory/5904-24235-0x0000000075000000-0x0000000075050000-memory.dmp

Filesize
320KB

Download
memory/5904-23543-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

Filesize
4KB

Download
memory/5904-23542-0x0000000075000000-0x0000000075050000-memory.dmp

Filesize
320KB

Download
memory/6012-32523-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/6012-32411-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/6744-19795-0x000001EAEA9E0000-0x000001EAEAA89000-memory.dmp

Filesize
676KB

Download
memory/7148-24467-0x0000000074F50000-0x0000000074FA0000-memory.dmp

Filesize
320KB

Download
memory/7148-24262-0x0000000074F50000-0x0000000074FA0000-memory.dmp

Filesize
320KB

Download
memory/7148-24263-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download