Analysis
-
max time kernel
1049s -
max time network
1047s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 13:27
Static task
static1
Behavioral task
behavioral1
Sample
launcher.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
launcher.exe
Resource
win10v2004-20240508-en
General
-
Target
launcher.exe
-
Size
18.7MB
-
MD5
0acf19965db8bae72e6f1c5340dae835
-
SHA1
d45dde66573a95438f490b0ed54d4b74d92395f8
-
SHA256
6f4116063989406b5693d9ca3e51ca88fbac7d974cb1b411d0219c665256fc2f
-
SHA512
8948732ec89e8a36ab8066c10ae6239c548d085901c2352f766a10d52ed1e11bf9580d52af11ced0455630661b9ae91d4b9fbcc3295b4f29685e02b7b3ffe383
-
SSDEEP
393216:YbUB1Gp17zeKX+FNLZvH1yKtNXxP0qkywY2/iM834:W2KuFNtH13NhzkywY2/s34
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
steamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation steamwebhelper.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation steamwebhelper.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation steamwebhelper.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation steamwebhelper.exe -
Executes dropped EXE 19 IoCs
Processes:
SteamSetup.exesteamservice.exesteam.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamerrorreporter.exepid process 5596 SteamSetup.exe 3108 steamservice.exe 1924 steam.exe 11816 steam.exe 11872 steamwebhelper.exe 11908 steamwebhelper.exe 12072 steamwebhelper.exe 12132 steamwebhelper.exe 5548 gldriverquery64.exe 12328 steamwebhelper.exe 12408 steamwebhelper.exe 13016 gldriverquery.exe 13076 vulkandriverquery64.exe 13132 vulkandriverquery.exe 13268 steamwebhelper.exe 1144 steamwebhelper.exe 8180 steamwebhelper.exe 7300 steamwebhelper.exe 5800 steamerrorreporter.exe -
Loads dropped DLL 64 IoCs
Processes:
SteamSetup.exesteam.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exepid process 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11908 steamwebhelper.exe 11908 steamwebhelper.exe 11908 steamwebhelper.exe 11816 steam.exe 12072 steamwebhelper.exe 12072 steamwebhelper.exe 12072 steamwebhelper.exe 12072 steamwebhelper.exe 12072 steamwebhelper.exe 12072 steamwebhelper.exe 12072 steamwebhelper.exe 11816 steam.exe 12132 steamwebhelper.exe 12132 steamwebhelper.exe 12132 steamwebhelper.exe 11816 steam.exe 12328 steamwebhelper.exe 12328 steamwebhelper.exe 12328 steamwebhelper.exe 12408 steamwebhelper.exe 12408 steamwebhelper.exe 12408 steamwebhelper.exe 12408 steamwebhelper.exe 13268 steamwebhelper.exe 13268 steamwebhelper.exe 13268 steamwebhelper.exe 13268 steamwebhelper.exe 1144 steamwebhelper.exe 1144 steamwebhelper.exe 1144 steamwebhelper.exe 1144 steamwebhelper.exe 8180 steamwebhelper.exe 8180 steamwebhelper.exe 8180 steamwebhelper.exe 7300 steamwebhelper.exe 7300 steamwebhelper.exe 7300 steamwebhelper.exe 7300 steamwebhelper.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
SteamSetup.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" SteamSetup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
launcher.exepid process 1508 launcher.exe 1508 launcher.exe -
Drops file in Program Files directory 64 IoCs
Processes:
steam.exedescription ioc process File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\xbox_p3_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\resource\icon_gift.tga_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\dualshock_4_french.txt_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_x_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_right_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_button_logo_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_outlined_button_triangle_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_ltrackpad_up_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_lt_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\libavcodec-58.dll_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\locales\bn.pak_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0342.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_040_act_0315.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_045_move_0170.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sc_touchpad_down_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_l_up_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_buttons_e.svg_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_ukrainian.txt.gz_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_035_magic_0322.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_010_wpn_0521.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\shared_finnish-json.js_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\steamui_postlogon_brazilian.txt_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_rstick_up_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\xbox_p2_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\friends\broadcastpublicstatenotification.res_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_l2_half_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0060.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_030_inv_0060.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_koreana.txt_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_lstick_click_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\joyconpair_left_sr_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_l1.svg_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_circle_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_ltrackpad_click_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_outlined_button_x_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_100_target_0120.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_button_y_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_gyro_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_rt_soft_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sd_r2_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\chunk~1a96cdf59.js_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\images\steam_spinner.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\public\c10.tga_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_french.txt_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_r_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_up.svg_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\switchpro_rstick_right.svg_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\templates\controller_generic_gamepad_fps.vdf_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\friends\setnicknamedialog.layout_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steam\cached\icon_game_frame.tga_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_button_logo_lg.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_dpad_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_mouse_5_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_lstick_right_md.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\sounds\deck_ui_misc_08.wav_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\bin\cef\cef.win7x64\api-ms-win-core-libraryloader-l1-1-0.dll_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_dpad_left_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\steamui\localization\steamui_brazilian-json.js_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\graphics\flag_inactive_right_hover.tga_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\steam_controller_hungarian.txt_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\switch_controller_latam.txt_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_l2_sm.png_ steam.exe File created C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\shared_touch_doubletap_md.png_ steam.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3244 1508 WerFault.exe launcher.exe -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
steamwebhelper.exesteam.exesteam.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 steamwebhelper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz steamwebhelper.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 steam.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz steam.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 steam.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz steam.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 steam.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Kills process with taskkill 6 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 764 taskkill.exe 2304 taskkill.exe 4964 taskkill.exe 3712 taskkill.exe 2432 taskkill.exe 3908 taskkill.exe -
Modifies registry class 41 IoCs
Processes:
steamservice.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\ = "URL:steam protocol" steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\DefaultIcon steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\Shell\Open\Command steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol steamservice.exe Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon steamservice.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\DefaultIcon steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" steamservice.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\Shell steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\Shell\Open\Command steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\URL Protocol steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" steamservice.exe Key created \REGISTRY\MACHINE\Software\Classes\steam steamservice.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\Shell\Open steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink steamservice.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{13C7CA5A-CDC4-4D42-A365-5662E79593E8} msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\URL Protocol steamservice.exe Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command steamservice.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell steamservice.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam steamservice.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\ = "URL:steamlink protocol" steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\Shell\Open steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" steamservice.exe Key created \REGISTRY\MACHINE\Software\Classes\steamlink steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" steamservice.exe Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command steamservice.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steamlink\Shell steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol steamservice.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam steamservice.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" steamservice.exe Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\steam\DefaultIcon\ = "steam.exe" steamservice.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 679227.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
launcher.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeSteamSetup.exemsedge.exesteam.exepid process 1508 launcher.exe 1508 launcher.exe 3892 msedge.exe 3892 msedge.exe 4916 msedge.exe 4916 msedge.exe 1020 identity_helper.exe 1020 identity_helper.exe 5260 msedge.exe 5260 msedge.exe 5272 msedge.exe 5272 msedge.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5596 SteamSetup.exe 5876 msedge.exe 5876 msedge.exe 5876 msedge.exe 5876 msedge.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe 11816 steam.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
steam.exeosk.exepid process 11816 steam.exe 8012 osk.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exesteamservice.exesteamwebhelper.exedescription pid process Token: SeDebugPrivilege 2432 taskkill.exe Token: SeDebugPrivilege 3908 taskkill.exe Token: SeDebugPrivilege 764 taskkill.exe Token: SeDebugPrivilege 2304 taskkill.exe Token: SeDebugPrivilege 4964 taskkill.exe Token: SeDebugPrivilege 3712 taskkill.exe Token: SeSecurityPrivilege 3108 steamservice.exe Token: SeSecurityPrivilege 3108 steamservice.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe Token: SeShutdownPrivilege 11872 steamwebhelper.exe Token: SeCreatePagefilePrivilege 11872 steamwebhelper.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exesteamwebhelper.exepid process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exesteamwebhelper.exepid process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe 11872 steamwebhelper.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
steam.exeosk.exepid process 11816 steam.exe 8012 osk.exe 8012 osk.exe 8012 osk.exe 8012 osk.exe 8012 osk.exe 8012 osk.exe 8012 osk.exe 8012 osk.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
launcher.execmd.execmd.execmd.execmd.execmd.execmd.exemsedge.exedescription pid process target process PID 1508 wrote to memory of 1128 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 1128 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 1128 1508 launcher.exe cmd.exe PID 1128 wrote to memory of 2432 1128 cmd.exe taskkill.exe PID 1128 wrote to memory of 2432 1128 cmd.exe taskkill.exe PID 1128 wrote to memory of 2432 1128 cmd.exe taskkill.exe PID 1508 wrote to memory of 1412 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 1412 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 1412 1508 launcher.exe cmd.exe PID 1412 wrote to memory of 3908 1412 cmd.exe taskkill.exe PID 1412 wrote to memory of 3908 1412 cmd.exe taskkill.exe PID 1412 wrote to memory of 3908 1412 cmd.exe taskkill.exe PID 1508 wrote to memory of 1392 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 1392 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 1392 1508 launcher.exe cmd.exe PID 1392 wrote to memory of 764 1392 cmd.exe taskkill.exe PID 1392 wrote to memory of 764 1392 cmd.exe taskkill.exe PID 1392 wrote to memory of 764 1392 cmd.exe taskkill.exe PID 1508 wrote to memory of 3980 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 3980 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 3980 1508 launcher.exe cmd.exe PID 3980 wrote to memory of 2304 3980 cmd.exe taskkill.exe PID 3980 wrote to memory of 2304 3980 cmd.exe taskkill.exe PID 3980 wrote to memory of 2304 3980 cmd.exe taskkill.exe PID 1508 wrote to memory of 4968 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 4968 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 4968 1508 launcher.exe cmd.exe PID 4968 wrote to memory of 4964 4968 cmd.exe taskkill.exe PID 4968 wrote to memory of 4964 4968 cmd.exe taskkill.exe PID 4968 wrote to memory of 4964 4968 cmd.exe taskkill.exe PID 1508 wrote to memory of 4840 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 4840 1508 launcher.exe cmd.exe PID 1508 wrote to memory of 4840 1508 launcher.exe cmd.exe PID 4840 wrote to memory of 3712 4840 cmd.exe taskkill.exe PID 4840 wrote to memory of 3712 4840 cmd.exe taskkill.exe PID 4840 wrote to memory of 3712 4840 cmd.exe taskkill.exe PID 4916 wrote to memory of 3352 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 3352 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 972 4916 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\launcher.exe"C:\Users\Admin\AppData\Local\Temp\launcher.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /F /IM chrome.exe > nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /F /IM opera.exe > nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM opera.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /F /IM msedge.exe > nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msedge.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /F /IM brave.exe > nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM brave.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /F /IM chromium.exe > nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM chromium.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /F /IM steam.exe > nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM steam.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 6682⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1508 -ip 15081⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bcc846f8,0x7ff9bcc84708,0x7ff9bcc847182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3632 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6300 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6604 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\SteamSetup.exe"C:\Users\Admin\Downloads\SteamSetup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Steam\bin\steamservice.exe"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7822751929914165278,6733653499678371127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Steam\steam.exe"C:\Program Files (x86)\Steam\steam.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Checks processor information in registry
-
C:\Program Files (x86)\Steam\steam.exe"C:\Program Files (x86)\Steam\steam.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=11816" "-buildid=1718305227" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1718305227 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ff9bda7ee38,0x7ff9bda7ee48,0x7ff9bda7ee584⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1584 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2236 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2504 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3712 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1912 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1718305227 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=4076 --field-trial-handle=1724,i,13813855987914384437,11004661656763994212,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Steam\bin\gldriverquery64.exe.\bin\gldriverquery64.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Steam\bin\gldriverquery.exe.\bin\gldriverquery.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe.\bin\vulkandriverquery64.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe.\bin\vulkandriverquery.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Steam\steamerrorreporter.exeC:\Program Files (x86)\Steam\steam3⤵
- Executes dropped EXE
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x338 0x4901⤵
-
C:\Windows\system32\osk.exe"C:\Windows\system32\osk.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Steam\Steam.exeFilesize
4.2MB
MD533bcb1c8975a4063a134a72803e0ca16
SHA1ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA25612222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA51213f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
-
C:\Program Files (x86)\Steam\bin\SteamService.exeFilesize
2.5MB
MD5ba0ea9249da4ab8f62432617489ae5a6
SHA1d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA51252958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b
-
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_Filesize
15KB
MD5577b7286c7b05cecde9bea0a0d39740e
SHA1144d97afe83738177a2dbe43994f14ec11e44b53
SHA256983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA5128cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0
-
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_Filesize
20KB
MD500bf35778a90f9dfa68ce0d1a032d9b5
SHA1de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041
-
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_Filesize
23B
MD5836dd6b25a8902af48cd52738b675e4b
SHA1449347c06a872bedf311046bca8d316bfba3830b
SHA2566feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA5126ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80
-
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txtFilesize
4KB
MD50340d1a0bbdb8f3017d2326f4e351e0a
SHA190d078e9f732794db5b0ffeb781a1f2ed2966139
SHA2560fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA5129d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93
-
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txtFilesize
6KB
MD54c81277a127e3d65fb5065f518ffe9c2
SHA1253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA25676a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a
-
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txtFilesize
4KB
MD52158881817b9163bf0fd4724d549aed4
SHA1c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28
-
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txtFilesize
4KB
MD503b664bd98485425c21cdf83bc358703
SHA10a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA5124a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d
-
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txtFilesize
4KB
MD531a29061e51e245f74bb26d103c666ad
SHA1271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA25656c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8
-
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txtFilesize
4KB
MD5da6cd2483ad8a21e8356e63d036df55b
SHA10e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA51206145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925
-
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txtFilesize
4KB
MD59e62fc923c65bfc3f40aaf6ec4fd1010
SHA18f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA2568ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035
-
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txtFilesize
4KB
MD510c429eb58b4274af6b6ef08f376d46c
SHA1af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46
-
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txtFilesize
4KB
MD55c026fd6072a7c5cf31c75818cddedec
SHA1341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA2560828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12
-
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txtFilesize
6KB
MD5189ba063d1481528cbd6e0c4afc3abaa
SHA140bdd169fcc59928c69eea74fd7e057096b33092
SHA256c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903
-
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txtFilesize
4KB
MD518aaaf5ffcdd21b1b34291e812d83063
SHA1aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA2561f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA5124f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154
-
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txtFilesize
4KB
MD51514d082b672b372cdfb8dd85c3437f1
SHA1336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA2563b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA5124d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55
-
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txtFilesize
4KB
MD58958371646901eac40807eeb2f346382
SHA155fb07b48a3e354f7556d7edb75144635a850903
SHA256b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA51214c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554
-
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txtFilesize
5KB
MD57e1d15fc9ba66a868c5c6cb1c2822f83
SHA1bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA5120892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406
-
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txtFilesize
4KB
MD5202b825d0ef72096b82db255c4e747fa
SHA13a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA2563d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566
-
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txtFilesize
4KB
MD57913f3f33839e3af9e10455df69866c2
SHA115fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA25605bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804
-
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txtFilesize
4KB
MD558e0fcbee3cca4ef61b97928cfe89535
SHA11297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA51299aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2
-
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txtFilesize
4KB
MD59b0b0e82f753cc115d87c7199885ad1b
SHA15743a4ab58684c1f154f84895d87f000b4e98021
SHA2560bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df
-
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txtFilesize
4KB
MD5eb8926608c5933f05a3f0090e551b15d
SHA1a1012904d440c0e74dad336eac8793ac110f78f8
SHA2562ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA5129113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a
-
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txtFilesize
4KB
MD56367f43ea3780c4ee166454f5936b1a8
SHA1027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA51231aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32
-
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txtFilesize
6KB
MD5e04ad6c236b6c61fc53e2cb57ced87e8
SHA1e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA25608c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA5120dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331
-
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txtFilesize
4KB
MD556dcf7b68f70826262a6ffaffe6b1c49
SHA112e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2
-
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txtFilesize
4KB
MD566456d2b1085446a9f2dbd9e4632754b
SHA18da6248b57e5c2970d853b8d21373772a34b1c28
SHA256c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49
-
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txtFilesize
4KB
MD5b2248784049e1af0c690be2af13a4ef3
SHA1aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA2564bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c
-
C:\Program Files (x86)\Steam\public\steambootstrapper_tchinese.txtFilesize
4KB
MD5194a73f900a3283da4caa6c09fefcb08
SHA1a7a8005ca77b9f5d9791cb66fcdf6579763b2abb
SHA2565e4f2de5ee98d5d76f5d76fb925417d6668fba08e89f7240f923f3378e3e66f6
SHA51225842535c165d48f4cf4fa7fd06818ec5585cc3719eff933f5776a842713d7adb5667c3b9b1a122a1152450e797535fc7a8e97ebdd31c14b4d4900a33ede01f3
-
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping11872_1156600338\LICENSEFilesize
473B
MD5f6719687bed7403612eaed0b191eb4a9
SHA1dd03919750e45507743bd089a659e8efcefa7af1
SHA256afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56
-
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping11872_1156600338\manifest.jsonFilesize
1001B
MD52648d437c53db54b3ebd00e64852687e
SHA166cfe157f4c8e17bfda15325abfef40ec6d49608
SHA25668a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA51286d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
1.2MB
MD560df9d74e78547c08a28ee2c4274e43e
SHA1fff0f4c007b0da36fc0657892881fc28aa773e38
SHA256d6dd2fad8470f70783c17341af7358f79a5c902c182e6f2a377817cfd29f10fc
SHA51280f4e51bf98da4dc8c60885f8c71647f3e188ad9995afc5236bf01aeb5df36ea00578a90f662e1020ab4becfca2b17d99eb79f673ebe7b162ebf4b3873440599
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5cb929820c1fc3e24179db19e85b7f8c0
SHA12c16507a1bfa1e14749951a5b67c121b0c355dae
SHA256919feb7280c452595d6c03a5fd9157e73eae0cd086a7635977ae4fe59497e5a8
SHA5128810eca3da5b6464e08dbad42767b09d72ab0fd12b4f6872e004fbd2f52b16e5fff45db63106aa8e37e871a047c32e59964fae15475860707ec527e7edaf6608
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
715B
MD534e8869f8fd5c2096444e3c15d8e0d2b
SHA17904e8ded204b181f2bf022d2ac65b019955f749
SHA2568aaa604d30a93ec962008348908ba12e1f231bdff8b7c5ed7aa9ad6d51c62bd5
SHA512bc9382079172f701386e90a599007ba124508d6fd6b274d930d37b9b09dd8ec375fb3915815b701dc094ebce369fc1c5e8373299c6bee5c85340685ee1e822d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59f6cc882f7e52f0ac8ac8a9e8368e728
SHA131f1b7d57578e94cbec370ead0f3bf93fbb4a8e0
SHA256e7670385c4adec19ed96200fdc01470000a968c0d2f83bb14b9cfd3c7550cf05
SHA5127e5c042be4f5c75ce88704ba99224d5e1457bf0ba0fab095c09d1258894548f3d829cc8771612936ff7ef7237cad33703cf5da004656b9dfc9f5bf06b71dcfc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD57f52467f1aca89ea58e88367a8526f83
SHA181e7b4ef6cc1e74708dff93491e4e9e5c59be6e3
SHA256cf87990d489e4c8b234dc654aee455588d644b14bfe662ef3959873ef21d0588
SHA51299b6eb80ce2201c3aee8a8c8b2584804fca6cc187ad99845b119b7378ed819a7b55851cfdc1f500d6ab7c23e5556cc53cf9081dfccd55590e42cc2e0da6bd537
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55b11993e0bf38c5802c88591c8c674c5
SHA15a2a832a40abe880904a0184fa14f909f7de7699
SHA256a3fa896e8641b4290d8c42f117f03c0cfeb0b4639238fe16e4cbf02bfb4425c8
SHA512f191a8561209d23be772eefebb3d94ce362b019bea613c402d824d42dd68f8d649d08a62ebe4914906c849b194b90557e688552bc233d76dea84dfb28164b868
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c27808fbe5ee43fe4d9b8c33e56c592e
SHA1aafe1ba4d7a25530b0aa53d2d79ee2b9a81da875
SHA25659d6322aef954e91ce9dbcfd804054a9ce0845ecf3c388d464f549d69f85efbb
SHA51212a712822f9dbcddb62464032fdfcd4a8cbbe285385bbd02f9d8ad07b91f12e248656563daa33ef045b1b18f5a582732df1ba195d324876c9cd078e5b07345de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD516c0d870e5beda5c5bf9a15ba10cfcb2
SHA15c358c0dd78297ca7c84a09e1c78a9a2103570e2
SHA256d229f7bcbdbe4eee752374fef72cd20f438de681f87247cea70adcb438d5b4b4
SHA51200c93297e05e8ea6dc7131b82e973d7ebea2aadb63299296d2e0eb2be28ad47cd0314d956e732edb0124266142993ecbb8155d762c07e29c504893e611da6249
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51b4d2712dd6b92096b867867c2a64669
SHA146740f9061d7550064bc2eb91b058c01f930caca
SHA256f22b85dbcc2bd3bd6e53c30c27751b4dfc5cbf8d3ff2c59d5be80f7da3de830c
SHA51268fd6816523a055e06a6b4117956680a6973f08023b92910afa1234bc0490ef2cc85a8f104aaaf828f1cf1a3de13b6f4c8d3e670c28ee3304b7b1c0ad714a429
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5c264f663a44b7a2a3041010fc9d866f9
SHA1b44b127df722617fca1943bd08c78d0ee4b00233
SHA256e78e9cea15e68b54449066daa341c131efaea47310c55e9bdaf3df61286f283b
SHA512f0a6a61766986393d7973f10129799256c916d4f49612f9e040e982f0c8f205556be4dd95f52784ad7f83ad01e49d80711094b6a0f00eafe7b676e5ac42f6349
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD55b2bf4ec4d38caf21d26bc457dca99cc
SHA12aa234f0413689e0223c590db9d2335c6a6a48c3
SHA2562ff25ce4365b5a0ee90b0055f7860b001bd01deb7efd8515d77f876859deac41
SHA5129f946760feb6716156531a48ff8c13c986af8e23b474632d53bffa84572d35a48cfddb0056c52b0c2d9c2616941940300c949859f6d14a4e271907cd5d616441
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000002Filesize
17KB
MD556b913703255a5987243bf1b083b3c39
SHA1e25f12d9db1649ce7cfc55eed5aa8b7cb2a5539a
SHA2563d71468bce1f70a7b97618b2d56204dde76749656661408247ba261598ff67e1
SHA512e5ffea041e8a67eac45c887593efe185a5047558400079bf0ea440089e41b367b579b1623dded7fb3c36b423f74ebd12e4d256750addc64b161b95edf44a3a80
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000003Filesize
34KB
MD562f898fd6992a6036362cb6940826c3a
SHA13af7ca24e728670e522b97bec16f7d1118f29f12
SHA256be3af12f5b2d95630d99f2deda5ec78e8d4886f8abcbe0910735f123fe1dcdf4
SHA51272db97e1193cf9c554b363a118d054606807e2c470f9fbd7e996eb202216d7cf7ac2e03da075e028c42ad5ec606c3d867ee61d8276f23efb576d32b13b5c4a13
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000dFilesize
203KB
MD599916ce0720ed460e59d3fbd24d55be2
SHA1d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA25607118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA5128d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000eFilesize
47KB
MD564278a903ff04d2e4ae7b7f36dbaa54e
SHA1c1cba04e7e769f9d8bb34de57d3d363652385cd0
SHA25664b2cc1ce8325a40ddbd2347471d3adc1a358e0cbd7d6cecaef0c375f4eb8e7f
SHA512a42d8b937f944f85ef1611d62c1a0ef87846f83dcfae6fba3e324bd9e3d056a85d008ea7444228ff0b3484fcfebc43f638967b78a28072c10ac68c8945e19519
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000fFilesize
40KB
MD5e6e15f63a20a10ba6a821621af2e5da4
SHA124c54049f5e069516a99cf59accedd0852bc4731
SHA256c0258f150582f1e7fef221f62a58053ab3dd01d8b9bc76f2e0a7480fc9155cbc
SHA5125c28cb5e9119663f5375ddd2c5f6550bc4abeec36d85c0c6c8abceca57eabe4fe0674cef18791bdc23eee26d3ca857dfc93f1ae237c4cec634f9d98e3771ada5
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_000012Filesize
16KB
MD5b7f4239b69d60053612374bf3e4d9b98
SHA1077b6286b5e86a25d172c286a6def398e2a0dc33
SHA25687f62b966cd8316a4467efb5c1873abf038e8a930090667e1d2dab18afe41c23
SHA5125cfcc48d52d790e589a13bdaf1dff6b5aa6d3c33450d7d8a06ab3d028e047c934e8238e82246bc1b5067477235c763608fe3b84acb3837d23ab533cad99982da
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\temp-indexFilesize
816B
MD5a60f49fd97597e763c7c5c2696f5176a
SHA11385b0f2185fb21c417dfec6a20729f2119033c2
SHA256368dba68559d2555e94c1020d242816f49925646cb9ed2ed395443e558d92776
SHA512f3cd01790737c5186ef6f0f400ca9877732465ebac756e32ae6258e237a042808c31a93e4f5b214b73ef16c2bfe3a35aca5c685e93ae22fddfc522d7d4e4c2e4
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-indexFilesize
816B
MD5eb3f5f0f83b9d3df1defb3ad95f8bffa
SHA10cab3bcf96fb2736e894d5b8479a98453d2a87c3
SHA25697b323f65f71d31b2b652d7732d73844c43000e78541c62f5486a30fd10514d3
SHA512e3824726d7c19514f27618e0f9fb04606ab246e1106426781b964aea2df0cdf1be3e4f03b527f13ba7d6a96bdadeef651381964bca19327e15e566776708c255
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-indexFilesize
792B
MD536d731be4524a6d36a23434d9913597d
SHA17ffbaa294f4fc1495b2417f6c9f6b2a04df1846a
SHA256e10a74f061853e5128dc8d438c30a9ee75cbca5c466042fc4e1ed03952bc8da4
SHA512e7ef9833b6ed214d9eab3a1f4563ce36f7fce25f490d4729b52a06798a6b05f4d9d71c3e1f0a544177220ebdfcc40c0b8e92c5e090ddc6ab86d38265df3aeb54
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-indexFilesize
816B
MD5ce9c5a5d90409e7d69acff0d635f6cc9
SHA1be6ff05f302f73d40b9f04beb288c2ec448dcca1
SHA256318c73d7a32fd49d5c3560c48b25bc061d7b120abdeef41d062a6a18ff0107d9
SHA512787e369e10e372ffe1a173adb7e46abe044324718721356b6e9669eb2202b9ceb53a18fe399eaab97994ea67a84d63221cbf4ca097c5032504581b325628616f
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-indexFilesize
240B
MD539b50ce1d0091858ebd3bc7db61fa0ab
SHA1b14a4cc37fbf2282b6934bcd3e6b509eb60f49d7
SHA25695c80bb17c3d6f5117b9b340acea7a26f09ceac030c715caed43a459cc135936
SHA512dd863bd094cd3bb4145cbce55e578131b7e813f7a752f7adfa35ef68d0966f8fda1f55c20bb86e7d102dbafdf18f870beab04b270569969fc1541996eb6016f5
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5ac0ff.TMPFilesize
48B
MD543f13f22e412f4c5a62bc7831d31b19e
SHA1cca5eedeb4f2399b1b86b5416b03fc31c44dd3b0
SHA256ff6c47c7171ca0720ce0acf373c47c84b85faa381c09a90a4d14fe3b9e73af7a
SHA51229c90cf3db81e8538cfc42995c4e06c0227f8e37bab2e39171134aefef3150a9bf735cf158e168208d59b90acd52e9c0b105df76ff46eb86f6507d0ed19238d1
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.jsonFilesize
693B
MD5e6ac95f2f50d3cdeb638c80e6b72cc0e
SHA136ea3bd2db8728728347b98dd1d77078b81cb78e
SHA256e4b62effb4bc476c7b6ae7a7f3eacf4a18ce09b9b6694166e9a8e375c9b8f9d2
SHA512729358d7c02c5782070c4cf52d31f7a4859b208078cb5d1d32ab11abbf7e59f320bf054aace2902b36313587b8cdcc0ef2c88678b787771527e79a2a55b824ea
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.jsonFilesize
786B
MD5b04363f3e97c55689e4866faee70be64
SHA122a36cc92643610efbbaf645836eac8fc9542e46
SHA2568a1d92e8ed9435807df7f5bcdfaf7d482f77a50fd2c64229e652ab58ff011133
SHA5127ff4369bf47397c86a5d425520781f344b2b4f127cc900f78e1b8f92a6a89a6305353efe258d6861b42b907281b69ef5395f7f23a75e64c58bedad0f0350117e
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5b7af9.TMPFilesize
484B
MD56d90426e14efd5d984cff8051a3a1f9f
SHA12845c0e7f20a314b192fc4eb03f2e9a7713d6d4a
SHA256d33800e0ce96f7931d71003dc060d58e9b061b45adda5a55e09693fc491b7da0
SHA5123ef3e5529e81a79712d3b97f6d97d1d84c5f5bbb123dab1cf322789404f5cd66de7d1572129d875f6602f3010ae84a6750d58ff596cb7f233e26e43ec55dcd4c
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent StateFilesize
1KB
MD5c84113ae95d44013165e256f68e12f0e
SHA19915887e421860824b52aa4f5ffccfcefebd47c6
SHA2563352c338c82d6742a3f514d7f16b7002afeb60113b7fc55c2a3a80d1fdc06832
SHA512fb3ccc193586a5dba42bfcb23229053f0001f50abd9b5ee34e8fc4b7ab63bc5bbda3de9ff785c67e49b3a2b9a09a7016ece9ddb8aa218e949b1c41b999eff47e
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent StateFilesize
1KB
MD54681e24a3b1008889296b2e378626cb8
SHA193edcfbc4da99d0bc9f30db15439ee10354f3a22
SHA25632e68594855817624755c94e81dc9b8619f22e78117b7d23b048afaf0da3c684
SHA5129be8e3659cd70fe7fcbfc93f956fe5009b573275b7889ec42d9d3ad3a32a0baa138673ee7df2317b5cc2eb066660492da5bfb76e172ea7a2056808c040312eaa
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent StateFilesize
1KB
MD5dcb88dfdcb3d1604e732a26aba31c9ce
SHA1ab9da8d28383f5823daa3e20e5316674e5af8de1
SHA25667cc680784d264395f4df71b6ae7ef61f351f44bcfb88d3624dbe2268dc10f4a
SHA512f945ab269677df6c27f316f8597a37ba0fa91e860f6b64cc8cf01484ba5ff121624ec40b1212e88aa16284b5776ab15685047fa5e3bed6a90820e987b2a6385a
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5b8edf.TMPFilesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurityFilesize
539B
MD5e05ad33c54c14dae7a1f8192a9ecb35a
SHA1ac1f862cabde2453f5592a1d8fe6dd358a18ca63
SHA25640caf31ff447f3cd05b401f2b1dde938d3e174623987f03e92711996df977481
SHA512866574f3ea0dfa5829fccbdb7b2e50246d412111f0191ed564a7f82fc40bad67cf7c2d5969e4eb939a72fce79d8fef1e92c27898413cf8af32a6fbeeb184ccf2
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5b6b0b.TMPFilesize
203B
MD59658e82fa726e7569abe1e400d08155c
SHA1a935bee3bbee76702bf81db160a8cb3e48f5a3f0
SHA256d26e802f478c42fdaa05e4a06a2c0db82753123627916f63a79085b5f3793f5d
SHA512240bd576b269e6d7ecba886692fb1f93d91fcdfb0e1800ec2a68009ac0cdf9691a157ec2c04c7eb939735240fed0f542a1846bf043587a2637d209c6f6032c87
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.jsonFilesize
1KB
MD57bd051323655451fbf03ae636b4f68a8
SHA1faae0cf676c29c444c48de25e73e4254dbd2bb7f
SHA2568ef62a9d610e7da41e94dc58b4a4f3320792cad09197e130b0539a8269b89b52
SHA512bb3836a4582426801cf93589021ec97acf5662b4e47f5f964c079d520d84d44a80de5a108722f83ec0e7f3b4460688b4df6dd691ea408bfc3dfe4147e302f34a
-
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5b8682.TMPFilesize
1KB
MD5d6c6e5ad5132b8bdf59e345dabc18d53
SHA1c8b8acd85e7d75689e19fba0ff4b509eee1677c6
SHA256c97f4f28a5c5f961eece3483065338e24a318a2b57000e41c63efb082092d573
SHA51201b4e669ac4843b2b74d52969297df8c37012b6a43426ab9cb73066f44142655ba67acf54dd1c931ef368963bca9c85e50ec743b0a354854c694897100290458
-
C:\Users\Admin\AppData\Local\Temp\nsk34D4.tmp\System.dllFilesize
22KB
MD5a36fbe922ffac9cd85a845d7a813f391
SHA1f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA5121d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b
-
C:\Users\Admin\AppData\Local\Temp\nsk34D4.tmp\modern-wizard.bmpFilesize
150KB
MD53614a4be6b610f1daf6c801574f161fe
SHA16edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA25616e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA51206e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281
-
C:\Users\Admin\AppData\Local\Temp\nsk34D4.tmp\nsDialogs.dllFilesize
20KB
MD54e5bc4458afa770636f2806ee0a1e999
SHA176dcc64af867526f776ab9225e7f4fe076487765
SHA25691a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162
-
C:\Users\Admin\AppData\Local\Temp\nsk34D4.tmp\nsExec.dllFilesize
17KB
MD52095af18c696968208315d4328a2b7fe
SHA1b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA2563e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA51260105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5
-
C:\Users\Admin\AppData\Local\Temp\nsk34D4.tmp\nsProcess.dllFilesize
15KB
MD508072dc900ca0626e8c079b2c5bcfcf3
SHA135f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA5128981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c
-
C:\Users\Admin\Downloads\Unconfirmed 679227.crdownloadFilesize
2.3MB
MD51b54b70beef8eb240db31718e8f7eb5d
SHA1da5995070737ec655824c92622333c489eb6bce4
SHA2567d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
-
\??\pipe\LOCAL\crashpad_4916_ZCBIUOLCESHJSAUHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1144-13107-0x000001C668690000-0x000001C66872E000-memory.dmpFilesize
632KB
-
memory/1144-13068-0x000001C668690000-0x000001C66872E000-memory.dmpFilesize
632KB
-
memory/1144-13171-0x000001C668690000-0x000001C66872E000-memory.dmpFilesize
632KB
-
memory/1508-1-0x0000000002400000-0x0000000002401000-memory.dmpFilesize
4KB
-
memory/1508-9-0x0000000000596000-0x0000000000FE6000-memory.dmpFilesize
10.3MB
-
memory/1508-0-0x0000000000596000-0x0000000000FE6000-memory.dmpFilesize
10.3MB
-
memory/1508-8-0x0000000000400000-0x0000000002295000-memory.dmpFilesize
30.6MB
-
memory/1508-7-0x0000000000400000-0x0000000002295000-memory.dmpFilesize
30.6MB
-
memory/1508-6-0x0000000000400000-0x0000000002295000-memory.dmpFilesize
30.6MB
-
memory/1508-2-0x0000000002410000-0x0000000002411000-memory.dmpFilesize
4KB
-
memory/1924-12858-0x0000000000CE0000-0x0000000001192000-memory.dmpFilesize
4.7MB
-
memory/7300-13181-0x0000025EB7760000-0x0000025EB7761000-memory.dmpFilesize
4KB
-
memory/8180-13143-0x00000191D0370000-0x00000191D040E000-memory.dmpFilesize
632KB
-
memory/11816-13169-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-12944-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-12962-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-12959-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-13105-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-12933-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-12956-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-13067-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-13148-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-13091-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-13176-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/11816-13041-0x000000006FE10000-0x0000000071182000-memory.dmpFilesize
19.4MB
-
memory/12328-13160-0x0000020246D40000-0x0000020246DDE000-memory.dmpFilesize
632KB
-
memory/12328-12940-0x0000020246D40000-0x0000020246DDE000-memory.dmpFilesize
632KB
-
memory/12328-12879-0x00007FF9DB220000-0x00007FF9DB221000-memory.dmpFilesize
4KB
-
memory/12328-12960-0x0000020246D40000-0x0000020246DDE000-memory.dmpFilesize
632KB
-
memory/12328-12878-0x00007FF9D9FD0000-0x00007FF9D9FD1000-memory.dmpFilesize
4KB
-
memory/12408-13070-0x0000025D116F0000-0x0000025D1178E000-memory.dmpFilesize
632KB
-
memory/12408-12941-0x0000025D116F0000-0x0000025D1178E000-memory.dmpFilesize
632KB
-
memory/13268-13057-0x000001C7C9B20000-0x000001C7C9BBE000-memory.dmpFilesize
632KB