Overview

overview

8

Static

static

1

SteelSerie...up.exe

windows10-1703-x64

8

$_45_/driver/$R0.dll

windows10-1703-x64

5

apps/engin...64.dll

windows10-1703-x64

5

apps/engin...64.dll

windows10-1703-x64

5

Analysis

  • max time kernel
    703s
  • max time network
    720s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-07-2024 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SteelSeriesGG66.0.0Setup.exe

  • Size

    365.0MB

  • MD5

    b339f39200e9b0c91d4c25a1df165e68

  • SHA1

    01e9f826e9752b496511a337fdce4cad94afdb45

  • SHA256

    b48981cacda09af3e47a1bf322949b7a12749f93a2fbc2b63b33aae5563ad848

  • SHA512

    9a80f45e5e60fb12043a9e6ef878142579eba503f534ffc66250eec3443906d7efc07c71046d2fa10d8a0de5e7c2c45d96d6df11afd42f41d6d93fe3d2e38eaf

  • SSDEEP

    6291456:A7bqNm881Aa0+oMmConAckfKlP7hOSlnqN3AK4ildp6OvBn/tlPzaDHr:AqaShlMmCrckiBhRna3nldtB/PPUL

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalationupx

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Stops running service(s) 4 TTPs
    evasionexecution
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks computer location settings 2 TTPs 10 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 53 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates processes with tasklist 1 TTPs 3 IoCs
  • Kills process with taskkill 22 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 14 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\SteelSeriesGG66.0.0Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\SteelSeriesGG66.0.0Setup.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:500
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /t /im "SteelSeriesGG.exe"
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2852
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c tasklist /nh /fi "imagename eq SteelSeriesGG.exe" | find /i "SteelSeriesGG.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist /nh /fi "imagename eq SteelSeriesGG.exe"
        3⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:4904
      • C:\Windows\SysWOW64\find.exe
        find /i "SteelSeriesGG.exe"
        3⤵
          PID:3912
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /t /im "SteelSeriesGGMain.exe"
        2⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:5068
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c tasklist /nh /fi "imagename eq SteelSeriesGGMain.exe" | find /i "SteelSeriesGGMain.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1720
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist /nh /fi "imagename eq SteelSeriesGGMain.exe"
          3⤵
          • Enumerates processes with tasklist
          • Suspicious use of AdjustPrivilegeToken
          PID:3592
        • C:\Windows\SysWOW64\find.exe
          find /i "SteelSeriesGGMain.exe"
          3⤵
            PID:1264
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesGG.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3764
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesGGMain.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1804
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesEngine.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1532
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesEngine3.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:364
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesGGClient.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:212
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesEngine3Client.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2800
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SSOverlay.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3188
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesEngine.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:5060
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM gamesense-discord-x64.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4248
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM AudioSync.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4180
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesSystemMonitorLauncher.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4396
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM runStatsElevated.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1480
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesCaptureSvc.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4548
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM moments.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:208
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesCVGameSense.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2012
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesSonar.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1268
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesPrism.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1752
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeriesPrismSync.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2412
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM SteelSeries3DATLauncher.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1960
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /IM 3dat.exe /T /F
          2⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2600
        • C:\Windows\SysWOW64\sc.exe
          sc stop SteelSeriesUpdateService
          2⤵
          • Launches sc.exe
          PID:2420
        • C:\Windows\SysWOW64\sc.exe
          sc delete SteelSeriesUpdateService
          2⤵
          • Launches sc.exe
          PID:3344
        • C:\Windows\SysWOW64\sc.exe
          sc stop SteelSeriesGGUpdateServiceProxy
          2⤵
          • Launches sc.exe
          PID:3796
        • C:\Windows\SysWOW64\sc.exe
          sc delete SteelSeriesGGUpdateServiceProxy
          2⤵
          • Launches sc.exe
          PID:832
        • C:\Windows\SysWOW64\robocopy.exe
          robocopy /e /copy:DATSO "C:\Program Files\SteelSeries\GG\apps\engine\html" "C:\Program Files\SteelSeries\GG\apps\moments\html"
          2⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2576
        • C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-dxredist\dxsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-dxredist\dxsetup.exe" /silent
          2⤵
          • Drops file in Windows directory
          • Executes dropped EXE
          PID:4432
          • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
            3⤵
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Executes dropped EXE
            PID:6164
          • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\infinst.exe d3dx11_43_x64.inf
            3⤵
            • Drops file in System32 directory
            • Executes dropped EXE
            PID:7064
          • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\infinst.exe D3DCompiler_43_x64.inf
            3⤵
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Executes dropped EXE
            PID:7244
        • C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-vcredist-2022\vcredist_x86.exe
          "C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-vcredist-2022\vcredist_x86.exe" /install /quiet /norestart
          2⤵
          • Executes dropped EXE
          PID:7616
          • C:\Windows\Temp\{3A6E84B0-E15D-400F-81A6-765800E6CC30}\.cr\vcredist_x86.exe
            "C:\Windows\Temp\{3A6E84B0-E15D-400F-81A6-765800E6CC30}\.cr\vcredist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-vcredist-2022\vcredist_x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=540 /install /quiet /norestart
            3⤵
            • Executes dropped EXE
            PID:7644
            • C:\Windows\Temp\{6EF20E4F-9F91-43BC-A2A8-3BDA6B1B3592}\.be\VC_redist.x86.exe
              "C:\Windows\Temp\{6EF20E4F-9F91-43BC-A2A8-3BDA6B1B3592}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{FD0897CE-BB79-4235-96DF-283ABE77F3C8} {5CB227DF-5DF5-49E1-83FB-C2BDE5E90798} 7644
              4⤵
              • Adds Run key to start application
              • Executes dropped EXE
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              PID:7872
              • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
                "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={4f84f2dc-3f70-433a-8f50-8293e0089b0f} -burn.filehandle.self=980 -burn.embedded BurnPipe.{BDF09071-EB61-43F7-91B4-BC604420EF37} {12EA4EA8-B629-41E0-AD89-DBCA37920E94} 7872
                5⤵
                  PID:7172
                  • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
                    "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=528 -burn.filehandle.self=184 -uninstall -quiet -burn.related.upgrade -burn.ancestors={4f84f2dc-3f70-433a-8f50-8293e0089b0f} -burn.filehandle.self=980 -burn.embedded BurnPipe.{BDF09071-EB61-43F7-91B4-BC604420EF37} {12EA4EA8-B629-41E0-AD89-DBCA37920E94} 7872
                    6⤵
                      PID:7148
                      • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
                        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{E06C719B-9C57-4699-899D-95697D083A06} {4858A67E-FC5A-4304-BFEC-CA5E53CC1C1B} 7148
                        7⤵
                          PID:6932
              • C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-vcredist-2022\vcredist_x64.exe
                "C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-vcredist-2022\vcredist_x64.exe" /install /quiet /norestart
                2⤵
                • Executes dropped EXE
                PID:6560
                • C:\Windows\Temp\{4144F9AE-1772-40B9-93F4-DFFE874575AF}\.cr\vcredist_x64.exe
                  "C:\Windows\Temp\{4144F9AE-1772-40B9-93F4-DFFE874575AF}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\steelseriesengine-vcredist-2022\vcredist_x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 /install /quiet /norestart
                  3⤵
                  • Executes dropped EXE
                  PID:6532
                  • C:\Windows\Temp\{80423B88-F6CF-4A55-AD7D-4271BBDB195C}\.be\VC_redist.x64.exe
                    "C:\Windows\Temp\{80423B88-F6CF-4A55-AD7D-4271BBDB195C}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{DCA8DAC4-8D85-4490-9F2B-5125A7DDD159} {6125D024-A3FB-4FA2-92FC-400D7967B8E1} 6532
                    4⤵
                    • Adds Run key to start application
                    • Executes dropped EXE
                    PID:6308
                    • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                      "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d92971ab-f030-43c8-8545-c66c818d0e05} -burn.filehandle.self=888 -burn.embedded BurnPipe.{03FB4300-441C-429F-A1D0-2CB7D3AA62D5} {27BB6A57-A254-405A-8F7F-FBF187FFAD2C} 6308
                      5⤵
                        PID:5884
                        • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                          "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=512 -burn.filehandle.self=532 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d92971ab-f030-43c8-8545-c66c818d0e05} -burn.filehandle.self=888 -burn.embedded BurnPipe.{03FB4300-441C-429F-A1D0-2CB7D3AA62D5} {27BB6A57-A254-405A-8F7F-FBF187FFAD2C} 6308
                          6⤵
                            PID:5864
                            • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                              "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{66F2F951-A1FB-4AA1-BE99-619F9FDBF8F6} {04594CE6-0253-47DF-A6F3-80B904275268} 5864
                              7⤵
                                PID:5664
                    • C:\Program Files\SteelSeries\GG\shared\InstallUtil.exe
                      "C:\Program Files\SteelSeries\GG\shared\InstallUtil.exe" "C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:5284
                    • C:\Program Files\SteelSeries\GG\apps\engine\driver\win_driver_installer.exe
                      "C:\Program Files\SteelSeries\GG\apps\engine\driver\win_driver_installer" -installPath="C:\Program Files\SteelSeries\GG\apps\engine" -u -new -progressStart=45 -progressEnd=55
                      2⤵
                      • Executes dropped EXE
                      PID:6164
                      • C:\Program Files\SteelSeries\GG\apps\engine\driver\computerhardwareids.exe
                        "C:\Program Files\SteelSeries\GG\apps\engine\driver\computerhardwareids.exe"
                        3⤵
                        • Executes dropped EXE
                        PID:2128
                      • C:\Windows\system32\pnputil.exe
                        pnputil /enum-drivers
                        3⤵
                          PID:3956
                        • C:\Windows\system32\pnputil.exe
                          pnputil /enum-drivers
                          3⤵
                            PID:3100
                        • C:\Program Files\SteelSeries\GG\apps\engine\driver\win_driver_installer.exe
                          "C:\Program Files\SteelSeries\GG\apps\engine\driver\win_driver_installer.exe" -installPath="C:\Program Files\SteelSeries\GG\apps\engine" -v -new -progressStart=55 -progressEnd=85
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Executes dropped EXE
                          • Checks SCSI registry key(s)
                          PID:1472
                          • C:\Program Files\SteelSeries\GG\apps\engine\driver\computerhardwareids.exe
                            "C:\Program Files\SteelSeries\GG\apps\engine\driver\computerhardwareids.exe"
                            3⤵
                            • Executes dropped EXE
                            PID:1112
                        • C:\Program Files\SteelSeries\GG\apps\engine\driver\win_driver_installer.exe
                          "C:\Program Files\SteelSeries\GG\apps\engine\driver\win_driver_installer.exe" -installPath="C:\Program Files\SteelSeries\GG\apps\engine" -v -new -progressStart=55 -progressEnd=85
                          2⤵
                          • Executes dropped EXE
                          PID:4164
                          • C:\Program Files\SteelSeries\GG\apps\engine\driver\computerhardwareids.exe
                            "C:\Program Files\SteelSeries\GG\apps\engine\driver\computerhardwareids.exe"
                            3⤵
                            • Executes dropped EXE
                            PID:2260
                        • C:\Program Files\SteelSeries\GG\apps\sonar\driver\apoDriverPackage\Sonar.AgsSetup.exe
                          "C:\Program Files\SteelSeries\GG\apps\sonar\driver\apoDriverPackage\Sonar.AgsSetup.exe" "Game" "ChatRender" "ChatCapture" "Media" "Aux"
                          2⤵
                          • Executes dropped EXE
                          PID:7456
                        • C:\Program Files\SteelSeries\GG\apps\sonar\driver\Sonar.DevInst.exe
                          "C:\Program Files\SteelSeries\GG\apps\sonar\driver\Sonar.DevInst.exe" add --device-hwid "ROOT\VEN_SSGG&DEV_0001" --inf "C:\Program Files\SteelSeries\GG\apps\sonar\driver\vad\SteelSeries-Sonar-VAD.inf" --inf "C:\Program Files\SteelSeries\GG\apps\sonar\driver\apoDriverPackage\Sonar.Apo.inf" --inf "C:\Program Files\SteelSeries\GG\apps\sonar\driver\vad\SteelSeries-Sonar-VAD-Extension.inf"
                          2⤵
                          • Drops file in Windows directory
                          • Executes dropped EXE
                          • Checks SCSI registry key(s)
                          PID:7416
                        • C:\Program Files\SteelSeries\GG\apps\sonar\driver\Sonar.DevInst.exe
                          "C:\Program Files\SteelSeries\GG\apps\sonar\driver\Sonar.DevInst.exe" register --cat="sonar.apo.cat" --com="Sonar.APO.dll" --com="Sonar.APOAPI.dll" --inf "C:\Program Files\SteelSeries\GG\apps\sonar\driver\apoDriverPackage\Sonar.Apo.inf"
                          2⤵
                          • Executes dropped EXE
                          • Modifies registry class
                          PID:6592
                        • C:\Windows\system32\regsvr32.exe
                          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\SteelSeries\GG\apps\engine\AudioDeviceFXPluginAPI.x64.dll"
                          2⤵
                          • Modifies registry class
                          PID:768
                        • C:\Windows\system32\regsvr32.exe
                          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\SteelSeries\GG\apps\engine\AudioDeviceManagerAPI.x64.dll"
                          2⤵
                          • Modifies registry class
                          PID:1468
                        • C:\Windows\system32\regsvr32.exe
                          "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\SteelSeries\GG\apps\engine\SSAudioNineEarsAPI.x64.dll"
                          2⤵
                          • Modifies registry class
                          PID:6568
                        • C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe
                          "C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe" -env production -path="C:\ProgramData\SteelSeries\GG\apps\engine\db" up --outOfOrder
                          2⤵
                          • Executes dropped EXE
                          PID:6300
                        • C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe
                          "C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe" -env production -path="C:\ProgramData\SteelSeries\GG\db\migratedTables" up --outOfOrder
                          2⤵
                          • Executes dropped EXE
                          PID:4928
                        • C:\ProgramData\SteelSeries\GG\GGTableMigrations.exe
                          "GGTableMigrations.exe" -dbEnv="$DBENV" -ggDbPath="C:\ProgramData\SteelSeries\GG\db" -engineDbPath="C:\ProgramData\SteelSeries\GG\apps\engine\db"
                          2⤵
                          • Executes dropped EXE
                          PID:4652
                        • C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe
                          "C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe" -env production -path="C:\ProgramData\SteelSeries\GG\apps\moments\db" up
                          2⤵
                          • Executes dropped EXE
                          PID:3436
                        • C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe
                          "C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe" -env production -path="C:\ProgramData\SteelSeries\GG\db" up
                          2⤵
                          • Executes dropped EXE
                          PID:584
                        • C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe
                          "C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe" --dbPath="C:\ProgramData\SteelSeries\GG\apps\sonar\db\database.db" --dbMigration="C:\Program Files\SteelSeries\GG\apps\sonar\db-migrations" --dbDriver="sqlite3" up
                          2⤵
                          • Executes dropped EXE
                          PID:7756
                        • C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe
                          "C:\ProgramData\SteelSeries\GG\shared\goose-sqlite.exe" --dbPath="C:\ProgramData\SteelSeries\GG\apps\engine\prism\db\database.db" --dbMigration="C:\ProgramData\SteelSeries\GG\apps\engine\prism\db\migrations" --dbDriver="sqlite3" up
                          2⤵
                          • Executes dropped EXE
                          PID:1732
                        • C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
                          "SteelSeriesEngine.exe" -init=true -dataPath="C:\ProgramData\SteelSeries\GG\apps\engine" -momentsDataPath="C:\ProgramData\SteelSeries\GG\apps\moments" -installPath="C:\Program Files\SteelSeries\GG\apps\engine" -sharedDataPath="C:\ProgramData\SteelSeries\GG\shared" -dbEnv=production -setlocale="system_default"
                          2⤵
                          • Executes dropped EXE
                          PID:6996
                      • C:\Windows\system32\vssvc.exe
                        C:\Windows\system32\vssvc.exe
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1768
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
                        1⤵
                        • Drops file in Windows directory
                        • Checks SCSI registry key(s)
                        • Modifies data under HKEY_USERS
                        PID:4188
                      • C:\Windows\system32\srtasks.exe
                        C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4900
                      • C:\Windows\system32\msiexec.exe
                        C:\Windows\system32\msiexec.exe /V
                        1⤵
                        • Enumerates connected drives
                        • Drops file in System32 directory
                        • Drops file in Windows directory
                        • Modifies data under HKEY_USERS
                        • Modifies registry class
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        PID:7964
                      • \??\c:\windows\system32\svchost.exe
                        c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
                        1⤵
                        • Drops file in Windows directory
                        • Checks SCSI registry key(s)
                        PID:4724
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{039e8d5b-2e62-b74b-b5fa-a74020d7cc49}\ssdevfactory.inf" "9" "47433c933" "000000000000016C" "WinSta0\Default" "0000000000000168" "208" "c:\program files\steelseries\gg\apps\engine\driver\win10\amd64"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          PID:1704
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "2" "11" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem3.inf" "ssdevfactory.inf:c14ce88427b98aea:ssdevfactory_Device:1.3.2.0:root\ssdevfactory," "47433c933" "000000000000016C"
                          2⤵
                          • Drops file in Drivers directory
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          PID:4864
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{26aacd92-f4a3-2444-b8f7-895d081386af}\sshid.inf" "9" "4c4d75087" "0000000000000188" "WinSta0\Default" "00000000000001A0" "208" "C:\Program Files\SteelSeries\GG\apps\engine\driver\Win10\amd64"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          PID:316
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{20c26d01-3e12-5745-bc6e-697ba233dd48}\ssbthid.inf" "9" "4f778285b" "000000000000019C" "WinSta0\Default" "000000000000016C" "208" "C:\Program Files\SteelSeries\GG\apps\engine\driver\Win10\amd64"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          PID:3932
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{29f82ba3-f674-a045-ada5-265c20ad1c8c}\SteelSeries-Sonar-VAD.inf" "9" "4a207103b" "000000000000016C" "WinSta0\Default" "000000000000018C" "208" "C:\Program Files\SteelSeries\GG\apps\sonar\driver\vad"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          PID:7600
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{7dc142de-2f52-3046-9840-7fa6da9301bd}\Sonar.Apo.inf" "9" "4c36a1233" "000000000000018C" "WinSta0\Default" "0000000000000170" "208" "C:\Program Files\SteelSeries\GG\apps\sonar\driver\apoDriverPackage"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          PID:4208
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{602977f4-f473-e14c-ac86-6660c9d7d3d9}\SteelSeries-Sonar-VAD-Extension.inf" "9" "4d200db6f" "0000000000000170" "WinSta0\Default" "000000000000019C" "208" "C:\Program Files\SteelSeries\GG\apps\sonar\driver\vad"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          PID:7060
                        • C:\Windows\system32\DrvInst.exe
                          DrvInst.exe "2" "11" "ROOT\MEDIA\0000" "C:\Windows\INF\oem6.inf" "steelseries-sonar-vad.inf:ed86ca11e3ffeac2:SteelSeries_Sonar_VAD_SA:5.54.34.69:root\ven_ssgg&dev_0001,oem8.inf:ed86ca1120eead08:DeviceExtension_Install:5.54.34.9:root\ven_ssgg&dev_0001" "42f70be7b" "000000000000016C"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          • Modifies registry class
                          PID:6800
                      • C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
                        "C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe" -dataPath="C:\ProgramData\SteelSeries\GG" -installPath="C:\Program Files\SteelSeries\GG" -dbEnv=production
                        1⤵
                        • Executes dropped EXE
                        • Modifies system certificate store
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:7872
                        • C:\Windows\system32\sc.exe
                          C:\Windows\system32\sc.exe query SteelSeriesGGUpdateServiceProxy
                          2⤵
                          • Launches sc.exe
                          PID:4412
                        • C:\Windows\system32\rundll32.exe
                          C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler https://steelseries.com/gg/welcome/2j4p31NXQfLFfVUtwlM5HvtHKZT
                          2⤵
                          • Checks computer location settings
                          PID:6588
                        • C:\Program Files\SteelSeries\GG\cvgamesense\SteelSeriesCVGameSense.exe
                          "C:\Program Files\SteelSeries\GG\cvgamesense\SteelSeriesCVGameSense.exe" --register APEX_LEGENDS BRAWLHALLA CALL_OF_DUTY DESTINY_2 DIABLO_IV ESCAPE_FROM_TARKOV FALL_GUYS FORTNITE GENSHIN_IMPACT HELLDIVERS_2 OVERWATCH RAINBOW_SIX_SIEGE ROCKET_LEAGUE VALORANT VOICE_DETECT --loglevel INFO --logpath C:\ProgramData\SteelSeries\GG\Logs\cvgamesense-log.txt
                          2⤵
                          • Executes dropped EXE
                          PID:5424
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c "ver"
                            3⤵
                              PID:5264
                          • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                            "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" C:\ProgramData\SteelSeries\GG\coreProps.json ""
                            2⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            • Modifies registry class
                            PID:5404
                            • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                              "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 --field-trial-handle=1628,i,7071589195079081149,10892775608080143121,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                              3⤵
                              • Executes dropped EXE
                              PID:4756
                            • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                              "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --mojo-platform-channel-handle=1876 --field-trial-handle=1628,i,7071589195079081149,10892775608080143121,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                              3⤵
                              • Executes dropped EXE
                              PID:3432
                            • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                              "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1628,i,7071589195079081149,10892775608080143121,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                              3⤵
                              • Executes dropped EXE
                              PID:4484
                          • C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
                            "C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe" -dbEnv=production -momentsDataPath=C:\ProgramData\SteelSeries\GG\apps\moments
                            2⤵
                            • Executes dropped EXE
                            • Modifies system certificate store
                            PID:692
                            • C:\Program Files\SteelSeries\GG\apps\moments\gsdk-vulkan-init.exe
                              "C:\Program Files\SteelSeries\GG\apps\moments\gsdk-vulkan-init.exe"
                              3⤵
                              • Executes dropped EXE
                              PID:2296
                            • C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
                              "C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe" -dbEnv=production -prismSyncV2OnlyWhitelistedDevices
                              3⤵
                              • Executes dropped EXE
                              PID:7260
                            • C:\Program Files\SteelSeries\GG\apps\moments\SteelSeriesSvcLauncher.exe
                              "C:\Program Files\SteelSeries\GG\apps\moments\SteelSeriesSvcLauncher.exe" \\.\pipe\876ea6d6-7469-4457-9c11-fcae748deebd "C:\Program Files\SteelSeries\GG\apps\moments\gsdk.dll"
                              3⤵
                              • Executes dropped EXE
                              PID:5680
                          • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                            "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" C:\ProgramData\SteelSeries\GG\coreProps.json
                            2⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            PID:7924
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /d /s /c "tasklist /fi "IMAGENAME eq SteelSeriesEngine.exe""
                              3⤵
                                PID:8188
                                • C:\Windows\SysWOW64\tasklist.exe
                                  tasklist /fi "IMAGENAME eq SteelSeriesEngine.exe"
                                  4⤵
                                  • Enumerates processes with tasklist
                                  PID:7384
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1688,i,8403428916932990964,2120836628282033857,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                3⤵
                                • Executes dropped EXE
                                PID:8008
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --mojo-platform-channel-handle=1920 --field-trial-handle=1688,i,8403428916932990964,2120836628282033857,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                3⤵
                                • Executes dropped EXE
                                PID:7224
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --app-path="C:\Program Files\SteelSeries\GG\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2500 --field-trial-handle=1688,i,8403428916932990964,2120836628282033857,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                PID:7176
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --app-path="C:\Program Files\SteelSeries\GG\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2484 --field-trial-handle=1688,i,8403428916932990964,2120836628282033857,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                PID:6820
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --app-path="C:\Program Files\SteelSeries\GG\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2772 --field-trial-handle=1688,i,8403428916932990964,2120836628282033857,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                PID:6768
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --app-path="C:\Program Files\SteelSeries\GG\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2764 --field-trial-handle=1688,i,8403428916932990964,2120836628282033857,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                PID:2796
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" "ssgg://gg/giveaways"
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Modifies registry class
                                PID:516
                                • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                  "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1692,i,11979804808315594224,15450615017608187307,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                  4⤵
                                  • Executes dropped EXE
                                  PID:2452
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2788 --field-trial-handle=1688,i,8403428916932990964,2120836628282033857,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                3⤵
                                • Executes dropped EXE
                                PID:4800
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" "ssgg://gg/giveaways"
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                PID:5416
                                • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                  "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1616,i,575946402711644402,18061681138022846329,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                  4⤵
                                  • Executes dropped EXE
                                  PID:2208
                              • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" "ssgg://gg/giveaways"
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Modifies registry class
                                PID:7280
                                • C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe
                                  "C:\Program Files\SteelSeries\GG\SteelSeriesGGClient.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\steelseries-gg-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1680,i,16240811063997587762,17887504163845251372,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                  4⤵
                                  • Executes dropped EXE
                                  PID:1732
                            • C:\Program Files\SteelSeries\GG\apps\sonar\SteelSeriesSonar.exe
                              "C:\Program Files\SteelSeries\GG\apps\sonar\SteelSeriesSonar.exe"
                              2⤵
                              • Executes dropped EXE
                              • Suspicious behavior: EnumeratesProcesses
                              PID:6236
                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                            1⤵
                            • Drops file in Windows directory
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:6424
                          • C:\Windows\system32\browser_broker.exe
                            C:\Windows\system32\browser_broker.exe -Embedding
                            1⤵
                            • Modifies Internet Explorer settings
                            PID:6352
                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                            1⤵
                            • Suspicious behavior: MapViewOfSection
                            • Suspicious use of SetWindowsHookEx
                            PID:6532
                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                            1⤵
                            • Drops file in Windows directory
                            • Modifies Internet Explorer settings
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:1264
                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                            1⤵
                            • Drops file in Windows directory
                            • Modifies registry class
                            PID:2284
                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                            1⤵
                              PID:6728
                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                              1⤵
                                PID:7428
                              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                1⤵
                                • Modifies registry class
                                PID:7716
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x4a4
                                1⤵
                                  PID:5376

                                Network

                                MITRE ATT&CK Enterprise v15

                                Reconnaissance

                                Resource Development

                                Initial Access

                                Execution

                                System Services

                                1
                                T1569

                                Service Execution

                                1
                                T1569.002

                                Persistence

                                Boot or Logon Autostart Execution

                                1
                                T1547

                                Registry Run Keys / Startup Folder

                                1
                                T1547.001

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Event Triggered Execution

                                1
                                T1546

                                Component Object Model Hijacking

                                1
                                T1546.015

                                Privilege Escalation

                                Boot or Logon Autostart Execution

                                1
                                T1547

                                Registry Run Keys / Startup Folder

                                1
                                T1547.001

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Event Triggered Execution

                                1
                                T1546

                                Component Object Model Hijacking

                                1
                                T1546.015

                                Defense Evasion

                                Impair Defenses

                                1
                                T1562

                                Modify Registry

                                3
                                T1112

                                Subvert Trust Controls

                                1
                                T1553

                                Install Root Certificate

                                1
                                T1553.004

                                Credential Access

                                Discovery

                                Peripheral Device Discovery

                                2
                                T1120

                                Process Discovery

                                1
                                T1057

                                Query Registry

                                4
                                T1012

                                System Information Discovery

                                4
                                T1082

                                Lateral Movement

                                Collection

                                Command and Control

                                Exfiltration

                                Impact

                                Service Stop

                                1
                                T1489

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Config.Msi\e59a6bb.rbs
                                  Filesize

                                  14KB

                                  MD5

                                  9a35afb694e2634828f2e25219f9ffc9

                                  SHA1

                                  4e2d74cc4ea9ae5d41d2ebba65316aa16abc6020

                                  SHA256

                                  b7fe6fba1c43464a5d1cd18e7b296e29cc0210c86d20c2237fd4ea0baa91d98e

                                  SHA512

                                  338d25fa2207958275ca0ad80d34ea0c252196f7f5c4662f27f2dab62dfff5f47dd6f7a4f7d0ecbe0412d43ff7d0763cd73db3e5b06c4262f06b4bc1c6d94331

                                  Download Submit

                                • C:\Config.Msi\e59a6c0.rbs
                                  Filesize

                                  16KB

                                  MD5

                                  4a5cab6d243cbb8134af9fbf789f07dc

                                  SHA1

                                  2e0085c788a1d72d64acdcefce1d6651122e71c6

                                  SHA256

                                  43bcf92f9d01e6857cf831939227a3e2de27fff5e1e7032b191ed9d84267b730

                                  SHA512

                                  ca641a807fbee7aa814031cf527ea6a8474f0d4c49f63105b5569738e319e1826ef3663012db9b3f8c77f36180d9e6f17b512fbc10c9662ff4a187ca87aa4e1a

                                  Download Submit

                                • C:\Config.Msi\e59a6cd.rbs
                                  Filesize

                                  18KB

                                  MD5

                                  e9b629f2900ef0c8b7d8d6161a7ad9fb

                                  SHA1

                                  04c004644b97090d82e1e292e0828e9b96865fbe

                                  SHA256

                                  b5046cca9451117f7cb16c276ef70bfc012522c75e406c5caa83fcae5d981518

                                  SHA512

                                  8955df955cf2c5eb23ab9ffe3a2728fe055691af1df727993c1282c700ce5469ae17eaa91ebe6707b46bf9802cf13759616a861d3ee45f6a1fb351dda53e29ea

                                  Download Submit

                                • C:\Config.Msi\e59a6dc.rbs
                                  Filesize

                                  16KB

                                  MD5

                                  21e2fe02067e4c750b65153ef05115d1

                                  SHA1

                                  09e2da0f473e5c67860aa136cbd8c59852a364ce

                                  SHA256

                                  0cefb397f72bdc318bde671aefee69c6285ae63e07cd8f032def731b6a92a3da

                                  SHA512

                                  1cab4109590d488c1f2a6fb87d0ed070635a79f981426753ef3579b1af022bd977115126eaa81fc874878cafd219a97862f20809b8d26d25c3cef8b1e88ba990

                                  Download Submit

                                • C:\Config.Msi\e59a6e3.rbs
                                  Filesize

                                  17KB

                                  MD5

                                  e15dbf7e7c0859399ffecc07ca8f23df

                                  SHA1

                                  14085deaa3c894108d61597d17dfed08f8911d43

                                  SHA256

                                  b78119187107e5c5d2fa3959b3e2793cf3980eb421462a773c6252b2cd2be910

                                  SHA512

                                  a82b61ead857070f3b608fdcb411bbda28cff06f9a4ec45f1be2211d370f035a98408d0f74a9ea41f4a460b5ccb99595088d7dd63c92efae1a5e097e63bca4b4

                                  Download Submit

                                • C:\Config.Msi\e59a6ef.rbs
                                  Filesize

                                  16KB

                                  MD5

                                  e84c215d9394175f36ec529e9293aba9

                                  SHA1

                                  7387bb28f7f7a85b19015218ce3e5ab3513aaa0f

                                  SHA256

                                  dcb9277638feabf6b362fcea305a656c09349d3124310e093c9599bdff2bc8d3

                                  SHA512

                                  a34613551bec5cd72718ce6329bc1025df009e261794fb918787ada30485671d50887c8887f2220b75d4de865997633524df7db668194e68064c79bb09a0fe82

                                  Download Submit

                                • C:\Config.Msi\e59a6f6.rbs
                                  Filesize

                                  19KB

                                  MD5

                                  711a7aee7706b7937016e2b5b66e06ac

                                  SHA1

                                  9bf1d5d667569f0df2d92d3b4e3a6181beaf7c03

                                  SHA256

                                  46a2b110d6fab8b3e08bb72c4fcbd600785b0c894aa4cd0528446775b5d73f49

                                  SHA512

                                  a85bd4d7c28368b8b1c2c98273d189844df918c6689f7165f84df47cc54a01d314e7e1036f9672aaea554bdbecba073b4142a45536a5fe87cbd4cd55ed978a27

                                  Download Submit

                                • C:\Config.Msi\e59a705.rbs
                                  Filesize

                                  18KB

                                  MD5

                                  e903458d025052116b5c1609fd9d9389

                                  SHA1

                                  9192ec6752238aa0224bc5c912d5e55a7fba625b

                                  SHA256

                                  6ecb653aa5cfcff1859b064e937a616283198587890fcb74d82421d25052f4f7

                                  SHA512

                                  20360b81c3de99c64e13b5a88ef09df771ea61216ea13bf3dfbefe3e83ced1a6674f1203f87087195a5c811ade96ba55f869a564208d7328f0ae8107bc797467

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
                                  Filesize

                                  15.2MB

                                  MD5

                                  7764b3a456632dd6935a27916547e306

                                  SHA1

                                  7eab24e3c0680293b472e025ffc9b6f9139c146e

                                  SHA256

                                  da26d6fb93cb68f2639b6fd70fdb70381145d54549056a230fdf53085683b9e3

                                  SHA512

                                  a5704bebe881c6fb0e619b9de9b92d2cebbc9e84855d7e50d89bbc1c0b27bdb633f0f94378f7f4939d111f88444959ef918203c82258902e7bd25d237db63259

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.InstallLog
                                  Filesize

                                  840B

                                  MD5

                                  a287886395f35124e2be472296cf6fc6

                                  SHA1

                                  f45860c077ae516476a372fa943db4a16fe85e9c

                                  SHA256

                                  cbb4b7f949a6f47c99842060ad80500ec1571743a34edcb8afde452983dd979d

                                  SHA512

                                  ad8af482101ef28472ffec3654d76b422981c35230af5ac6146a1553cbb2a3a0a395bed65915cc80f00a821aa2fd704822ee162a2a27b2bd2a7168fc2095cece

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110330\firmware_arctis_nova_pro_v2_5680_v2.4.0.bin
                                  Filesize

                                  1024KB

                                  MD5

                                  03f02e1c9c38a1d2a2df88fba8a2cab1

                                  SHA1

                                  cd07d934f207a2daf071020bcf6ee4f36ca88e4d

                                  SHA256

                                  66a00c474b95865027c6ed871423f6bccff65ebbdfe38dc1e2878827f99ff458

                                  SHA512

                                  b653ef86d405828e32b011ea3057f53b266f6331c572fa7f35eaae22f60be74b3cd1921c66eea289b487059701fadc0767c19140ded369b9d4835bf15cfae673

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110480\firmware-hots-V114.bin
                                  Filesize

                                  13KB

                                  MD5

                                  6f140144b9e446aac91a0eacad66cce0

                                  SHA1

                                  68a5af16f748f77e9326d2525b3861902ed0678f

                                  SHA256

                                  02cdfc4c962c50ff721238ba7e3a0dd5b4ce1120ee4cb13b940fbb329d5cd673

                                  SHA512

                                  6095c006eff131fc17a9b19d6058cec06d4426968e89a7725bf6848f9376d89936bbec84cfeecd17f0acd3b5a8a3bfbea1a82551ee02062af7fd4e3ee6921ab9

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\apps\engine\firmware\272110874\firmware-qck_prism_cloth_5xl-1.2.bin
                                  Filesize

                                  16KB

                                  MD5

                                  d7e6dcd2424212d26b5d733cd943957a

                                  SHA1

                                  76e2ebfb3758dd5ff7b6007ab396ebc2eb131777

                                  SHA256

                                  8b680eeb4b44aedf43b6ad976b7d3e3ced0112a1c9ca9534ffd849aa9010ddb6

                                  SHA512

                                  7c19d0c08ae123d1fea35c3f0b3cecd2331d32df0613ff4ac99bcfde278d8e426f05ca9099cd3f0e1229c22647ae20290223526df4a80d96afe9b77ee047c8da

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111132\layout.bin
                                  Filesize

                                  1024B

                                  MD5

                                  265c4584c3ee3cb9a6052d08b2d06115

                                  SHA1

                                  811a216e30527ab47b46ce9b259312d2f656414c

                                  SHA256

                                  add6333f1aa90dd30a3b442f7ebf28ee538d0e0ea33733f4811f765948106cd8

                                  SHA512

                                  4c2777ee7314ee08ab0ce9d68b791d97dc4215968cae0e8175d79f78328cf3e334b0917fd2c7a70f98a2b8d3c37dcfe516861b0838e56743143ee45494945dcc

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\apps\engine\firmware\272111403\secondary-firmware-rival-650-wireless-1.24-B308.bin
                                  Filesize

                                  3KB

                                  MD5

                                  337254c54ad82c689d4b9a58d06a3cf6

                                  SHA1

                                  df1abbdf37e68bad3ca4885e81d27339512e7ab5

                                  SHA256

                                  5ed8294c32dac12b2a5afe916c23fdd3627571cf6152347a9336cb965b2ee50a

                                  SHA512

                                  a5cea0b2f7225c8c61e17b7e2ca6353d83925a6c5b8f2935f431507ff1341f460627bc853a8dd050ddf09e17aff945eeccdabc1eb07214e093de5f4673f7656e

                                  Download Submit

                                • C:\Program Files\SteelSeries\GG\install.log
                                  Filesize

                                  1.5MB

                                  MD5

                                  ed4fcaedf3e311f2050156ac7aa1ade3

                                  SHA1

                                  b8bef9e8663b716d105def45d1d8a1d0846a2e48

                                  SHA256

                                  f92a46bf2add2f534d71fdea1ef3ae86ae1a1f9740e6e45d3d252c023212c93e

                                  SHA512

                                  f77de451a9379369a42707a98f6a2fae42d27f0328cc79f2f3f0bb8deedad66d12e2fbd98f44e1832a8f44691dc40cbe094ea897a4a67d3856255febe59cc1fa

                                  Download Submit

                                • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries GG\SteelSeries GG.lnk
                                  Filesize

                                  2KB

                                  MD5

                                  e648f323a07124b4ddb8d881d98e6756

                                  SHA1

                                  c1f48e484ae518e367a634eed4585cc803dd18f2

                                  SHA256

                                  40f6caab68066a74a70fb21151ae2bed77702846f6a1a351882e83e747caf3a0

                                  SHA512

                                  e390e334c55ca1cb6199765ce7d4c77ea8d8f3870f5ac51ddeefe0fbb99f79655bc486b29cdbe43416f72bfd9509284bef0e96f7aac5b44e27e7a463b2aed531

                                  Download Submit

                                • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries GG\SteelSeries GG.lnk~RFe5a3d78.TMP
                                  Filesize

                                  1KB

                                  MD5

                                  1e6d0481efcc9ba12608d1c6127dd22c

                                  SHA1

                                  6d9ef7db3a837512427215c4b88978821c7e9508

                                  SHA256

                                  84fb8f0e951914fadc5e7d8fc689a3ce99d655b1017cecfc282f6e27477567b6

                                  SHA512

                                  0abee4f8427d8b56f433cf3e935250a41bd19b89cae899fcd7b45b73e6e66a4b606498f4af7b89664b25cefc12732abba9a0ab8922274c463d5ab124ec2263cc

                                  Download Submit

                                • C:\ProgramData\SteelSeries\GG\Logs\cvgamesense-log.txt
                                  Filesize

                                  2KB

                                  MD5

                                  592e2fbba76c2fce4953c29fad99f0f4

                                  SHA1

                                  51ad755d67a960567057210b63e7d63776c1fa95

                                  SHA256

                                  fe79c090360223f94f53bf550045a9b91b9df1afaafb6dd0c918f4e24b095d57

                                  SHA512

                                  5361c476c389845924468d55fe918ac7998ce02f9de7add31380860ccc2fe962e71eff36cadced63b6e45f607081b1d3680dcff890c7f5dd32893d1aa785ecbf

                                  Download Submit

                                • C:\ProgramData\SteelSeries\GG\Logs\cvgamesense-log.txt
                                  Filesize

                                  4KB

                                  MD5

                                  ed0d8647c8252da26384a7e83513fbf2

                                  SHA1

                                  77ec7beb7089a93b6eb22df4c07435dd28a1f9b8

                                  SHA256

                                  3e4c2b25b3ceb94a802417c79c492ac664878a9c0d99d466b82e441b5d64d1a2

                                  SHA512

                                  2a5ecc938f4972a553de30787ea9c3b34b12f3e495dc4de752b39bee0802ba2be17a73c1dadf299f72046b7c43d7bc675dda6eb28af5e50a19ec59ecb16e1aa8

                                  Download Submit

                                • C:\ProgramData\SteelSeries\GG\apps\moments\db\dbconf.yml
                                  Filesize

                                  70B

                                  MD5

                                  9635209063be99ad291c6d0340ff534d

                                  SHA1

                                  f1efcfd4a8fe48c3206d7caf63c86f27340f41ca

                                  SHA256

                                  ac873a3afbb84d3d8c7e617f7d91a9b14fe1edb36ea49798503cdf914680857c

                                  SHA512

                                  eeb31307308b1f95c73cc273267b98d06f86175e438ed656fbc26d5876bc5fa2b11a5b596e037433c6611109574148f48ac036cde23b19666e8a68b9e2597d56

                                  Download Submit

                                • C:\ProgramData\SteelSeries\GG\shared\externalAppIcons\GAMESENSE-LOGO-IMAGE-ROCKET_LEAGUE.png
                                  Filesize

                                  167B

                                  MD5

                                  90f257b26abfdfb541383f7b831973e1

                                  SHA1

                                  cd3fadc3c2348b447d65441c057f4d57ba528509

                                  SHA256

                                  ef61ecbb36ef6837e2250fa8f91e96710205c3be1014f590e61e1c1012d1d478

                                  SHA512

                                  f2b3017d1e54c771a8abc4f6c9f3fb1b7cd6eeb6cdb5227c9e9cfabb684d5693be0ec4e4030f941311c0f83af7f3c7792eddbfe90ed6d92fa2749bc5fbe3fff6

                                  Download Submit

                                • C:\ProgramData\SteelSeries\GG\shared\externalAppIcons\GAMESENSE-TILE-IMAGE-GENSHIN_IMPACT.png
                                  Filesize

                                  153B

                                  MD5

                                  7da663fdbc2430bb5054f71e09509c0f

                                  SHA1

                                  97863b724c42502d523ef3cce64c87da284fff16

                                  SHA256

                                  24821445c4ee627c805d41806212363bc0cd00bae87b73f4736852aad5fbbbe5

                                  SHA512

                                  e8196ea80952eb9146182cce671ab2b46063734b893dda8626242137fb34447247456176932c73f58108cf7e107a747d6fbc85e994342d256121d78db26c3723

                                  Download Submit

                                • C:\ProgramData\SteelSeries\GG\shared\externalAppIcons\GAMESENSE-TILE-IMAGE-RAINBOW_SIX_SIEGE.png
                                  Filesize

                                  88KB

                                  MD5

                                  edb8934cd7d393f2c3183a3bad315fde

                                  SHA1

                                  8c453aae1dba9cf0ee63fbc133ed05befcea9553

                                  SHA256

                                  b142205f70a2beece5e214050ed359619cb3c40a3ca7988a0b92fee7339e2208

                                  SHA512

                                  5ffff8cc7fffb40b46a7c8ce6c9203af7a12cebd60d2c79678dac4105e498f288c853ac814976a9dce6ecebb536059040908d8a5f360c5f145b2a293f8b374f9

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
                                  Filesize

                                  893B

                                  MD5

                                  d4ae187b4574036c2d76b6df8a8c1a30

                                  SHA1

                                  b06f409fa14bab33cbaf4a37811b8740b624d9e5

                                  SHA256

                                  a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

                                  SHA512

                                  1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
                                  Filesize

                                  252B

                                  MD5

                                  612e9866dadd86a1cdbc4f3fe203dc18

                                  SHA1

                                  f3fed84a621f06f797a9fc5a9f09b412fe32a31b

                                  SHA256

                                  b8761bb221c12101e185a18e34a0afd8181f6c9945bc9e5ae3088c03cc65008e

                                  SHA512

                                  586f89b9b79587253bb1d83e30b60660b6f8d7f3f940e2995f14df95f8be3d10a111db4b49a64e3dfcd73b12c3fb6fbfb8d0fb8fbc21c5c9ced816baa2d2076a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
                                  Filesize

                                  74KB

                                  MD5

                                  d4fc49dc14f63895d997fa4940f24378

                                  SHA1

                                  3efb1437a7c5e46034147cbbc8db017c69d02c31

                                  SHA256

                                  853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                  SHA512

                                  cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4P4S5OMK\cmsplugin_content_link_audio.81a3dfb190f1[1].js
                                  Filesize

                                  13KB

                                  MD5

                                  81a3dfb190f1aa9595676edd565b5982

                                  SHA1

                                  ffb0d081321795893fa20d349d1ed7b2a2336ad1

                                  SHA256

                                  4490bd04f7ae26fe2d988f8ecaf9a5328f9c11db37b1bf7e0d9196285cadbab6

                                  SHA512

                                  7aa832db1c9cfb71d0300c1770307576e487b3f1a3e3f42ece185ea013ac294dc81f406239c4f0d2576345150b66e900cd93fefd54893144f3dec6684f68eab8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\U5ZMGZOM\steelseries[1].xml
                                  Filesize

                                  13B

                                  MD5

                                  c1ddea3ef6bbef3e7060a1a9ad89e4c5

                                  SHA1

                                  35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

                                  SHA256

                                  b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

                                  SHA512

                                  6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\U5ZMGZOM\steelseries[1].xml
                                  Filesize

                                  221B

                                  MD5

                                  45b16232e44960f2a431d54aa183119d

                                  SHA1

                                  238f9a41481ea1e3802c87a19b4a72a037fd8d0f

                                  SHA256

                                  ba3afe065979ce9fdd6d03140ccaa6e6e713e4d4166fb15c6327573ba9c969bd

                                  SHA512

                                  10c0a0374cf8988ff29c6083a8ac15b933e1c4a16a3470cbd7eff272af40e87a6fde30a982560e88ac2cf2682eab81e6f9515120b648e228e3adaa02d5ca9b9e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\78N86SOE\suggestions[1].en-US
                                  Filesize

                                  17KB

                                  MD5

                                  5a34cb996293fde2cb7a4ac89587393a

                                  SHA1

                                  3c96c993500690d1a77873cd62bc639b3a10653f

                                  SHA256

                                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                  SHA512

                                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IHRRETJT\android-icon-192x192.aa2fecd4c159[1].png
                                  Filesize

                                  3KB

                                  MD5

                                  aa2fecd4c15961ce0924ebbf84f0fb6e

                                  SHA1

                                  d3719f3a870dad70e0d37decd394046233a6e204

                                  SHA256

                                  3d60bb95d68c498eada910c48b0b95af4aa61f20f8181a4099eb04f4691b5a26

                                  SHA512

                                  412b5f51dae5f0988ad5cb1cdb095bf1db8cb9f7df751ccf5e5fa8a77c7876213dc66c6b889a89cc153fe3e5336a4b2c58543b0b4414ae2c96888ea06e445870

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\05f52d69-24b6-404c-997a-9487922faef8.tmp.node
                                  Filesize

                                  298KB

                                  MD5

                                  1a839011557f58848156ce19c4aa75ea

                                  SHA1

                                  dd70e78fb77bb58c0b09bb1cb8f36be26001d961

                                  SHA256

                                  bfdf4bab72f9bf19e92bbf3bff36da2a7b21603284efbf4879d413571e2f4331

                                  SHA512

                                  54b0b1fd950fe814a2194a2a23765e719f68353bd53dd2405f682322ee88147c91439ddc4af9bf5dc190c1aa4f3252eecb82f347f816bc9506f66e9c61cf6e2b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\JUN2010_D3DCompiler_43_x64.inf
                                  Filesize

                                  830B

                                  MD5

                                  6494a3b568760c8248b42d2b6e4df657

                                  SHA1

                                  700f27ee4c74e9b9914f80b067079e09ec7c6a7f

                                  SHA256

                                  3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216

                                  SHA512

                                  2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\JUN2010_d3dx11_43_x64.inf
                                  Filesize

                                  815B

                                  MD5

                                  590fe1ea1837b4bfb80dc8cb09e7815f

                                  SHA1

                                  792b5b0521c34c6b723a379dd6b3acf82f8afb1f

                                  SHA256

                                  2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b

                                  SHA512

                                  80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\apr2007_xinput_x64.inf
                                  Filesize

                                  860B

                                  MD5

                                  94563a3b9affb41d2bfd41a94b81e08d

                                  SHA1

                                  17cad981ef428e132aa1d571e0c77091e750e0dd

                                  SHA256

                                  0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8

                                  SHA512

                                  53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\dxupdate.dll
                                  Filesize

                                  173KB

                                  MD5

                                  7ed554b08e5b69578f9de012822c39c9

                                  SHA1

                                  036d04513e134786b4758def5aff83d19bf50c6e

                                  SHA256

                                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                                  SHA512

                                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\dxupdate.inf
                                  Filesize

                                  12KB

                                  MD5

                                  e6a74342f328afa559d5b0544e113571

                                  SHA1

                                  a08b053dfd061391942d359c70f9dd406a968b7d

                                  SHA256

                                  93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca

                                  SHA512

                                  1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\DX9149.tmp\infinst.exe
                                  Filesize

                                  81KB

                                  MD5

                                  a7ba8b723b327985ded1152113970819

                                  SHA1

                                  50be557a29f3d2d7300b71ab0ed4831669edd848

                                  SHA256

                                  8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff

                                  SHA512

                                  60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\Tmp6F4C.tmp
                                  Filesize

                                  1KB

                                  MD5

                                  02f3fed52a12915dc06d6f0e8fa4a6cc

                                  SHA1

                                  adf7cefe93c0285905ae88f217da016b0d7a0bd9

                                  SHA256

                                  1ea7a0e36d40f241aac572241625ea8d7cbd945af9fbba7a4ac03fc7df84187f

                                  SHA512

                                  3983b1b5ad32884f6f155051cdad053ba000cb16987ab2ce2339b59ca6f4b51706b3c2aa88a46ec178499cfbbe5ad3b4d348e226a335d52a33d2b543f7abc2d5

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\Tmp7141.tmp
                                  Filesize

                                  1KB

                                  MD5

                                  b80fe115da7224b0efe7b176c3b4e99a

                                  SHA1

                                  486f9269bdbf4e4dc7e603b23c49bfe003878e7a

                                  SHA256

                                  6413907fc7ff5c53142ca2de1bb2de977e48dab8f814cbee834a95dd2cb10d9a

                                  SHA512

                                  663b20be64b7fe59fd4e4fe5a9301d2cddec468055bd66de5a8f948d8ff0ad0ad506e8c5ca597ce92ca7f5f4313e222bc416a8d328156bba4b3b1006aec59778

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\cf1601bb-90af-41b4-bdf2-cf93062f6ac0.tmp.ico
                                  Filesize

                                  30KB

                                  MD5

                                  8c4a0a9d5f7c95a76065f8f4754f7518

                                  SHA1

                                  f685a58f95203e2e31bcebfb362e38c158111647

                                  SHA256

                                  2045e457f8aaa076ae4b152621ac43ca9b58cc89058a4bab89efbe6b6532d0aa

                                  SHA512

                                  d1cfbc52725d0a17824fc63482b6a719e6dcb8fa3793b4f40a8c7b9cc9b60e0b0a4984a8f7dd1e6bb8e0c509def6069c2ecb570ddf82b4b6c2a751ecb6b760db

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nsa27A5.tmp
                                  Filesize

                                  94B

                                  MD5

                                  749d3e018cce3a49523b1cb266bb9522

                                  SHA1

                                  9f9424b04198d51a344ac955453e4cf61ebb1cbf

                                  SHA256

                                  c6f87e613f4b47893972bf3f7d85d49f80d5c102c898c44932076a4b97982a1c

                                  SHA512

                                  c6bbe9cb68f300d5715c3e1d7c995291303ffa5c1e162d739a70f100eef83acbc607bdb4419b4ef2a37efa38b821df73b6b90f49ca810c3ee781e641f82ba945

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\ApplicationID.dll
                                  Filesize

                                  208KB

                                  MD5

                                  9b88d18fbc10db616c350dad5b133f8c

                                  SHA1

                                  a04f525267b53046731747276e78d72477a519b4

                                  SHA256

                                  3ed9cf00c753e7839ebf58a6be7f8fa129e052f400f43a2a356ed94eac7f7712

                                  SHA512

                                  befaa510eb1cb2d654dc09a406da73c427923e3ec00f774e5ea009d1d3897f3f17a2e8b7a00c56508c40571457c8ac1abdcdda1d17b1f9e3b1ddedefba280caf

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nsqA25C.tmp\modern-wizard.bmp
                                  Filesize

                                  201KB

                                  MD5

                                  f650b70fe8fc433d83af50ad1864e984

                                  SHA1

                                  ddffdeebfe0080fbcbae6d48744e3f650144f41c

                                  SHA256

                                  561bf9700aecb25be446652e55499912fa5b157016c537d930b082ebe7534b2b

                                  SHA512

                                  cb9c2f362d83df925c5f3c030fdb92f03378848d61225b7e2378b5f1e61b52bcf292a4ec472a8b65b1fafc25068d8075e097b684a1761be0f111c52d693219c0

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Cache\Cache_Data\f_00002e
                                  Filesize

                                  277KB

                                  MD5

                                  59adc4b8382a6686d3785268b2303bad

                                  SHA1

                                  2336dc10a8c925bf33ed91ce84f174527c79ffe9

                                  SHA256

                                  c5422387dc3b215e712646a247531320dca815f3ac8b6cb86acc8e07c3ba210b

                                  SHA512

                                  54c5783f27cc9da61bc7226b0f57bcf645076135916715eb0c8776cb7822926dde767ce5079c4f330c3ea8586181acf964ce9291b05cfc0ea6732c63ea7d7905

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\Network Persistent State
                                  Filesize

                                  769B

                                  MD5

                                  de688262153a174fb1e78d2179aecffa

                                  SHA1

                                  54070224b317e8bc6b71e994ebbf8b9d45cbb482

                                  SHA256

                                  fb43c543a43ad3db8061d3e1e0d7bb0db4f76610b3131c265c459adf2a08cfcb

                                  SHA512

                                  07d36a1ed1f95f6045636c503a0ae24b6fd685168421fec7187eef9b0e076e7606104c6ad15ac6e0b8f8feeebed7db57ba620082b13a2a076ea9d90d520db2a5

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\Network Persistent State
                                  Filesize

                                  800B

                                  MD5

                                  239c19bb9f9bd73564d047f470059b38

                                  SHA1

                                  9a1ee044043bfec79a084a2a589638986444efcf

                                  SHA256

                                  0923ea83fdb333cf8b44427609bde4e9f1f571419d0168c0956558543b0586a8

                                  SHA512

                                  a8e751787c68175385937f30bdd8f9d7aca43de289f428079de9560a6510bfae03d039981a64ef5ebeecb84871188a9d4526bfa75a952585e9bc84fded975f63

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\Network Persistent State
                                  Filesize

                                  800B

                                  MD5

                                  5f7fbc6fcd0aba67b133e5e089534aa8

                                  SHA1

                                  b431f13ffbdb72cd2bad9abaff9cb761e18034e2

                                  SHA256

                                  b0427f39624c16cc68cac6a37590184ac2d16c617e61ff507dfbc674444105dc

                                  SHA512

                                  03ff27e346989f5986c7a20a03601fe08d0dbadf1eaa388744fa8e8043e88abb58f06652dba39b7990b12df1dfb7e2c6ebea326b9c1b143f9e9a641784a3bb7e

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\Network Persistent State
                                  Filesize

                                  800B

                                  MD5

                                  3c7358e0a49126c8c2738ab00db6d780

                                  SHA1

                                  abb9553ca1c80a6c24bbe7efbf7c0b380df092db

                                  SHA256

                                  839a2ccf19f3110a8d06e1c272ed9c4826b561a4410af880f76b8fadf92cf55a

                                  SHA512

                                  f00e496187f9fe88503d598ae8702db1f8ea9560ab1990e7969b876f717f2087d97032f022d268e53bb513649d630d5bd0f265761d1e367d0ce31e87960c4d21

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\Network Persistent State
                                  Filesize

                                  800B

                                  MD5

                                  1b7bc55a12f68566a283ff93bedc106a

                                  SHA1

                                  a48ce555e9f33183f0394e945a9ffd0164a139d0

                                  SHA256

                                  2d1e7c4fb8e0c6e32fc607a6385ad79e5a26c1061bced66d6548e27d497aecc4

                                  SHA512

                                  53580cbbe11c28a6de5012dba46d93ccada349bf013fad209adf9c93cd43908549659b0e9e6cf5fb2320a2a0f59d5a1e3a7b0782cb616b1a6b8753bd4ddf9f33

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\Network Persistent State~RFe5cb240.TMP
                                  Filesize

                                  59B

                                  MD5

                                  2800881c775077e1c4b6e06bf4676de4

                                  SHA1

                                  2873631068c8b3b9495638c865915be822442c8b

                                  SHA256

                                  226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                  SHA512

                                  e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity
                                  Filesize

                                  355B

                                  MD5

                                  9577dd500f6932f64101e55041419d13

                                  SHA1

                                  8ac1ec1278cda8cefb071bb47ee9895b9f00df3f

                                  SHA256

                                  1ddae6b8d022391d6deee5229024b60124a0cdea41139de3591cd14560f1a043

                                  SHA512

                                  f0eb9cbadf8b441f875f1f962875d0a2c54acd7b022aebda178221f3d46f896c9159c5d77a8fae1938e9bbcdc1cc2c603baa140e71ff157789c10905f4e9e1e1

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity
                                  Filesize

                                  355B

                                  MD5

                                  9c21350186f3f1e65018ae883a7f6e34

                                  SHA1

                                  0e502d389b069e323709178f96a4c1bc7dbbd448

                                  SHA256

                                  296a8b2e681884ff6f787af068de943fe741e5aede6452b3aef0277c84384fdd

                                  SHA512

                                  ff39f128c789caa991d11644ddbcefade07f8fd9db64bce4275efcc425a9478a813711a9929aa89a6d1a873998761c69a526ae62372be603b8a91ad21ba3ce65

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity
                                  Filesize

                                  355B

                                  MD5

                                  76ef87ba63ad8f928bcb2f35bdee3d77

                                  SHA1

                                  6c6afdacaffebe884b66feec9c9e6283717644f3

                                  SHA256

                                  fe650d0085eeaa3e2a8fc20e41340f8a929f90a36c10f2c4368397b3a81d60b7

                                  SHA512

                                  2792af42aa6632cf3182990f4e4b63af8c9ea46d574943fe268e15b3b9ae55afde329f2b95eaaffddbf6f2b824c9ae252707e1f32b766d53292fc934d8ab2fec

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity
                                  Filesize

                                  355B

                                  MD5

                                  5ce19b013d485398c2da5a473c1004ab

                                  SHA1

                                  d0c893bcdd9fe552f559d7dc37315344edce34c5

                                  SHA256

                                  38370795e8e3567470d0ad2a70396674cebdc989a581331854619b07dce06780

                                  SHA512

                                  e50b541b5687686e8faccec04c741f35b6c9f2dcb6c5641038fe75f62c2424b4fadb5dadd03d0119caad03af8ddbdd9939862572e3005b2820b59a5a452af065

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity
                                  Filesize

                                  355B

                                  MD5

                                  f778cd3458824e2eec5f9add81643912

                                  SHA1

                                  1d6a4274d5011878dd12e7936ccab5c115e0a4cd

                                  SHA256

                                  0554158fa90eb468c634cb254a8cd0c57833fb5acf1d9791a57e4d18c6ae762a

                                  SHA512

                                  d470bc55934cb37ff32a9a66ec9ecf1c2384e28383941da9cea3aafd6bdac353d4812ad5d8e9abd6de8b2fcbb8ff16a8f6013d8227d095eb9bb136754c5f02a7

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity
                                  Filesize

                                  355B

                                  MD5

                                  9753b3bc15248fb8d749ed003cf65a44

                                  SHA1

                                  1b49163da7309198f56e63f1868a7a6480a9cf21

                                  SHA256

                                  72a5e6824beaa268cb4cec590d7fa95161fa7adb591306694e69620f2be80b38

                                  SHA512

                                  d1e282ad1317331d2d2900c5529d5ecfdf8a40b72ef6b0021ab72b0bb0f505003eb6013230907cb53e440ec0f5ae33907fdc3ae5ef4535276b78f5c873d67f33

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity
                                  Filesize

                                  355B

                                  MD5

                                  5ece7e879c25c56dc0cc79fd44fa603d

                                  SHA1

                                  234b1457c6c29d38da11cea119f44db713257fb6

                                  SHA256

                                  c0345393ef2ed496545a60bfcf17c49d55e719f6b7ba49bce4b3aafc38591265

                                  SHA512

                                  564ac2ce8042493c0d1e7df193d70d138e3e68c748ae167c862421c6c2315e081dabe3fd71a83c539375518e6ca5777dddf1f48dea25ad67c8fd0f3a7444b3ac

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Network\TransportSecurity~RFe5c8043.TMP
                                  Filesize

                                  355B

                                  MD5

                                  dfaa4a690f6f333ab34415a13c1b2be0

                                  SHA1

                                  a64994522ae037fe0890b4f3916311040e226245

                                  SHA256

                                  d4a9f9b2ba987ef1914c84f5b4b79c806bd6463d49960803b1cb8c7efe9861e6

                                  SHA512

                                  1c6e4f6102f6723bdbf30a37339648e60cdff85f592fd31a1e1f9993c93bd2c2239d434972feed3c3e7b27b2a780871ae9a08ffcd9d115012f708ad8db941435

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\steelseries-gg-client\Session Storage\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Windows\INF\oem0.PNF
                                  Filesize

                                  5KB

                                  MD5

                                  fdaa9fab019d6f91c1afddb97899f5a0

                                  SHA1

                                  01483ac850a6ac966b0dfb0411276e1c91fa76b7

                                  SHA256

                                  3e0e9a83802b4dec598fdada1aa8976c52113a06d529fddece7f97fb3c6b826f

                                  SHA512

                                  6cc20ec7104310bc207070fbca68bdf2370eb458ac73992285a2cfcbc93b676edaf5baf57fe2aeff52e13bce8ae66735b9ebb45d745618bf513cf21161d09e6b

                                  Download Submit

                                • C:\Windows\INF\oem1.PNF
                                  Filesize

                                  5KB

                                  MD5

                                  335e0b4d8f3bb2151f3f7cb9a7758a58

                                  SHA1

                                  30b6d2a3236c2b2699da9e3dc8ea21ef8c29d578

                                  SHA256

                                  d297c997c6d4b790fdd683c76004d9e175bcd67c5f44da061a45aa7d1497058f

                                  SHA512

                                  9d38ae15e326cfa6dc0db9edbb2f2a6a7266b60c2c7e8ad495306539e1d46c5bc6da9fed37b89fce7b3222144a110df15db2889dadba75c1d714c97597c882b3

                                  Download Submit

                                • C:\Windows\INF\oem2.PNF
                                  Filesize

                                  6KB

                                  MD5

                                  54050848da7a34673b720538e382065c

                                  SHA1

                                  9aabe83b205cb031792c9a6709cb5968150d0626

                                  SHA256

                                  5a8125a4ee948aeab7be4e7b502e9ffe85c5a928e80872c709b0fc3c0456e81a

                                  SHA512

                                  797cc320d342b20cfae09d204ad0c7fad08cb3e20b2928bc99a229344876213d022e2520285c8e16ad5ba39f9cd64f95fe7d1c56de795334cee3655881c31048

                                  Download Submit

                                • C:\Windows\INF\oem4.PNF
                                  Filesize

                                  69KB

                                  MD5

                                  d7f4c39bec7f28f881f44035e2b2ec25

                                  SHA1

                                  96a69820a64081decd15c45e95e6c06c6472849b

                                  SHA256

                                  c940449ce7a4ae40805750fc70d5af4b3d967a389567eea3c085dce1e44d2d99

                                  SHA512

                                  9a1f10729d02a05f1c739009f7cdb4faec3109b959a4211ed465c80e406a403f3317772a2600fd097b5f9ca98fb567273a019c1233654b431e059d3ff713e2fb

                                  Download Submit

                                • C:\Windows\INF\oem5.PNF
                                  Filesize

                                  9KB

                                  MD5

                                  84bb3551541a83baefa54ebb1d2bb259

                                  SHA1

                                  c3e2fe6d31d09449e18643ef27941e007cfcc577

                                  SHA256

                                  193753dd0295ecab200d4c6da65b9a6d626766aefa479e59777e38148307a3e7

                                  SHA512

                                  9afabcce16ff786d16cbde0a4968c46c6e2174fbba8c814b3a6754e169006be5d27ec4af7db6a911ebea1b3d9a79500030b2d2330facb1532c139aa1abca4567

                                  Download Submit

                                • C:\Windows\INF\oem6.PNF
                                  Filesize

                                  37KB

                                  MD5

                                  098ff8bc966cb088fd28f8992012311b

                                  SHA1

                                  e268a3233d3cbd18360cc06441c745ab25036a2b

                                  SHA256

                                  40e62f8c232b841b270199124689e10dc12b4dc6d9f4561a87769dd099992643

                                  SHA512

                                  61c88573cced30c4e57d85e68abf33df923e2992ea0ff192647e120ec2825d0c871ae1e1339f5919a8c3600950f3b466d92d89772e73eb25d1a0ef5ffd6c89d5

                                  Download Submit

                                • C:\Windows\INF\oem7.PNF
                                  Filesize

                                  12KB

                                  MD5

                                  fb65fcd9a9a994dac80402ca305227d4

                                  SHA1

                                  7609e618e2ac8121435af19f2d6391bccf12074f

                                  SHA256

                                  626632e8a33e02db118267da22c61433dea28fbca66afeaaf379a9e45cd91d5c

                                  SHA512

                                  20043d83dbef9eab4c7eb97d386edb7626863dd40a8a22d69d76b65efc27d1fb8e3de705b4548b1043e10e4853f58b2eb7e49527ac4b27d4a13efe23f25f407c

                                  Download Submit

                                • C:\Windows\INF\oem8.PNF
                                  Filesize

                                  9KB

                                  MD5

                                  79fe8ba1236bb6c8f275a0a0d7188b91

                                  SHA1

                                  b88f51ff581421c7613d70f8ff6a150808082318

                                  SHA256

                                  035b023f2449ab8fc25dee7e8488572ac29c2669559b34b7df7dc5f69938d514

                                  SHA512

                                  d31194a136cbf3c2eb15daf50bba157c42ff72bb23341af8fb2257e58caf8423d982f93143c0f50dcc83850efd60c32b4c5bad0d9382fda6a544b4671bbb789f

                                  Download Submit

                                • C:\Windows\Installer\e59a6c7.msi
                                  Filesize

                                  180KB

                                  MD5

                                  41d7231c971401af43de5e4f16974d04

                                  SHA1

                                  b92336facfc5c7311ce18e11a68548acd3ef91f0

                                  SHA256

                                  cb7e1fbe83913dab01fae8cb0cc7a49a4ade23546afbf7ddcc517a0ca97b5806

                                  SHA512

                                  b504eaddf4d95db00169c61a9293d195e8bb656e26b36eb0264bd0fc589707c7ace684e0f4941c8f10438969cb3598e1d8dae1a6b74537186a8e34fa028bc011

                                  Download Submit

                                • C:\Windows\Logs\DirectX.log
                                  Filesize

                                  63KB

                                  MD5

                                  e0f8096044a31756d7c8d00a567f93b6

                                  SHA1

                                  535aaa68da6fe23d5e3ec00ef52057050ad182f8

                                  SHA256

                                  16d22938fd446a69511bd3b0df3330f598b3427ff72227d6e1ceb56599f57c3c

                                  SHA512

                                  45f1be792d06d90ddddf777586260c4b7a6bfde728046c18ae59f38a4fb1c7e8f5dafc38398ee569b1cb5f742dcffd6a6c2d3044ee4f915459fd1551e9b7952a

                                  Download Submit

                                • C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\steelseries-sonar-vad.PNF
                                  Filesize

                                  38KB

                                  MD5

                                  75df2931874280d65cba69b38f917282

                                  SHA1

                                  fae9c36de3e2749805903ca7832c85bcaddc618b

                                  SHA256

                                  fb1a1b9a548d704fbd841b12c39259b78982839e5cfae38dc246417eec335f5f

                                  SHA512

                                  c874f763c04bf12489333b420b68d8e324242999f4501144b7c230c2f174f18b4937bf3337cd664b513e49d0bca1c6386fe0bddae1a6539a383b46990c4b1a5d

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{0d852e90-2b38-9c47-96b2-ed6f2a8f1ab4}\SETE565.tmp
                                  Filesize

                                  12KB

                                  MD5

                                  8f3df1cefbdf407ecfaa5d6e645e13fb

                                  SHA1

                                  56c7bb25edff33df22b3798445924aa5b1bb7171

                                  SHA256

                                  0a262b9b122c14fcfea943ae8299c900cd4bcc84c3f6d04d5daf746cb0cd1ca3

                                  SHA512

                                  dd46528a65f80f2f2dfd51396df6f07fdf6fce9b9d78f5078c9bff03795da5365df739a62781ecb16964a426d3ff7119e4eb64acfed70600ac799616ea51ec9c

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{0d852e90-2b38-9c47-96b2-ed6f2a8f1ab4}\SETE575.tmp
                                  Filesize

                                  16KB

                                  MD5

                                  cb676e94105fdb09e3f2d8303815fc80

                                  SHA1

                                  5104c9167af9a8b596ca618ac70f960397458c96

                                  SHA256

                                  7929ea3dbe92ee7161564ac954bf9e7b55cfdbff68eb90d9ca0dd6c3840987cd

                                  SHA512

                                  78237e1d7e4f7d6ed26fefb9b1c01d52573a8c314a4d8203125f2b4771fa2d0f43b8680e2385a1947c8febb3ca93e69faf9efecfcfd6c798cc6e4f2ce22d31a3

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{0d852e90-2b38-9c47-96b2-ed6f2a8f1ab4}\SETE576.tmp
                                  Filesize

                                  93KB

                                  MD5

                                  0f35f13a61a36bd1afaa2fca592a7271

                                  SHA1

                                  4c1c678e9800c00b4c228b5a6da352ec977b0345

                                  SHA256

                                  62a299abb431d527e391417f35d64d1866881752b57450844ec40c5947744e8b

                                  SHA512

                                  e34624443f9c9a0bdbb070de9e7d22e57efc590658371d811b393a3b36c483de51c535cfc07b4a2dff399a7fafcdcda3c77b9b8d908df0a615ecc73f2147ce48

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETE6FB.tmp
                                  Filesize

                                  8.7MB

                                  MD5

                                  72174897ad8fa27f9ae31b44784721ef

                                  SHA1

                                  9556099880e35dfe0e33cfce605d25c75afacf82

                                  SHA256

                                  6271ef4edb60abf8e7beafe071df88ad60ed3bd6d20d0e3085ee9dec7a451dce

                                  SHA512

                                  3677d8afd37275c2bd0788fa8be9af5d1cfd9cef93d984002bb2eb03c5e13d5bb795bd18a9078bf3b2fa762ab6db0783ac8e943265509279c7578f6b014fef75

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETE70C.tmp
                                  Filesize

                                  893KB

                                  MD5

                                  a867203f5d9f476968261dff0ce8dc16

                                  SHA1

                                  85bed010c71e9c07c9e35ce05cb3a36c7123438f

                                  SHA256

                                  eebfbfe8a592905a3cc4eeb963adcbe063b2ddbdef46d18a262dad4a4639a1f3

                                  SHA512

                                  4531aa11ef1a3f9a47ab4209e9271ee91c3d3a1616148d2dfc7092095e87b74361876a1307337a408e9b352f4670b68e80f9f186480cb82241a8c52568967c6a

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETE70D.tmp
                                  Filesize

                                  4.1MB

                                  MD5

                                  95627146cc6d952d58a7cb4610ae18b9

                                  SHA1

                                  7158c63b3c3aa70db6f660961412ba6d97a06472

                                  SHA256

                                  cadbc285234108b57d2af435d324abdf0dd7f68bb55864bb7fa83b6a8f4d3e03

                                  SHA512

                                  31e046623efff4a13da7eb2abc1c033869b856fa0eca17837fbfeb6ddeedd390dfa825f5244b7b0c98f64193718fa9679ba8dbf25bc75170b6aefb709d14ecbe

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETE77B.tmp
                                  Filesize

                                  1.2MB

                                  MD5

                                  c48953e62f4eb317a7c9f1c9339d46cd

                                  SHA1

                                  9ad5bb787da9ba57a949ea16519ba6ed353ee49e

                                  SHA256

                                  3a03e1762f267cd93dfc2ae87ece7c37600db3137a08aecac7a638d6520ec4b1

                                  SHA512

                                  6d51562f658b9a75b4858b3eedd192ebbb9773eae2d57cf4677aeb2b8fb3eca44590e5bb7a75bd579cbd869c0c091248f403d22989da5e5c641023b24db2e410

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETE77C.tmp
                                  Filesize

                                  13.1MB

                                  MD5

                                  f70397b97c74cc898a0b704f318c03b6

                                  SHA1

                                  58b5811080f66df2a35cda7ca6169ea18671f8e6

                                  SHA256

                                  fd655c4a10b5675311466ebad8fc0ff4e3aefeab02c22519529442d45e1d87f2

                                  SHA512

                                  fa58550413fff8b79c969f9371b69ab8b9c6f0280174d6f3431db5a13ba56e720a2c2b9688d2a6c3f1afef841d5e08023b1f86a7a03733cc46a6b3fdc83ee7af

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETE77D.tmp
                                  Filesize

                                  174KB

                                  MD5

                                  2601732f210a5e2bf7fe966af764849c

                                  SHA1

                                  5de125fda016ef02d27903bea1a43f9457794fb9

                                  SHA256

                                  30810ab772a347cf299ae7f4666922bf6d42251cefb7c41135f769c7c568784b

                                  SHA512

                                  43d0b2435b914f728bebb3d1f266ab1b5990d87eefd60b1c458c654f5e78fe16d6bc27e8c8f32a544c33bb207bedda56d13f3430790722161386e01978decec4

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETE77E.tmp
                                  Filesize

                                  18.2MB

                                  MD5

                                  edfb162605f3652393d5a84d06cdbe55

                                  SHA1

                                  aec2ebad4a7eb9043fb46dfd1f31430bce569948

                                  SHA256

                                  1eef16a456e25e99eb4af2192988c4a9b49c933d8a732b410ea7493463d67b26

                                  SHA512

                                  4cf3494e2e997c3b944a9aaee8f11459023782f912174dfa1ff623d5c6160c28384c573183830444d387f89a568b23fe7f609c914505ca227a2818d52ba9bf30

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{690f7d29-4c59-f247-b900-162a537cf097}\SETEC03.tmp
                                  Filesize

                                  5KB

                                  MD5

                                  db02f96c90d4cba5cf481ca5e1fceead

                                  SHA1

                                  0c4d06c99062c0986626fdfa5c76ae92eb4e23b7

                                  SHA256

                                  de806e376ea4b8275eee0830af629c1d0bdabeaff2424c9588ec90bdaf85c2d3

                                  SHA512

                                  4d7901bdf91f0f7f43d6a94b08ee22f6b3532e81789ea865eb14215ddaf76777e72b6d3ce8ff92dffe1b525c13423e6c1ead31d0839a7c18d824bd893473046c

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{6fbfb17b-5bc5-804f-ae2b-1d6ab10b0e01}\SETDD75.tmp
                                  Filesize

                                  11KB

                                  MD5

                                  d5c62369d7f5f093d0d25955a0cb61a2

                                  SHA1

                                  64b912bbbe2ec08add52787ba95292f5dd2fcd29

                                  SHA256

                                  4baafb80f0e21bc724c4dc7efaf0578da9e1edc8f00f6e7c06a1edc0eb580ce4

                                  SHA512

                                  adef8d44a55e313c5d2c245725b34e8f605e2d7b9dd411a5701211b0012917741ec80127b8ef17a14e6b08030006711fdb755fff565173c9892ce1235e17f75d

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{6fbfb17b-5bc5-804f-ae2b-1d6ab10b0e01}\SETDD76.tmp
                                  Filesize

                                  1KB

                                  MD5

                                  c3172a26ffa6da2a1d0e6fe9b2f75291

                                  SHA1

                                  12633f43f60d0ae2d6cdeea3f64458450780f542

                                  SHA256

                                  5ae61d902db9aa0ea32ac40019dd745e0e80af1a6b8c24fc06dc39dca797b645

                                  SHA512

                                  03451c19f6e190434ca29423ceab403c7fca0eed2f5809a95ff52f8ef98c265a978c19722790b3a0d8b053da39f837ced7597deda96b120d9cb0f123a64c7175

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{6fbfb17b-5bc5-804f-ae2b-1d6ab10b0e01}\SETDD77.tmp
                                  Filesize

                                  42KB

                                  MD5

                                  bf0a12b2d3d937270d374b373ef28f32

                                  SHA1

                                  048b789d564f0993f28e50e805e99a341acd58e7

                                  SHA256

                                  74cb8b09a6c6f7b5d7d7914dd53f9169700bb3cfd93eb42da2375e3232bc4ecb

                                  SHA512

                                  07ff18644b61d4bc0f7f38efd39dc037cc9e5f50057d5bdd225ad0e16138dbd3a00e7bd027cf605966b008398e428d20778d45a69e3436482d3491427bd5144e

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{99d1d096-6454-944e-ad58-825ef416ba7f}\SETDFF6.tmp
                                  Filesize

                                  11KB

                                  MD5

                                  1116144897783dbd2a13d79d07ff3415

                                  SHA1

                                  75fbc9a295daf28371ec2ad75552eaa6ae12a79d

                                  SHA256

                                  22f0684fb7b0aa0745a38af53454d26582f07ed2d3dc7f3895572844e3a03901

                                  SHA512

                                  f0e83db79a8321a0f53b56165d934a2033928fa58ea99bfb9f6445f49e55d87e9f36b74462bb4994d9fbb51a17320114c672a7d54ccee9da1425bc0d4e707f98

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{99d1d096-6454-944e-ad58-825ef416ba7f}\SETE007.tmp
                                  Filesize

                                  2KB

                                  MD5

                                  8466d3df0687e7ae317e5cf1b578a3c3

                                  SHA1

                                  8edd3481b98dae0fb8d9db446c73c5baa06c378b

                                  SHA256

                                  7402ebfdc018a1c58d5ecb44fc0cd1060ce928232b960551c3a16c5c2ad2edc8

                                  SHA512

                                  0ad06c601ae02186f69edcf81f03ffe84c3045d420777c7226508332518a542e4e039ce0d22e142ddeb6aaed39ecdadd4a8fa1f44924ddba7f4d69e14a3b4e14

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{99d1d096-6454-944e-ad58-825ef416ba7f}\SETE008.tmp
                                  Filesize

                                  39KB

                                  MD5

                                  9162fc3636e8a4b671ca03788a3c85a2

                                  SHA1

                                  dffd524b69bcb5f6d39e550af1e373f6d88fde19

                                  SHA256

                                  ae930e02051dfd0ac934ca51a7a12b1d790fdec128b198e74f77f319df99267d

                                  SHA512

                                  f5c3b87ba0bf6b1d5f6b44e02af36594948adcff6b6453cbb1a253e189ce4546ec4850eebf66cc2cbff9b378101c498f103820c562cac3aaff47be167f98cd4d

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{b0d8fb5b-a4b2-2b49-a39a-ad596cfe9252}\SETDEFC.tmp
                                  Filesize

                                  23KB

                                  MD5

                                  0cd41ca34698f531e651fbe9e6dde112

                                  SHA1

                                  fb14f622c7b638f680d42835e7a1ba73a0464e68

                                  SHA256

                                  4f498983af9779f7490c2990955669906e1007481d77d99bd2b5b99ec502c86a

                                  SHA512

                                  50892334f6fbcd0d9ed8aac470f6ba95ee3a0af8e0d7416e014f710ae981b6fee15385e82776086cd86ffe9ab38b14e2ed5934428317ffbe0d2f19e8064179b0

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{b0d8fb5b-a4b2-2b49-a39a-ad596cfe9252}\SETDEFD.tmp
                                  Filesize

                                  20KB

                                  MD5

                                  aac3dc46460233df1944616dc9b36e42

                                  SHA1

                                  1b1b912d4d15c9412d96eb0ccd5fdd1a1f2f4932

                                  SHA256

                                  b71d0f234c0be123ebf66741e887118c8a18e37cba741d119736f4b20d667e8a

                                  SHA512

                                  607908cfab9bcdabdba044b2baf99cbe31b3bac863ff74d205fbd0fc4d228064ba039703938cd918d58b2e1f85012de4a244e456f23e764c5350286ec732f12a

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{b0d8fb5b-a4b2-2b49-a39a-ad596cfe9252}\SETDEFE.tmp
                                  Filesize

                                  53KB

                                  MD5

                                  0cbb427b99e92d9a93945a6a4c8a3542

                                  SHA1

                                  203be2f89e4253c1858b19a7aae38f97070b5638

                                  SHA256

                                  8329f0e0ab0d6a7cf04ea73113936a671434c49831ec5d456de8d795522e39bb

                                  SHA512

                                  59e3fac734c682ff2744d2c6d478a5473d64606d70168e63d6f38e3adfb5dfb4d0697313ce489ef7e86611dafdd5c9b471ab285a3ed49001bab2bd079d3241f1

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{d00e6c8e-e99d-bc42-94b4-60224b45f64d}\SETEFD5.tmp
                                  Filesize

                                  10KB

                                  MD5

                                  0384a2b6049d60c57bb6bee37872de00

                                  SHA1

                                  84523d28859d8500df8771caf604a587cdd64fae

                                  SHA256

                                  318e776e704c7a019377e20facda65f9afb3493990631ff470050b310511069b

                                  SHA512

                                  1e0623f18a34ee5ba23787a5d3d4849f03a7e659870a2e807a9819b4457afebfbf24c1e372b9b0587c2ff412d8bcfcaa7f14dfcd04dcc00d9f91d65dc0fc129b

                                  Download Submit

                                • C:\Windows\System32\DriverStore\Temp\{d00e6c8e-e99d-bc42-94b4-60224b45f64d}\SETEFD6.tmp
                                  Filesize

                                  2KB

                                  MD5

                                  5d83159fca849890c4d411c368bab3d0

                                  SHA1

                                  5e127defd5fdffc3810f6fe6767cd13360b253a4

                                  SHA256

                                  77e88a0f3a31f1917e965d3af8109bcbd78616827ecd3f985323a28adcb13761

                                  SHA512

                                  d280c02962eae2d9cca026758c9e22c9e067fab42b9500d9f25a1dce22d55677a5dc0b2b85f2b28ad136a54cd02907ac2b88c053761c4f11da8bb6306054460b

                                  Download Submit

                                • C:\Windows\System32\catroot2\dberr.txt
                                  Filesize

                                  93KB

                                  MD5

                                  e2b12e70cb6b669103ae24763be647b3

                                  SHA1

                                  858b5acedfaadfbfccd56282089a442f1aba950b

                                  SHA256

                                  1c4c1450aea507842cfc41d4bd88149a48cc6ae7cb8f0002c26f145149eb0a14

                                  SHA512

                                  e6f2fa1930acf81ca77155d17ca109549df99bbd6ecbd2ef7ad79cec48196ed8f797a81ddfe59fbe41da6baa3aff379e257df43073cfee19031b4bb2aa60db35

                                  Download Submit

                                • C:\Windows\Temp\{6EF20E4F-9F91-43BC-A2A8-3BDA6B1B3592}\.ba\logo.png
                                  Filesize

                                  1KB

                                  MD5

                                  d6bd210f227442b3362493d046cea233

                                  SHA1

                                  ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                                  SHA256

                                  335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                                  SHA512

                                  464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                                  Download Submit

                                • C:\Windows\Temp\{6EF20E4F-9F91-43BC-A2A8-3BDA6B1B3592}\.be\VC_redist.x86.exe
                                  Filesize

                                  634KB

                                  MD5

                                  2389d29f633df11642dff1bf5f21eb35

                                  SHA1

                                  ce85460fd7cde25528142f4cdca4e6013bb4b1e8

                                  SHA256

                                  ab91fbaab09a94839ba839275338ac42fe2661781d371e517f9b2e4866e2cc55

                                  SHA512

                                  59d607112566d13d15a8de8e18be204e8bf0d2010310ebc9c8589ceb42fb8fce7800a6e58f30ffb92d4c1b3e0d17c1a2076a478de753e5334971465c52f8eeed

                                  Download Submit

                                • C:\Windows\Temp\{80423B88-F6CF-4A55-AD7D-4271BBDB195C}\.ba\license.rtf
                                  Filesize

                                  9KB

                                  MD5

                                  04b33f0a9081c10e85d0e495a1294f83

                                  SHA1

                                  1efe2fb2d014a731b752672745f9ffecdd716412

                                  SHA256

                                  8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b

                                  SHA512

                                  d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685

                                  Download Submit

                                • C:\Windows\Temp\{80423B88-F6CF-4A55-AD7D-4271BBDB195C}\.ba\thm.wxl
                                  Filesize

                                  2KB

                                  MD5

                                  fbfcbc4dacc566a3c426f43ce10907b6

                                  SHA1

                                  63c45f9a771161740e100faf710f30eed017d723

                                  SHA256

                                  70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce

                                  SHA512

                                  063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

                                  Download Submit

                                • C:\Windows\Temp\{80423B88-F6CF-4A55-AD7D-4271BBDB195C}\.ba\thm.xml
                                  Filesize

                                  8KB

                                  MD5

                                  f62729c6d2540015e072514226c121c7

                                  SHA1

                                  c1e189d693f41ac2eafcc363f7890fc0fea6979c

                                  SHA256

                                  f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916

                                  SHA512

                                  cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

                                  Download Submit

                                • C:\Windows\Temp\{80423B88-F6CF-4A55-AD7D-4271BBDB195C}\.be\VC_redist.x64.exe
                                  Filesize

                                  635KB

                                  MD5

                                  7cf46d8dfb686998aaaf81e27b995e8c

                                  SHA1

                                  c5638a049787ce441c9720c92d3cd02aa3b02429

                                  SHA256

                                  120019a0ac9f54224fc9787afba241bd9faaecef489be5a660bb16e85df052e4

                                  SHA512

                                  66cf76324e373d3be6cbef39535b419eda486a8f43c305c38a8c01cfc05f9e4073aeade808db8dea306fd3251955e177e45ab578a57114bac1d2df54b4e95efe

                                  Download Submit

                                • C:\Windows\Temp\{CB9AB529-EB83-44FE-8F36-0F346E94993F}\.ba\wixstdba.dll
                                  Filesize

                                  191KB

                                  MD5

                                  eab9caf4277829abdf6223ec1efa0edd

                                  SHA1

                                  74862ecf349a9bedd32699f2a7a4e00b4727543d

                                  SHA256

                                  a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

                                  SHA512

                                  45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

                                  Download Submit

                                • \Users\Admin\AppData\Local\Temp\nsqA25C.tmp\AccessControl.dll
                                  Filesize

                                  18KB

                                  MD5

                                  8ba5babf624ee3b535afbe223a2393ba

                                  SHA1

                                  13ce7fa6b85586413bf6b02ac484d1c5b44636aa

                                  SHA256

                                  87089948a8f2ea190d97d2b8409432da2042aa64c4284e477db73777eaabaf19

                                  SHA512

                                  1e99da986d155a1b6c9dad232c675fc6014d7da4dde5d45b680ecfff9875ca6e53854182b3ca0a8397e0b390b248b411c171997f6b4b580dd07fee04d03e9731

                                  Download Submit

                                • \Users\Admin\AppData\Local\Temp\nsqA25C.tmp\ExecDos.dll
                                  Filesize

                                  16KB

                                  MD5

                                  5d207458f7c02bc22a71cc67f2f570ff

                                  SHA1

                                  883ac68339d3894f8e3516a38d2d26ba0d9ee941

                                  SHA256

                                  a7b1a9a82c79c6dd013e16b330c095b54e44d7bad2678a820cdd282af13f7463

                                  SHA512

                                  40661ba2035bafc14e1a87faf5ca511a14b4191340b57871747e87013d2b724237166c37ed4a72afb4de2b8cc399ad3284eba660617899d0e0b13dafd197e4cc

                                  Download Submit

                                • \Users\Admin\AppData\Local\Temp\nsqA25C.tmp\LangDLL.dll
                                  Filesize

                                  5KB

                                  MD5

                                  014a3be4a7c1ccb217916dbf4f222bd1

                                  SHA1

                                  9b4c41eb0e84886beb5591d8357155e27f9c68ed

                                  SHA256

                                  09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

                                  SHA512

                                  0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

                                  Download Submit

                                • \Users\Admin\AppData\Local\Temp\nsqA25C.tmp\LinkerCb.dll
                                  Filesize

                                  17KB

                                  MD5

                                  17de29ec7905369318730fee1784806a

                                  SHA1

                                  5ce8bfc815b6fc4e69495767910974b0e0cc39ec

                                  SHA256

                                  eeee7c6822c659e6724055ca0f387b7484fa50c7a4fdb6a56addbb7e56f2e5e3

                                  SHA512

                                  8cb451526dff0cd6196553e0b2a525755496ce71c6bedbf12479f423f18d4384a7996dbc453cb1bc8b5ac97e3d31d84d77710045bd7204817985c0665af3faf4

                                  Download Submit

                                • \Users\Admin\AppData\Local\Temp\nsqA25C.tmp\Processes.dll
                                  Filesize

                                  59KB

                                  MD5

                                  c61462c502eb7740e7569918a642c7b1

                                  SHA1

                                  e696858eafe233f142b8b2854b2a0184290da852

                                  SHA256

                                  796bc9e3e34fbe23b1696c122d9537f5e60f4d4fd216f2b33ae05626f96aa223

                                  SHA512

                                  81874ffbd8e45c7d6cdcd03313650c8c82c589db55b55ba2069f90a42132349f14db2a612ee93168dbd728bd45717a3b1d71f42fa5b05fe92f2cd36683cff868

                                  Download Submit

                                • \Users\Admin\AppData\Local\Temp\nsqA25C.tmp\System.dll
                                  Filesize

                                  12KB

                                  MD5

                                  564bb0373067e1785cba7e4c24aab4bf

                                  SHA1

                                  7c9416a01d821b10b2eef97b80899d24014d6fc1

                                  SHA256

                                  7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

                                  SHA512

                                  22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

                                  Download Submit

                                • \Users\Admin\AppData\Local\Temp\nsqA25C.tmp\nsDialogs.dll
                                  Filesize

                                  9KB

                                  MD5

                                  48f3e7860e1de2b4e63ec744a5e9582a

                                  SHA1

                                  420c64d802a637c75a53efc8f748e1aede3d6dc6

                                  SHA256

                                  6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156

                                  SHA512

                                  28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583

                                  Download Submit

                                • memory/500-5413-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-509-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-569-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-533-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-532-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-524-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-525-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-5488-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-516-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-517-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-508-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-2599-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-500-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-5617-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-501-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-493-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-195-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-5283-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-5282-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-4024-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-4660-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-4649-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/500-4637-0x0000000073450000-0x000000007345B000-memory.dmp

                                  Filesize

                                  44KB

                                  Download

                                • memory/584-5268-0x0000000000400000-0x0000000000860000-memory.dmp

                                  Filesize

                                  4.4MB

                                  Download

                                • memory/1264-5787-0x000002CBA7300000-0x000002CBA7400000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/1264-5788-0x000002CBA7300000-0x000002CBA7400000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/1472-4321-0x00007FF791280000-0x00007FF7918DA000-memory.dmp

                                  Filesize

                                  6.4MB

                                  Download

                                • memory/1732-5455-0x0000000000400000-0x0000000000860000-memory.dmp

                                  Filesize

                                  4.4MB

                                  Download

                                • memory/2284-6223-0x0000023FFA340000-0x0000023FFA342000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-6219-0x0000023FFA300000-0x0000023FFA302000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-6221-0x0000023FFA320000-0x0000023FFA322000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-6225-0x0000023FFA360000-0x0000023FFA362000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-6227-0x0000023FFA370000-0x0000023FFA372000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-5951-0x0000023FF5D30000-0x0000023FF5D32000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-6214-0x0000023FFA260000-0x0000023FFA262000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-5953-0x0000023FF5DF0000-0x0000023FF5DF2000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-6212-0x0000023FFA240000-0x0000023FFA242000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2284-5948-0x0000023FF5D00000-0x0000023FF5D02000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/2296-5919-0x0000000066770000-0x0000000066A9D000-memory.dmp

                                  Filesize

                                  3.2MB

                                  Download

                                • memory/3436-5204-0x0000000000400000-0x0000000000860000-memory.dmp

                                  Filesize

                                  4.4MB

                                  Download

                                • memory/4164-4328-0x00007FF791280000-0x00007FF7918DA000-memory.dmp

                                  Filesize

                                  6.4MB

                                  Download

                                • memory/4652-5142-0x00007FF6855A0000-0x00007FF6859AF000-memory.dmp

                                  Filesize

                                  4.1MB

                                  Download

                                • memory/4928-5099-0x0000000000400000-0x0000000000860000-memory.dmp

                                  Filesize

                                  4.4MB

                                  Download

                                • memory/5284-4123-0x00000237CD090000-0x00000237CD0CE000-memory.dmp

                                  Filesize

                                  248KB

                                  Download

                                • memory/5284-4122-0x00000237CB860000-0x00000237CB872000-memory.dmp

                                  Filesize

                                  72KB

                                  Download

                                • memory/5284-4108-0x00000237CB460000-0x00000237CB46A000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/5284-4109-0x00000237E5AB0000-0x00000237E5C22000-memory.dmp

                                  Filesize

                                  1.4MB

                                  Download

                                • memory/5664-4027-0x0000000000850000-0x00000000008C7000-memory.dmp

                                  Filesize

                                  476KB

                                  Download

                                • memory/5864-4064-0x0000000000850000-0x00000000008C7000-memory.dmp

                                  Filesize

                                  476KB

                                  Download

                                • memory/5884-4065-0x0000000000850000-0x00000000008C7000-memory.dmp

                                  Filesize

                                  476KB

                                  Download

                                • memory/6164-4154-0x00007FF791280000-0x00007FF7918DA000-memory.dmp

                                  Filesize

                                  6.4MB

                                  Download

                                • memory/6300-5079-0x0000000000400000-0x0000000000860000-memory.dmp

                                  Filesize

                                  4.4MB

                                  Download

                                • memory/6424-5556-0x0000024001500000-0x0000024001510000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/6424-5540-0x0000024001400000-0x0000024001410000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/6424-5577-0x0000024005760000-0x0000024005762000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/6932-3767-0x0000000000260000-0x00000000002D7000-memory.dmp

                                  Filesize

                                  476KB

                                  Download

                                • memory/6996-5464-0x00007FF7FD290000-0x00007FF7FE740000-memory.dmp

                                  Filesize

                                  20.7MB

                                  Download

                                • memory/7148-3804-0x0000000000260000-0x00000000002D7000-memory.dmp

                                  Filesize

                                  476KB

                                  Download

                                • memory/7172-3805-0x0000000000260000-0x00000000002D7000-memory.dmp

                                  Filesize

                                  476KB

                                  Download

                                • memory/7756-5389-0x0000000000400000-0x0000000000860000-memory.dmp

                                  Filesize

                                  4.4MB

                                  Download