69b331774cabf4fe0e5b59ac6d139ad7d5186f69789438e0d13ac76e5fe834b6

Analysis

max time kernel
1163s
max time network
1199s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11-09-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

010f2e42f7cd76ce4d324b3b53ee58fe
SHA1

dcdfb3e6f0a4531e7d905afa6fb46e39d8a72fa3
SHA256

69b331774cabf4fe0e5b59ac6d139ad7d5186f69789438e0d13ac76e5fe834b6
SHA512

6c52793e5f727ce2967fedf589bd139a9cf7c6eddd5bdcb8645bdabfbc956fccdc6ee0d928077308957695719d48b6b6cbf501eb884c35c5e7b43baf98674067
SSDEEP

384:Z0Zspa1ocy4D4lbGawMvhpNUB658yn2MFV1EY04Tolwfm1xCejiw:Zm1ocy4sEabJpN86CyFTEY04TolmYxPF

Score

7^/10

steam defense_evasion discovery persistence phishing

Malware Config

Signatures

Executes dropped EXE 20 IoCs

pid	Process
2596	SteamSetup.exe
5768	steamservice.exe
5808	steam.exe
8548	steam.exe
8724	steamwebhelper.exe
8872	steamwebhelper.exe
9020	steamwebhelper.exe
9180	steamwebhelper.exe
9288	gldriverquery64.exe
9328	steamwebhelper.exe
9384	steamwebhelper.exe
9644	gldriverquery.exe
9692	vulkandriverquery64.exe
9832	vulkandriverquery.exe
4408	steamerrorreporter.exe
14048	steamwebhelper.exe
14228	steamwebhelper.exe
14500	steamerrorreporter.exe
15284	steamwebhelper.exe
15588	steamwebhelper.exe

Loads dropped DLL 64 IoCs

pid	Process
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8872	steamwebhelper.exe
8872	steamwebhelper.exe
8872	steamwebhelper.exe
8548	steam.exe
9020	steamwebhelper.exe
9020	steamwebhelper.exe
9020	steamwebhelper.exe
9020	steamwebhelper.exe
9020	steamwebhelper.exe
9020	steamwebhelper.exe
8548	steam.exe
9020	steamwebhelper.exe
9180	steamwebhelper.exe
9180	steamwebhelper.exe
9180	steamwebhelper.exe
8548	steam.exe
9328	steamwebhelper.exe
9328	steamwebhelper.exe
9328	steamwebhelper.exe
9384	steamwebhelper.exe
9384	steamwebhelper.exe
9384	steamwebhelper.exe
9384	steamwebhelper.exe
4408	steamerrorreporter.exe
4408	steamerrorreporter.exe
14048	steamwebhelper.exe
14048	steamwebhelper.exe
14048	steamwebhelper.exe
14048	steamwebhelper.exe
14228	steamwebhelper.exe
14228	steamwebhelper.exe
14228	steamwebhelper.exe
14500	steamerrorreporter.exe
14500	steamerrorreporter.exe
15284	steamwebhelper.exe
15284	steamwebhelper.exe
15284	steamwebhelper.exe
15284	steamwebhelper.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"	SteamSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand steam.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\bootstrapper.jpg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamclean_greek.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamclean_portuguese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps4_trackpad_l_touch_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_outlined_button_triangle_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_l2.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\ghost_045_move_0180.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_vr_disabled.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_russian.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_r_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\bin\friendsui.dll_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\icon_topofqueue.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\config1.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_dpad_up_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_touchpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\broadcastinvitebar.res_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_color_outlined_button_a_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0130.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\vrwarning_dialog.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamclean_polish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\public\steamui_finnish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_triangle.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_outlined_button_square_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps_color_outlined_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_045_move_0402.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOnBottomLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_dpad_right_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps_color_outlined_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sc_button_r_arrow.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_left_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_010_wpn_0511.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\binding_icons\ghost_080_input_0020.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\images\test_hero_image_mask.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\localization\xbox_360_japanese.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\bigpicture_gyro.vdf_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps5_trackpad_r_up_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_button_steam_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_profanity_brazilian.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\steamui\libraries\libraries~5303f55e9.js_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\friends\voice_hang_up.wav_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\overlay_finnish.txt_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_color_outlined_button_square.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_button_x_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_dutch.txt.gz_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\sc_dpad_down.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnDefTopRight.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\joyconpair_right_sr.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\ps_button_x_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\sd_ltrackpad_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\switchpro_button_minus.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_right_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps5_trackpad_l_touch_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\shared_dpad_right.svg_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\light\ps4_trackpad_click_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\graphics\btnOvrOnTopLeft.tga_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\shared_rstick_up_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\dark\xbox_p1_md.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps4_trackpad_r_ring_lg.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\ps5_trackpad_l_down_sm.png_	steam.exe
File created	C:\Program Files (x86)\Steam\package\tmp\controller_base\images\api\knockout\sd_rtrackpad_lg.png_	steam.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gldriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vulkandriverquery.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SteamSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamservice.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steam.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	steamwebhelper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	steamwebhelper.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "1975725420"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31130776"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705583463520545"	chrome.exe

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\DefaultIcon\ = "steam.exe"	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\Shell\Open\Command	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\URL Protocol	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol"	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink	steamservice.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{2946CEBA-7E89-42AA-BF2A-D9CB355FDD8D}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\""	steamservice.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\DefaultIcon\ = "steam.exe"	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steamlink	steamservice.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\DefaultIcon	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\Shell\Open\Command	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\Shell	steamservice.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\steam\Shell\Open	steamservice.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{DFE2A850-CA1F-4413-B734-A2D9AA6C1938}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 267820.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
5804	msedge.exe
5804	msedge.exe
1228	identity_helper.exe
1228	identity_helper.exe
5664	msedge.exe
5664	msedge.exe
1368	msedge.exe
1368	msedge.exe
5020	msedge.exe
5020	msedge.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2596	SteamSetup.exe
2672	msedge.exe
2672	msedge.exe
1884	msedge.exe
1884	msedge.exe
980	msedge.exe
980	msedge.exe
1108	identity_helper.exe
1108	identity_helper.exe
2652	msedge.exe
2652	msedge.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe
8548	steam.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8548	steam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	5768	steamservice.exe
Token: SeSecurityPrivilege	5768	steamservice.exe
Token: 33	232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	232	AUDIODG.EXE
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe
Token: SeShutdownPrivilege	8724	steamwebhelper.exe
Token: SeCreatePagefilePrivilege	8724	steamwebhelper.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
8724	steamwebhelper.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
16536	chrome.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe
18740	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2596	SteamSetup.exe
5768	steamservice.exe
8548	steam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 1668	4016	msedge.exe	81
PID 4016 wrote to memory of 1668	4016	msedge.exe	81
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 1616	4016	msedge.exe	82
PID 4016 wrote to memory of 5804	4016	msedge.exe	83
PID 4016 wrote to memory of 5804	4016	msedge.exe	83
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84
PID 4016 wrote to memory of 1688	4016	msedge.exe	84

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff6a013cb8,0x7fff6a013cc8,0x7fff6a013cd8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,5039537141114709808,9432124916116404060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Users\Admin\Downloads\SteamSetup.exe
  "C:\Users\Admin\Downloads\SteamSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2596
- - C:\Program Files (x86)\Steam\bin\steamservice.exe
    "C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2580

C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:5808
- C:\Program Files (x86)\Steam\steam.exe
  "C:\Program Files (x86)\Steam\steam.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:8548
- - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=8548" "-buildid=1721173382" "-steamid=0" "-logdir=C:\Program Files (x86)\Steam\logs" "-uimode=7" "-startcount=0" "-userdatadir=C:\Users\Admin\AppData\Local\Steam\cefdata" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Program Files (x86)\Steam\clientui" "-steampath=C:\Program Files (x86)\Steam\steam.exe" "-launcher=0" --valve-enable-site-isolation --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt" --disable-quick-menu "--disable-features=SpareRendererForSitePerProcess,DcheckIsFatal"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    PID:8724
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1721173382 --initial-client-data=0x350,0x354,0x358,0x320,0x35c,0x7fff560bee38,0x7fff560bee48,0x7fff560bee58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:8872
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1672 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9020
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2144 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9180
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=2428 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9328
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --first-renderer-process --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:9384
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=1620 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14048
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --mojo-platform-channel-handle=3204 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:14228
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3524 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:15284
  - - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
      "C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\Steam\cefdata" --buildid=1721173382 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3868 --field-trial-handle=1716,i,13284840796387747205,5831347620482112043,131072 --disable-features=BackForwardCache,DcheckIsFatal,SpareRendererForSitePerProcess,WinUseBrowserSpellChecker /prefetch:1
      4⤵
      Executes dropped EXE
      PID:15588
- - C:\Program Files (x86)\Steam\bin\gldriverquery64.exe
    .\bin\gldriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:9288
- - C:\Program Files (x86)\Steam\bin\gldriverquery.exe
    .\bin\gldriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9644
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery64.exe
    .\bin\vulkandriverquery64.exe
    3⤵
    - Executes dropped EXE
    PID:9692
- - C:\Program Files (x86)\Steam\bin\vulkandriverquery.exe
    .\bin\vulkandriverquery.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:9832
- - C:\Program Files (x86)\Steam\steamerrorreporter.exe
    C:\Program Files (x86)\Steam\steam
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4408
- - C:\Program Files (x86)\Steam\steamerrorreporter.exe
    C:\Program Files (x86)\Steam\steam
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:14500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff6a013cb8,0x7fff6a013cc8,0x7fff6a013cd8
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:19692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:8688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,17127620612370905299,8878521625879787454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:8796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:16536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff6992cc40,0x7fff6992cc4c,0x7fff6992cc58
  2⤵
  PID:16560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:16748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:16768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:16792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:17048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:17060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4352,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:17328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:17532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:17540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:17732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5080,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:17812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=224,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:18228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3296,i,17838878871354831258,18322349670799136617,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:18236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:17108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:17616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:17656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:18740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff6a013cb8,0x7fff6a013cc8,0x7fff6a013cd8
  2⤵
  PID:18732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:18904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:18940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:18960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:19100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:19108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:19504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:19600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:20488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:20220
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:20064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:20492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:20448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:20840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:20848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:21108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:21096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:21340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4869051766289019276,3275130112761134452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:22764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:19296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:19356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0
1⤵
PID:21376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steam\Steam.exe

Filesize
4.2MB

MD5
33bcb1c8975a4063a134a72803e0ca16

SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

Download Submit
C:\Program Files (x86)\Steam\bin\SteamService.exe

Filesize
2.5MB

MD5
ba0ea9249da4ab8f62432617489ae5a6

SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7

SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\[email protected]_

Filesize
15KB

MD5
577b7286c7b05cecde9bea0a0d39740e

SHA1
144d97afe83738177a2dbe43994f14ec11e44b53

SHA256
983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

SHA512
8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

Download Submit
C:\Program Files (x86)\Steam\package\tmp\graphics\icon_button_news_mousedown.tga_

Filesize
20KB

MD5
00bf35778a90f9dfa68ce0d1a032d9b5

SHA1
de6a3d102de9a186e1585be14b49390dcb9605d6

SHA256
cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

SHA512
342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

Download Submit
C:\Program Files (x86)\Steam\package\tmp\resource\filter_clean_bulgarian.txt.gz_

Filesize
23B

MD5
836dd6b25a8902af48cd52738b675e4b

SHA1
449347c06a872bedf311046bca8d316bfba3830b

SHA256
6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

SHA512
6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

Filesize
4KB

MD5
0340d1a0bbdb8f3017d2326f4e351e0a

SHA1
90d078e9f732794db5b0ffeb781a1f2ed2966139

SHA256
0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544

SHA512
9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

Filesize
6KB

MD5
4c81277a127e3d65fb5065f518ffe9c2

SHA1
253264b9b56e5bac0714d5be6cade09ae74c2a3a

SHA256
76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9

SHA512
be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

Filesize
4KB

MD5
2158881817b9163bf0fd4724d549aed4

SHA1
c500f2e8f47a11129114ee4f19524aee8fecc502

SHA256
650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7

SHA512
f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

Filesize
4KB

MD5
03b664bd98485425c21cdf83bc358703

SHA1
0a31dcfeb1957e0b00b87c2305400d004a9a5bdb

SHA256
fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115

SHA512
4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

Filesize
4KB

MD5
31a29061e51e245f74bb26d103c666ad

SHA1
271e26240db3ba0dcffc10866ccfcfa1c33cf1cc

SHA256
56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192

SHA512
f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

Filesize
4KB

MD5
da6cd2483ad8a21e8356e63d036df55b

SHA1
0e808a400facec559e6fbab960a7bdfaab4c6b04

SHA256
ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6

SHA512
06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

Filesize
4KB

MD5
9e62fc923c65bfc3f40aaf6ec4fd1010

SHA1
8f76faff18bd64696683c2a7a04d16aac1ef7e61

SHA256
8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7

SHA512
c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

Filesize
4KB

MD5
10c429eb58b4274af6b6ef08f376d46c

SHA1
af1e049ddb9f875c609b0f9a38651fc1867b50d3

SHA256
a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13

SHA512
d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

Filesize
4KB

MD5
5c026fd6072a7c5cf31c75818cddedec

SHA1
341aa1df1d034e6f0a7dff88d37c9f11a716cae6

SHA256
0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382

SHA512
f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

Filesize
6KB

MD5
189ba063d1481528cbd6e0c4afc3abaa

SHA1
40bdd169fcc59928c69eea74fd7e057096b33092

SHA256
c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695

SHA512
ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

Filesize
4KB

MD5
18aaaf5ffcdd21b1b34291e812d83063

SHA1
aa9c7ae8d51e947582db493f0fd1d9941880429f

SHA256
1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5

SHA512
4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

Filesize
4KB

MD5
1514d082b672b372cdfb8dd85c3437f1

SHA1
336a01192edb76ae6501d6974b3b6f0c05ea223a

SHA256
3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4

SHA512
4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

Filesize
4KB

MD5
8958371646901eac40807eeb2f346382

SHA1
55fb07b48a3e354f7556d7edb75144635a850903

SHA256
b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585

SHA512
14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

Filesize
5KB

MD5
7e1d15fc9ba66a868c5c6cb1c2822f83

SHA1
bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7

SHA256
fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265

SHA512
0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

Filesize
4KB

MD5
202b825d0ef72096b82db255c4e747fa

SHA1
3a3265e5bbaa1d1b774195a3858f29cea75c9e75

SHA256
3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314

SHA512
e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

Filesize
4KB

MD5
7913f3f33839e3af9e10455df69866c2

SHA1
15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25

SHA256
05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c

SHA512
534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

Filesize
4KB

MD5
58e0fcbee3cca4ef61b97928cfe89535

SHA1
1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b

SHA256
c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425

SHA512
99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

Filesize
4KB

MD5
9b0b0e82f753cc115d87c7199885ad1b

SHA1
5743a4ab58684c1f154f84895d87f000b4e98021

SHA256
0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32

SHA512
b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

Filesize
4KB

MD5
eb8926608c5933f05a3f0090e551b15d

SHA1
a1012904d440c0e74dad336eac8793ac110f78f8

SHA256
2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04

SHA512
9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

Filesize
4KB

MD5
6367f43ea3780c4ee166454f5936b1a8

SHA1
027a2c24c8320458c49cd78053f586cb4d94ee6f

SHA256
f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998

SHA512
31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

Filesize
6KB

MD5
e04ad6c236b6c61fc53e2cb57ced87e8

SHA1
e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4

SHA256
08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e

SHA512
0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

Filesize
4KB

MD5
56dcf7b68f70826262a6ffaffe6b1c49

SHA1
12e4272ba0e4eabc610670cdc6941f942da1eb6a

SHA256
948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f

SHA512
c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

Filesize
4KB

MD5
66456d2b1085446a9f2dbd9e4632754b

SHA1
8da6248b57e5c2970d853b8d21373772a34b1c28

SHA256
c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4

SHA512
196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

Download Submit
C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

Filesize
4KB

MD5
b2248784049e1af0c690be2af13a4ef3

SHA1
aec7461fa46b7f6d00ff308aa9d19c39b934c595

SHA256
4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690

SHA512
f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8724_693386464\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping8724_693386464\manifest.json

Filesize
1003B

MD5
32ef54fcac37d3d390c05880067559d6

SHA1
ab44258473c7c1a920596ccc33463a765e5fe60f

SHA256
d97f5e50808d1ef75bb241df2dde8f7293b9bfcd498dc525e258c97b39564211

SHA512
3bcdd94edb8b0df2d1684ef865f9711bf544c4c4f6adde927611b648dab2776e398e3b29681369a80e8c7ebfb9cd100ba8469ea69c5034ec023c796d8cbfefa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f710d85768d1b5a28a113064a81b8143

SHA1
78003a3fffda9d226986bedb7583b54043f76e1e

SHA256
5a61814ac2db09e8d7351da622a9e361ac44c3d08d5f472d16d24495ece9a285

SHA512
a9d5797c7d334f7eaf976d8003b0674f098b2fa9efdb5c40bdeecc7ca9b803cbf7506e0bf856a7e97fdff1a8bc315506cf47f436ef25b72fc2944ac3edd02185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b82f13376379be5c0aa369d4a683ad2b

SHA1
daf1efe0ff3e1a7e3edc2f150eca21b6b7f18703

SHA256
8375aa180ee102afdcf98b6f627b500b5943304384f67d1b1d28599d7238435e

SHA512
70848b8ee31d63d5eed4c0ad6b7f86ef04e486eeac0a6e5f0d4cc0f25f1792d9f8299b1ba4fdc92e1920eb38243ae6f3d4229cd29b65c4fdcb2530257b2c6663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
324f2c1ad2f0250500cadc5c0b6c258e

SHA1
2a548c168319f7f433382554014f89275475e2f2

SHA256
4705495cea07c25bc8fd43dd07de8f0e92615c8de2950cb02d16a1f8a937ae98

SHA512
11e8473180cc4346eb658b1c1ce4553a52147821ddcb49d22f0e9aa9105b87e62843e2f5bae76e1fc1f0c3e82e3724b78aea0887b992d9fcf7d7d8d8c20f547b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e71e09ce3696d1824e83865218abc09b

SHA1
5ab38b21adff66ede154066872a7440f8c7637b1

SHA256
790bed1791d8cea8bbe8b02aaf47670308d62ef9091bf6b3c5c136f6ea8ec65b

SHA512
9914903716ad0e149a975a6a4918398001518b8980f1a309d2ded0b9d1c05ebe92c096fb167321460e4d88dbe8424cc3f5de09ff9f0097cba6377ea2a66a3bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
111bc0a48aefc066389c5be257cf1dd6

SHA1
d1f125b30945de528d8183c18eb1c176f4188c2e

SHA256
aed0e205c69176e7bac96a11267408e7a817c182b121a35593f7c773fb04bbcc

SHA512
895aa7b3cea9cdf6930c0f722db5ce661d98ad45d98cf8cc18a187819bd1d3c6b0082b47db58e8d1c0bae7407c7a8e56a8f527212d81cc9d2b274c419e6b073a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fe081b19ff0d6e74138b25df678b4d3

SHA1
556122527afa672a85ac87f7def4d60bccd2051d

SHA256
3c7fc8b9f60033e15cbfa70601c433c15835ce332847a94014188231425eac6c

SHA512
2cca8604a766cfaab899a1f8536f473b3c2b232d0bdb3ddf4347379147886ff44c5d5ec94068c86401c8729b4128848ccfd7fb96ed37eb59b35809819c30d268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3abca6a63082faf5c757c5274a99a765

SHA1
bee8261023df44417159c70c2ee501e6533b2181

SHA256
d47863e40a183884a79a34efe190d15c3acf5e996fd08df8a68931cb97e52b89

SHA512
3d716b29511b2a6327b117ae89af956b78d6ce367bcf91e861ee801f5c2c825c11654306cec4533de5c7321d745e5790b231835db1539c2219def77000c0b343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce430dee616c972e496849574913ee5b

SHA1
2ca990f6a7e5a1eaad62a43735ab878a7152b359

SHA256
83b2c42277dac81c7fbe1f0175188956fea852755d4e8a3e9d885d041e0a4b18

SHA512
cc2839d7b67605ba90f473cadec84e5a01bd08e3e3a616be04df9af17bfbfb44ce2710e4c41bb949395ba17d4b4deb8628f0fa7891e97367d6c046cef74f86a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
59c98e43770a136d76d2367610eb8e09

SHA1
6dae0a55f23a233734b07dc9b665e22c408bbfd4

SHA256
a37eb9cbf5e17157dbf142357e5a717fc719790309891db45d9e7a26babc4603

SHA512
8ba6df923290a91c079f986a90e07ec1d13cacb09be5aa20cf14036f61a15c882538dbfc3023c1cf1a5700b654d53adfc121b7a4c602025a15c9b87f45618cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0fd957e-25d4-4b8f-88bb-0452a142fb0c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a665aa8820f87b0018d25dddbabca2f8

SHA1
b25ee22fd1f40fc31507a5fb060f7db56b5cf7a3

SHA256
a8763e3dcbeb76f2368a4c70a626aff89b85496c14d4ba387cf42f170419fc88

SHA512
cd8d56e8253eec87b3ef20099f833a9784dfc40871434b6c46a1461476e02a855f2187f7b9b959b6d3706cb354c74b0f78f7eddaad8b80bbe082fad7a99d1591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
98a45f22f165ea9bc0a715f78e1be4b0

SHA1
c62439a8e998bff03d6e4bef1f9f9b37de668492

SHA256
fc25886c3f70dcee2dadfa629594be3f5ae337c19ef3fdece4f6b81e1b60da7c

SHA512
fede04e4c6ba2e5f9769225e0b7a72e7e3606d0b1531a3e12a32dc7c5eb04c68c162e699bb64739e9c95d83085879e3baa519b3d1497f45846df2ba4b057a3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
209KB

MD5
663e8e054f97b0aecfcfc0d9d5223abd

SHA1
073b6fe778259d71a2961d6d1395751775590059

SHA256
ebc3a48fa859ed9f2674d861f73e105e046af289f4d37d20d714a2e0b504ad7e

SHA512
222908f3eb77d0846ca73b6e0c6cfbea8787656ce6fb0b840f815f5355cff26de3681d6d14222d62390437a60bac72536a4ad99be7ec9ae73ab8ab9871206ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\286b8e37-96f3-4c91-bf71-8611b2ffa63c.tmp

Filesize
10KB

MD5
7a31409b14f8823e53ada9c4391c9c21

SHA1
c62087d7e98687a8162a7b74b21d05085a82c3bc

SHA256
397f376fbac0d46b582127b1e3d43c39c4423dcd669e6fbe706fdb0a7c83b7f9

SHA512
29546f3f48f17a74bbdbc04adcf5020f7096f3682851d5302fea5be0f832311cce05f8f9c230cf960127d7dfdc6d5bc30c525fec5ac8f93091a45bbef5316b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f085fca849839bbbc809df3c8578e34f

SHA1
d91214ac5be960d2bb650aa5f55e537e8bae9016

SHA256
a02836424c3094e4a8a0f478dd58a7294f3eab9de354a7b7aa7eef30b4f3012d

SHA512
4e6bcd4efc3559d285332291ae0b507ccd3a9baa26a15fb0c505ce139d3608df7f58f7291a888d74dc12c7b2d8839bb5ddef7881591bcb24808df57e1dbbefe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd3446ae2d55693fe79e265b7b18f9f2

SHA1
69a833e9b63a6e5e4df7a6dc69d8f0266860b54a

SHA256
e56a4a745cf123122d945406e6b4f1a4260374fd02db0a70b1fdc527803c6dc0

SHA512
65610a6a1f03462a1d1b458a92c8559ee435ac3c9a2c952cef022647fd3b6afaf38490ae01713bacda8a5968a52a0ca1510597b95e16c6efc9480371372236bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\04a272b7-8ac7-48ea-8cc0-9bc46ac31be4.tmp

Filesize
8KB

MD5
f4581fce0b940a4626615e27c6001f6e

SHA1
4f3999db3c120ff21ce2f2985fd2c2c7d6ee883c

SHA256
eec12db4dedc7366809a90bceb5e5fac989637600c7084b9078ae84255eeda22

SHA512
c003353d08cf8e474bd8293ec43e56b09ab2a55939263632d5918611f5c0460e0ed433954660899bd3b02d80bffde03b447982deee9bfd965c09825d5fdef458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9230063e-b254-4bc8-923e-a163e4629f08.tmp

Filesize
1KB

MD5
76cdc9dc23fab03d9b91d9b36e42a958

SHA1
5632ad09fd994c7326ea51646bf04b84a34a9fbe

SHA256
b71892a8a4c730ff538fa769e1da3b1c668ddd9ddd76c48d5f53a083ebb7f86c

SHA512
ec8924436921a07874441cb08e6a0e9610c30b1877630aff375f5cb205fc960c67a52b5e5da2135b6636e4051abe3c90b7ee2188359908750c732b39ec18245e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
232KB

MD5
d17341f8e4567037d856e6951d7be9f8

SHA1
f8c5d5af767a316690529d78c2bbe0b0c1cb09dc

SHA256
8716ed84c48f15cf082984c6abef105ac808087ae9eb293cbf531661181f519b

SHA512
9d0567faecc65103f01fc0e2483b888036c229a5a46ae25923b9675b9ac0620a110371817b49dfc8953120315640c1ecd1b327a1b5be3bbdef359f0aa0b2c6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
20KB

MD5
4b0a4aa452ff59cf269110c7a4778a3b

SHA1
67011ac652f16d2fc06835eb51d7825e207b566a

SHA256
6d635a3e6392a6f7cc0d72a68cdb7de466ba9bebd2b438d0dc10726c50e9b8e5

SHA512
16719db3a149bcfebb0e78039df1e5cd477fea02524d787856ba91b7ca9254e94f7a6e9214ac372bd6176696032a8af2fbabffc37ba0a89bfcba631c1966ed10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
47KB

MD5
213af7ac1aa72e2c0c316743695b7cd0

SHA1
c93bf2de82958073a23b3a495356118ef718cecf

SHA256
f5680671f5dc330f962eb3de4164654e2c17284ac3a109f687ddabf104e25ce4

SHA512
d0e11f42a046682805d18a0a133df1c8c4272b94117de503dd4992c34f93e516b7decbf77496f45768aeb1a95f1493f74f5ff732e9b42efa6bff1b47e9b0c1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

Filesize
1024KB

MD5
50c61c1ca7bb194767cbc18ac561c6e3

SHA1
467a44695edb52e4c926e0074f46c3919eb71a35

SHA256
0a30966859f82a5f8afb3e28c17c756690cbc1d3c1b97ae9ecb84f14a69c1a43

SHA512
8f7857ec7b1cc9a280588b9e02b3dc9909f85acb03f672b8f9a2fe9c1066cc3376c0e0e2cc5d9a08063f0bb773fa16669a38e3ade68c05129c072ee45af67b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

Filesize
526KB

MD5
bf48fe751f99d4f07510a1cff9d3e3a4

SHA1
a140d639dbcb633c5fb8b7af10726a53ba6ebc41

SHA256
1203f243d7688bc761d443fd3929b8de5b5c92eaab3d2e37ed3d6d3db274b97f

SHA512
b08ada19b5055389cfca5585401255b38e5f2effc16ad5ada44212a6ecbe92756dd268e28a8cd66395c09e2ad2e70eec9260a885772b0eda25c7c591c7186a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
0b54262610b1ddd24f320b86f401a4f3

SHA1
9494b331cba59dbc546e64fc0a355d6f1241115c

SHA256
fb6f40c39aa2dcb52933521f88053d764fcff8ba5f5a823710c7a5f3805dd7ad

SHA512
4646c7a3e195d07fc57f8b00eacb917893e49fdeb938ad58dd26be6ddc5f62f2ef66d838e2ccf8c9acfe0d3ebef0fd8b3035b71bb8e3f2e76e42ee4fd0e1e703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cd12c7079b1fa2565ac39d333891d8c6

SHA1
d815b0a7dce5376e54c6fbb8ff956ea57e165e15

SHA256
2a29657014164dc829b9c4e36a576276851489150884a0c19dc821373870c729

SHA512
22046c3d7eb0599bcc2dedd1e49f947bbbfa2a42b7ad432b6e26de10a07fd61b9b1aad54edb17452e8478a995f50ee1634bf2bf1990e74010f06c3d0de05b5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d7f23d198474490df50858c4d3db2c08

SHA1
4b867f16d988c648b7e56715bf3379062c26d5b8

SHA256
77d895934a2c1045734ea32e138528998ec09733a7394ff1bdeb29f3e3615104

SHA512
c4b2df3a27a4da48ce748003e3de9284952f25fed5b31e9cd28e5a3d079c2b0689c5556753361eacde849c293a495496fc328a8665ce2a8edb997232a8d95384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
63a4112239d809e6f02ec84418ed9dd0

SHA1
9cdacf1e2267a2ac94254f6d4b68b31b042a9a5c

SHA256
2970fc7c2485316de3671b8ec79cb94ea75f7f8409b7af9755cc0bad7b12070c

SHA512
ec1e6ca472e32219f97799dc844cbf8ab38bc1cc13682357c032bf01538be3b2ff91182a9f584bdc94403cc700e32da6d8996578ee6ea89d3ea91a89d5140f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
d732261958e205737b4feb108258938c

SHA1
8eec30dbc59a6e34ec375dff1a323eb0aa3c2bd6

SHA256
b0ee021ed8e7d227f2e4f398d250b0ee85bea8e7315a7732ea7307d16ef9a468

SHA512
81d5a5b0c3b20781fc719bc910589b92de6a8daf5fdd48148c088e28b5f11f86fad5ae93edce91befef57596c3d42471420716bb9ab74ca7dcbd6e9719962958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
619B

MD5
66847a8128c128b5731799570ac7f662

SHA1
e7cec1b34dde1e05c8b4822d9100903b15a822de

SHA256
f828bfbf282b0569a9b4bf0a3b362e5176aa0bb034c4b9e053c9a5f76ee3ee23

SHA512
d199cadd8949e9de238c6a7001469ec28d8478e6318776945faa2facb82acd972b23a276289d35b9033dc355db1a1c007f0362cdc268f4ef12756e4fce549af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8dcdb740259e5b231664da75e59c9cdf

SHA1
b15cf07d5094d088d0f663cd54d2f663991e758c

SHA256
10de7e8abe76452e32e9e3a9b80267104375b6f8e2a6e19cdde6c5708339f624

SHA512
290ad320ffde288daafab15e901874ecc08a795343da9324b93236c558e04690dc5b6a6dc945752fd4827d8fde20d8bcf0af7b38110faff7884f34313ee44d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6615203069c9044c51fec3e094816a01

SHA1
eadb438554defc5f5c6553dbdb625ed35f9a9694

SHA256
55a5a55c003bfdfe991d48bde70eb8ea13ef5d327c85fd4a5fab82668905d879

SHA512
20d17595aa765dcff85153e2c06f42ea687f3ad9e6b0689a32fc2991769e36eaa310ea37f6cbbabd54f8210be3629940ca6994ae42db65b62345cd25ba59629a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
880fced56be4a95d50055bb1281229f6

SHA1
a26aa385403ac3b45bfd40883f8bb072a9b9212c

SHA256
36f25c30d88d11f3d3b3ba91705691958b73457b691ed751a78677d4e2bdcca5

SHA512
1e7d122671413cd64bd7005e5a9bec60ebdb902e7404bec181c985a804616c59388e9e2c6b8ac1b95b8279cb076d9419261ef23299d73e3e3cfc5bacfb51e65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
619B

MD5
472de660f714a3c6942b281a7ec81c2c

SHA1
fa2b41457a0008f4f5b69eb2aa434b8f96de640a

SHA256
2c56516bee66527ad1266a929f3ff460a7fdfd74ee4c4950d03ea406eeba58aa

SHA512
6c97c1d1a423efbfa5c6ca474187d7aa7b5d0c77027bd2f7f3486e014505a93a3b7eb7c6b8681134767137e68b7f151054fba60f8cb6727a7b558c188c0015b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
946bd67b86c4f1ed780b2c90bf35378f

SHA1
8e0cacbf25387a573920ff6d27e57bce8127b9a0

SHA256
aa5481b15c11e4633ee8294885f5e8aa1f910ba73db7f78542e152de9dbbfc07

SHA512
4dc47b35c63429875bd3817920e9ebad51238b385529c4d88151bbd8cd79c650af513dd9a6f97702df7c35b11c7e328969dbd09b3c623ef3297a9ad41c9b5b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f56ce7bb1c94459f2bf3d6b2100f952

SHA1
b4d12d39118a0453dc9ed9d551c9774dc25c8cc6

SHA256
99c9da3d0f7d281e90eccce71a3f793d3c6dd92ee6e4b2b90b79bd3d65a1ce7d

SHA512
d2f515dc94a0aac83130fdc6fdb2194655a063cd8e8401859f4493256157fdcadd7518281b69797a0537841ff15f14ce0f2b304c1e188587b5e61eb244df7cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
741faaccdb25227cd6c1ed1214a10a9d

SHA1
7c8e43dd2a6490149ea475523558e7dcfa48c102

SHA256
d133f30d275f5ab0fef94a5add9e44c4379131d8039c1a852402e3cbdbf02e8d

SHA512
6800fbbe465488938782df94538cc01e6c7436e311cfc92e691790dff6b3f0b4df6bcc47030dcf66c8ac5788095a3ec02c87a22372fe692a71202755376eb8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e944afc82f636747af9fead9464e0086

SHA1
eac6e52b902caf54c5981feb4dc3ede7a71d7b13

SHA256
4175de02f032fccb208e2089cb30035ed32f207fc4874272534afac32664ef58

SHA512
c8522788ebd94f2fecf3ef3e7b7985a3f5b740f2a537bd1df1d03cc22efd4f8dbe8430df18b9c76fdda538788e01524c93f343814b89b34e638583201e3fe7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cceb9860f3e2e3b4a9419c8331cd670

SHA1
d43f35f8d1e577b66b78bd850550b482641334f1

SHA256
cbe54ac727519316fe600d8634fde04321e49d13b22abaf3591bd6f0f4d35fa1

SHA512
a797b56d893e782b92b1b10c9f9c1299e896e6b9669146c085e6f3c5eac94a40c18dd7d874b384ab0fa0518eea677ac3b087b3da7ddd38977405259b1614bf3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
59cdc19cdc60cd04746b1dd5aa924ed4

SHA1
209052298f00cb79e59050c5ad800a9c2fbefc52

SHA256
f0ad4f94c652edcaa84d25344cdfe79b59fcf79a5d35357112bd7574b92d22e4

SHA512
4c5d05c43a26185e38edd0786214f537ca9dc7c34c599c6c42c20f5d3d00db8fc18a872e3cedfecb994166071f3f6bab9b4c4af566e76b6d97830a65e51e6a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a7c515bda56641a91e919dcbf563c1c9

SHA1
1762afba286ed3b5571e7f6265aa647149da1b84

SHA256
f9cf63b66babbe448b9e53bbda60220df5462f9d52a2a1053051157c566ba9fe

SHA512
ebe6e527f9589a662414408fad3d1ae95cabbdf9e2081870c4d1c8382e9a6d38559960ae7cf54813adc4367ac1ec536982effa5114ee541b8ec034b85ea18fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f042460026841a5a1087393a3691d540

SHA1
3529f18e1d4239a0c794098e81c3d2fe4f24f772

SHA256
fc5b6f8318f041174ba0e53f288f404cebd4dca9ba8b2b4c1b54253368166f1e

SHA512
f7349d4dc22052b213c35f2ffce24f214cf10564cdea5ae34a5b7945ddc24d10aec21f8ee1e4e3c07cc0e55179e6941b5b6d2b91da602ce4b9a993d91bb1c32a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ff76fd18794c5f13aa39af65104369b4

SHA1
f23fb3c93491528e307901e1a24dda17f94ec51a

SHA256
b0a216c28c09c020c8972ba552da3fa1af8b8ae1403d77b1129bcdc447ad55fa

SHA512
1af83460c633a53d102cfb2362efa150a4293720660409d25574d972d9b5143e4746f20af20b0e7766087ac93e6740a84e10d8454e025cd40918ea44cafbbe77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0d81ddd422c9fd2f9b72014360889412

SHA1
abed8109c67b84d2f7e160f9e9d66f327e11687c

SHA256
91b71d84f466c2572a4ccbc904d95d7a952b02203bc4e44ee143c733126cd43b

SHA512
e7a8f012d53d23a61441c793f39463b24f079bc0d398ebe59a237d9594d167546af8968f099c124faddf943219bddb402019e903f63cba55d2782abbc02d48b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e694adeeb32cbf07c7a65e4d5a9a1fc

SHA1
b6b973c5e387532809c2c894b50a42884e98fde4

SHA256
a3c76dc246c849807f57a3057ffc51ce4aea83a39059364080aed371a0725c50

SHA512
6395a4ab11bed2c0f68f8586416768fd38afc9157e173704e085942e21b4698075e71dfe63c7ea6c22b5a201441c97b41483b554afb0438b106f89094ef2ff0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad87e71616215ce8351b78a0f856498a

SHA1
7676307a53a2027bf786caed9fcb5df635c6de26

SHA256
b7c7729c7a489ee5038efb7b91bcbd81ae4d03f7970c59fc97a44092d48e550d

SHA512
29167ad616de9b0d06835b61255d5446da66ee5d6bc4e111c52ad8486a2675bee59a4c44c997dce93f2202f7b7c2deac0d0e4fd3cf2b9aa5c57c8cd74248e2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
46ebc940c5229777770006bf5eac7645

SHA1
ab48556eaa3ee8a8ac1863ba98b8ea8373504035

SHA256
fe3da1a3e4446740aa521c60a7a5e8c7256b58c40892b759bacf594083731026

SHA512
c27109b38d1b8a2997dfe9496593c99d003df7841b4c08a89eb44d3b3e3df4a1cf231853220751af35bd7de7a7d165a0fbba6826304be1dc2b09774256e2c048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6562d451da4b6861c6c71317b30e931d

SHA1
472b9c7b6fd7802b2cf197ece8f5957befcfa35d

SHA256
a03366ac99980f24d4244c24956e89c650d80255716e86672a1333704f112c05

SHA512
f5665bfdc8c611d16cffe469119aaa6d14b35d4dbc9ed5eaf49e595de3eb62a2cb88a9a0442545b3188f86e87e43cc14b77e7173f8f5047cfe5ee4f373ec3757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d9303db389dc720a2e51643ad9bc943d

SHA1
2d52cb2b9b5b600fc7cb32c642dd1d4f15831e72

SHA256
fe57c145f8bec4b25b5bf18ab07b28413eaf0386dc80f12aa527469899a53a6d

SHA512
232ae86dd676a8b5f61707a8e9279bef98c93874c94214a21b54d0726db327688568fda32c9fb675091efad1f686a0cb8e9d2f7215770f1433e7b9f6d8cbe7d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22e01dd64310ef9ea62892f8416c28b5

SHA1
015eabb533209678f6fe6a236b4bd7d9241f15ae

SHA256
c567ee36618aa2a99f0d3c0a48cc78b0f310aeeab309a16ffeb5c5130a934781

SHA512
fbef8f1d31313489e5889bb37bc39b9c98f7101a1316b117e1a8d15ae93f1b0eb828cd0612931ebf323dd6c1d19916147ae04e010e6470bba33307a10b4baa10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
59513fe69febf0410047b381a4d3a92b

SHA1
0d3627e622bfe631b1e2ddc30b2902a417d5f7a2

SHA256
729ed22952671bd1449b6bdf51923cbdcd8e1ee850d088a5722be16acf00ad83

SHA512
03e9e931a4818b3022be6d7dc61384f401179f78fb0ce29e9b35e6e27a2fe1bd76da403741ee537611e84ab43e281a1dd56b7fe68de0d6747cbc775c418106bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ff46e8a-013a-49af-b97c-201cc6934454\index-dir\the-real-index

Filesize
2KB

MD5
fc7c2f5566b10adb6e4fb1583fca16b2

SHA1
3577e6eddff0ad64597999136d4d6d7ac08e040c

SHA256
71f54055f40fab89688931443dabc2a0737fd0782e87f8cb2cfd34378ed33a0b

SHA512
209b1bd0e32daad9d27fee7aaededbaf8308c459141a42a3afe2773d6715c33e64327b858f3467828a022d91ae3e9e862fbc0f9c6f243b6a8f3b1c9c1f729868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ff46e8a-013a-49af-b97c-201cc6934454\index-dir\the-real-index

Filesize
2KB

MD5
5b5ac613bad998f09e139c18df56bc7e

SHA1
e3a04d59893b2f139473094f0bbd4b0239399b9a

SHA256
6728906dec64db257042524e31f73f2d7db65d84b5ed79aaa7b52da7922f7463

SHA512
b4909bb2bf19984da862164d7265eef65bfe1e1d0ad98761664d29a55e5bb54562f2fcb05b4a525d2a7ee926fcdf91ce3fc74d69fd43a5ceb58bd7c0d9eb7c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ff46e8a-013a-49af-b97c-201cc6934454\index-dir\the-real-index~RFe5a7929.TMP

Filesize
48B

MD5
612aad9c698121d7ae6e6a9f6e6cfdf6

SHA1
0e9661b69a54f40c7c5c6f6e1f3d90cf38c5ac71

SHA256
3042597fcac6bbc6686db47a7ac750ce015953d5eefc455e9b744c43fa0c4886

SHA512
543b98482388c6b3ac7fe2d6391245fa2cd712151e121134779097171a641f7a7b7de55ebd2831b44acb860142bc22b7544f79b9a59f4bf0a1e3f7abfcfe9aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c0fbdc27-2b18-41ce-b107-2bc47033f9e1\f5ccbdf95c0d5f6c_0

Filesize
2KB

MD5
32d79ac8b1aa0340861a04d6c468b46c

SHA1
a040a3006c20e540bb7da1c3f51e6b64d1a118af

SHA256
fc37e80f2f922fc305d6a6498ef5f0ec69381a3a4f3d0ee12ea874523173bfad

SHA512
416def1ce4a3e6f88d12124afdb9b33efb5c6fc2d566ca4244ce239c2069d2736b02cf7d77be6c5dd524beac426c57956a7e94d4ef854b1120a31e493ff4ec22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c0fbdc27-2b18-41ce-b107-2bc47033f9e1\index-dir\the-real-index

Filesize
624B

MD5
fca8cf0cae2515d1ecdacb8c989c2549

SHA1
1596ae6b707f01319aecc4bed5706647c9bec023

SHA256
7029c035e58c52a54c931a627303275d0dac9fbe9ebff47b0deecc43c2cd30b0

SHA512
ac8eca0691f2aa78d1edaed8c6100d72285d78d4fb3c0dc87ef2fcca4f181212ea080929e7f7a713de0d5bb2dc664396d7c6b79d43f48c50a82c2f883b23f0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c0fbdc27-2b18-41ce-b107-2bc47033f9e1\index-dir\the-real-index~RFe5ada54.TMP

Filesize
48B

MD5
40feed67a249609cd6ae46d9b031a3ac

SHA1
508a23ccbd0de3811712cedcabb3bcfabd2e434b

SHA256
85677ed210c14137a98e6675d413e3299aeb85930b616889401600c588e14c9c

SHA512
ad377d7adbcbaac2f292bb776dbe5458dc616bc360e2a14c6969fcc232d2116793f59b328a1d154cad932bd291100a8bd7aa806f30a07c3daca4582775fcc22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e570fd08-0f4b-41c4-b06e-72217b70958b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
ca0f36a1693591a808e815a919f8d2b7

SHA1
8275de5e723f34c08f9472222880e01721ca481e

SHA256
4499fcf697235eff82970c718d62f93242987bc4f0127b17325e6cb38e800979

SHA512
fa2572edbe317c85bdcdada585e43088ed1a7f459700fb0239fb042fa7501548b5038ae29ee4944d3ba6d3fe6e4b42f41bff66942c81e7782aad6fb289c6aab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
8c1de93336d263232d9b759cc9b71bbb

SHA1
0c4f4e34a76885a96f54e9afbc366e8fedf39021

SHA256
4f479199d505d2a2168c4fe889d88f340796c8f48f16f12fbdf676191a31f53a

SHA512
a1a18fec054f2be5672ec78f7bda86cd2ab5f0ae457b9ffc7d5eabe1a3b7d6c4e8e6072842a6ce1f7bfa5ec8cb3d6af49573b4cd04b171b4bf971999f58a0fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
16ccce9a6450122d86e69ba22d690f18

SHA1
cd4b699af81b451274fca2b2600ab0c963f3a2e5

SHA256
b35a729d88ccb587ae3ec450cb282aafe3ede99020203bb2fb09fbaf6602e685

SHA512
01571c69e810943f9ff1117b781955bb4899cc0759a56a4b1cfd713c1781c8d2e2f95bb0e5a61ac0ce64d7caecb3618220ec8295c0046d99cb4084cd16745b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
aac114cb66d2809069e17643aa972c66

SHA1
03c80822f82c359885aef7a047d2bc4c10c0eda6

SHA256
7c532d07e043c8f032176ec4f0c25a0a666235463088af293cf83d0b44eca921

SHA512
25c569e38cd884efd21aada80c61da9f491f80b113572cb30a11806822fee270657ab221367741f066df93d81c4cabecd6e6a3fee483c10f8e1d5b63e6ea5fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
0f6593ef5aa9eb8707976d2e2da62f64

SHA1
a9ba8c5e686791b83874e4bf2740a741d78fc510

SHA256
81853719db8bdad93e066c1cefd2259019a629ef274a10d398125b89bb4c2cbb

SHA512
1fe3eb6ea53847e14e74b01a3f0a0bbeaeaddb1ad342dd0cc9cde607a0fa5b389b40f6ba550cf3e03cf079e773daf821a8960b6b3428db21422e05add84fe3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
8a441cda160dd564ba245bcbe10e1666

SHA1
6387e83e461639466223118e8ba6e1a1b374aff5

SHA256
07bfaf67f0a524620a95c1bb5251313df6e516e4420bd88d4c3f55eca2736e85

SHA512
744734d4a9138d260381cb00343bab6bdd9a75d98fa62e866fd1e22e5c17450bf9e643fa5bd29fc5900f177271298a1019d0062dd385205b1576facbec058519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
db69097751e551c0dcb34fb50cc37c75

SHA1
70f491f8036e3297ed8aabec6df4a1822bac6fc6

SHA256
9a4ee83f8cdd5b557c510cf372531581e2be31cf1c0b54107e26fcb157eb0490

SHA512
9e262bcae18c562ebe8df5bcda3458cb62ea95ee16b6b2b34ae019ac950b0929ed938368dcdb2d76d21328612148e6abc1643e4586c74f2a37a99ec8596be335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\39f28cb5-8cf8-43b4-8a30-af27f883897b\index-dir\the-real-index

Filesize
48B

MD5
0bba97c41f3c8757aa4aeee06cf6f0ae

SHA1
f4b6e987983207723d6a0ae3a89abda4ce640f6d

SHA256
d6e8b3e8363ba7a902e688d2215dbaf567e5dd852b01193e9caed2e1723ac64c

SHA512
faa2d6b8c50bb0d147716318cdd6c896bbd7703875f3aef6692b1a1d608c3da95ff108b0b3528ef0b0b28ccf440620fc6cb0638fef6535189ebe3fbe0e4f04de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\39f28cb5-8cf8-43b4-8a30-af27f883897b\index-dir\the-real-index

Filesize
456B

MD5
edd8eab62eac16e6bab4fc6e61250e8f

SHA1
c39e98a0097c0222c980f815e21ea884cf7e9e3d

SHA256
beb0d68d1cdcd30f0a129041f1b82b1b540b4397796e502a759def951615c8c5

SHA512
a3e3086a5a1e88ad875fda835c192cb7b830e84c021cf5aaeff60bdefcaa8c558e4389acb783639a32ce199ddeafb36d75d271f91dd2a5916bd42e935cb94705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\9f3f1ef0-4fbe-4a8a-8dab-e72ff1de0d4d\index-dir\the-real-index

Filesize
72B

MD5
026faf3343bd397202012ce3cef13e24

SHA1
cc5c616c3c46bfda95c964603ae6275b2793db76

SHA256
ccea134e70268d77d92e544f2003a6492ebd4745d91046cae99abcbd980bd6f5

SHA512
7d8c37f3a2048244f0832f06e1e1f27b0c69e933a58951e13cceb011fb53b183340cf8c6884cb76db487235a8fc28f98025f70f70a4411703b44eb657d6687a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\9f3f1ef0-4fbe-4a8a-8dab-e72ff1de0d4d\index-dir\the-real-index

Filesize
72B

MD5
461346dc7110720ccf6bef865301abbc

SHA1
28eb4cbc5d94debca41fb649ea7019c9e7bb08c5

SHA256
906f373e50e3ae34cdb708ee54da128952fdf9a57daa62d64986ecc830325356

SHA512
565aad1b0d321036c90d4ab4691838325903a2ba4749adfec8c0d330350c32b6315346538c4304296c5a6be72ae843fd2306a1ee10fa391b9b431a241a002ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\9f3f1ef0-4fbe-4a8a-8dab-e72ff1de0d4d\index-dir\the-real-index~RFe5b8cdb.TMP

Filesize
48B

MD5
e8c957e2e36abc41f6bfbef2ca2eb859

SHA1
3f24caf8ac06c1eff8a35468c6b00657f9982897

SHA256
64c76072a7eb7d562e16a716ee2baa430c39818e1fc29091087be00e96a9c857

SHA512
87e53cb1e3908d0a66dfb8d3e81d3455cd37e0bc95c34f3ca2b4e6622bbd8e364084670abfdc8ab2c69199babdfd24950cace79d0ef2af72937edb9d3ad0592c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
4608877eee56dbd0e2855d30ee77ac5e

SHA1
87d9d183cca5a08d0b416f52e43bbd2d7f9fbef8

SHA256
1fdbf33374cf04522919244fe2d8b19b213a4606be7c30f08156623fdc92afd5

SHA512
37a15127166a21d3a4f6f3bdb27d293784ca9a2a96238488dfb1adda745a89e3248228012472562e612a1a9bfffb8a75535cd71d744d98d8d38bd61df18607eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
165B

MD5
e715b3fc489432c3c46ceb441ac11932

SHA1
57f91d8cf6aa80c58cf713223cad86ce3a984457

SHA256
71f1d39bf854cce17b858f30beac83c63844fdec8462c094addad63bb1dd91fe

SHA512
95198fd6c1764d977533d1dd21c8e7d91e5624ea322525d3baef60544a702db1da36e357f04d248e2b0c2d5487b54ec847ccdd9a82d0eed82590fe49e5f7e04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe5b530e.TMP

Filesize
102B

MD5
1e52ac959ac6b517c8279972dbd02d78

SHA1
18c3af4e530ad8d98fa5058a89461ee22d4e809f

SHA256
eb0742d205dedb11a6fd2f13dda5009a7566ad23f8b9ebd0b817bb9997c13a6c

SHA512
b168afd23c941ebe3405bfa8081917bb6e307e333f2d81e04beadb1901c27dd23d5ae293d56431efa05620b376db86112e04f1fb20f3dbe6cc514b044736a3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f2c8a93e393706b33e01b128abd16d90

SHA1
de33ae8ab521ed116e8b263fdc96a3afdc1f0ae1

SHA256
b67271b6ce8e6bf3306e22c85d919c812698cd41c4b5ae2814b012f222209970

SHA512
85014fc8f617fb9752e1670447030fe2b6223a1438c81e2d427ed1cddb44180d9e07121ef3d02af8885c725ceeaf03f450f585b14c210b3adf8b167f2383e5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
a08dda34c243ab4d72a3c4f4ceb11dc5

SHA1
cebb62226d4db75874fdae15a8bf820aced86d06

SHA256
3047b8cc3c38a9f9a80baa2df2c677d62a8c0d47b90c922fae6dd07f73c26969

SHA512
588e272114f60718ce2585798a85ae156758ec56a5c839ad746abafc74cbd69660e23293f18cd1ec636ee3255a7503b89088b76209de85bc34e3ef489a879a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5accd7.TMP

Filesize
48B

MD5
3ef14462a5f9f4dcb629b3efac29ad9c

SHA1
01c7534fc39490c0e34ea3701d796454eef22fde

SHA256
57b125c6947c70491cc05f225db8e84da1881e04d72f5a51647f692c7de967ca

SHA512
7411f7b426ce9fa2aed804e639c91eb4bde17d0a7c5b7c36bf67f5182357c88abfcf79c18d605eefe80e1fc5512502d9cc608c69979f1a2645bab7cd80225190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0c0fc29780b7e155f36cab4e4502e4d4

SHA1
a2316080d5215fd37e472dbcb08a567fd735ac60

SHA256
49832a6696da47f75debb3ed9029b3071b7eeec6aed75f84506bb05b2843af42

SHA512
7507d1c79c35fac54cda8b5f03529ac395e19b11ef6944be72c3df8c98e7f049068279f8870510c7f0d318b3a32ef1058e52be11cb4a1282ca5a041b4286bf3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79e8cdc0a841d4879b70e896697c5bcf

SHA1
8fca6f9739e446d9c0b42636b82a91606642c908

SHA256
d948adcd2a1eabc88c3d79ce961650fbf4f3507db7558d9fd5f3785fa4c4e56c

SHA512
3e26cd1492f26006236798b40b4facaeeffcb6ca62993f33e93b0a83d28fdca3bca44a611c8da02e3e0ec16f3dc0d029d70be37d7a36cfbefe3b365e055599f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67127c1283b25b5b549e6cb3a846dbf5

SHA1
2425f3af74f6efa44ca918508d3d3f1c98df9d78

SHA256
4c76a2a5cd9ed9d74b3b5a1eaf828d19f8a1aa7213039af4bff0575b8c6cabc8

SHA512
429d329b812234e4afcafd76acdd52bba66fbafb1b7a7c08060fece81295005b088ae0f716e13b5e1ecf07a4929892f55c73d6e354f27f104f7d86928aa1c126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f046f078db55124f5db3d68e9eb0fa7

SHA1
03e78131fc3506eaac924a8c9f11279e469c4044

SHA256
db706b1bec7782110847db5b46b121979006352820d9d15fcaaa7d54f883d22b

SHA512
a61c50603adf289c5ac3427f7e83935ad9d72c7f991bdde44a9fb4248cb338f919e9791f98a007fbd19ff3e83387849ee56fafd5ab1bc0703275d4552df03ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
33423b6d4fa94cbfa90ed44a0c48634d

SHA1
e6e83a274129d3ce890a852d98ab844ebc4f4733

SHA256
55990603e83c74a0cdbf80142b04e7a1117924a220010d150574b60b2c15647f

SHA512
01ff9d30e0e79be35fbc7b80890322a78431fb6aee6f44ea06e056cc828c019560475433384a7950336e0f102af7dbf7a14e9f235d8b8fc7f4ca03c876cd3be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5ebd497e2abbdae411ef8a9b1f0aa25c

SHA1
3226d94962cae0519d2c4f4f1ad9a75132f9b942

SHA256
ca71f4ffae087a1a8c2bde4a84f2145f7ad1fa03e34176349ebde1a924a25a61

SHA512
8079161e03e9ea15f4c289498782dd5c69a4d4cfc9ab23d00053480c333608a3aeed45725602d0928fd70908ee611c288df81840893952afa89876948a7c7f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f0d3abc95fc12138bf9aaeb92a4c4a79

SHA1
5784b01849164b58de429195c30c000e3d52df2a

SHA256
ca11939c8166ab11034ba32caaacd878413e0d25419f0003d458692236097231

SHA512
ad294687a12000dbd84636fd724d5430a624fe11ca3ea6391a5563025b64d9409d8cc703d271ee67b683f46f9139d306777e692df803be9dac259af322b7aaff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63bd326923fc91ba618ccb689fb58599

SHA1
73e4a68eb8eb1ec0fc8629d287368a3bbf2cb17f

SHA256
af9026ac2815a3a31eb2e6fe41f520a1ebbe83e979f345f6935154889230af09

SHA512
9e65af0bd6196925331992a3bd91bcf89a712be59a4cec40195355390c08fb3ba3c5b2329d620331ee5f8962b70f2cea1ddb0e7295f39b9231e831caf535c50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c37125b6da80433522b7021164ada41

SHA1
5b7566fcaeadbc926cefd6d015370a81face3782

SHA256
3fb9bb8b1539331d79e6e0cff5d83b5a408d0ad4d1f2e62de8e3651a92e7dbdd

SHA512
95ca1c93f451907aca2aa556159c6a62fa2c99c3e7b1ed04b5c8b16c5309cd831b439cfba9bc246a4c9a9b2a6f2ba955166eea05806d8aef7d528b5f858cb6b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
acff12cd31ba91c5048c4473f8db71d5

SHA1
8b2f0d6a46fcddbea18dd710dccab6344573fa5b

SHA256
72f7b9b300124da8d59e8476867ea879b4c6e8e10b236d197fcff0c6b85cc986

SHA512
6c0fe9ed769f91bb7359df72cc07f9054f2f4e7f65603818c90fcbb30c344cc102dfb975f938b5cfd4a7481f1cdbfe4ab86ecf1c091194ba7fbabafa244eeee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d8bd05f88ff58a0cf89e3750ed1705db

SHA1
38409b326b53aa5b7a28250d7659fd88d129e14f

SHA256
78381e4e98a222ba20f45a5b886c44636c164fee085d99d2e93064de2d85d163

SHA512
09f0ea32af6782f77bc65b012bf2e847fcc4cab503251ab0ecbb2a0f84798328685bc3dee56271c41603576b8d7c08b174447093b586b05d4111c39c1fc3e536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5840dc.TMP

Filesize
371B

MD5
a6b3c34e70c5e45e43026c1c0264b876

SHA1
db9532eecd093c3e3552e997dacb2974946cae65

SHA256
752ba36c205dbcb3727f8c6c7d9af0baf0341d0d8d1dd5d58a880fda99d991de

SHA512
087fe1a4c58960b1e4ceb67e56f76aeea509fba54218bfe7f03dd2d10d8956a536de07967cca1a8664e969f2aa22a6d63bfe90c29a5fb0a078c119037f5b0927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ccbdca445c42f59abd276f2f5de1edc5

SHA1
e39d7b9f00666a9a2f193b110bc018cb722fa6d5

SHA256
c079eae6fccd57b63eaebd5d159b866d1da7fd8e3742391e5bb7d4ec4affe95c

SHA512
302c90ab40c880a78e803ca7bb05cc9d7d1d112e7c69666da3c8ff8ce4de1cebc66a91de57645f7db7231c433080cafcd2f6f76694ec9aeaa856991dc2fb453f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ee3be256afb7a14c2484952158595061

SHA1
0ed801beafc1464ddb9f75c48e09a5b3092f4b2e

SHA256
d713648a30ba8cec2adabb68f399d4aaf1e03638247d41b9169e40795c75ff9e

SHA512
8c96bc12a6502031c08e1d0ffe18ef72796a351102ae1ef8014cc1749abfc2f0bf77d038a1722f475647c5977a34d2dc62aa83e8a6d0ddedc7b61abd5f1f32f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ae86c5474068dc6d4bf4fd3a139762a

SHA1
8a01ab2e60c662c2f3198693ad074c42b5a3ce3b

SHA256
1cab83de5caf92d4ff646797669c2a96641ec5d2ebf780a2b03e6cee2b388113

SHA512
d8d15550c959c821a853a3b84409cc19e53e0922bb1134a9830464fb096e181f6bf8cc3d6e92c564e27866da0939940226667cd38744bcc878cb4d60f177b5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b199df5b8edb8eaafd5ca65080ba47b2

SHA1
8056d0c8351de71b6e4e3a5cc1c473e54a957692

SHA256
ee44e31dc0c911298c2d7640324ba768cbedce5826555db6b5549e62346f227f

SHA512
1395cc3d260edd366afe21d230a990b14c221f32a27695f5bd8f8d702fa9a293d2056cfd486a1d581c2da71394703db2a74607e1300f0f3745d82a1ccf612c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35aa591818d665e34d6c520968072c49

SHA1
83d7b3158eefb0654e9bc07a5833aeb2c8e0243f

SHA256
65b03321d2ec59b0563ca2214cc90e9afa4cbc797679b5e5eba98242f7c24a6f

SHA512
7b85eb648f6802a12346b8b62035acdbcba929526b34a9884c7b561c7c6f27f9c996132308ca49f1acafd67979ec949074c9092eb3886247598e618ae63daf1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d1865d198f2e3e481aa6d524fcdc6d0

SHA1
b6ad1281212d10a01d1b8b55c3d37f1f8f1366e5

SHA256
cd8854a8d4540cc37213443a52572737e62b2d3d6b5a144b3899abf4bb229cbb

SHA512
4f2426e7ce05aead6747a2bd01193b3be8faa3bb9169735115a4ceb36a17d49ba102312bec3860cd5e6f4b5191347f82a3fc08949ecdd0430573a51c08001303

Download Submit
C:\Users\Admin\AppData\Local\Steam\cefdata\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Cache\Cache_Data\f_00000a

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
0858871c4e6bd3b3457e7b132c05c1a4

SHA1
2552450e03196a8dda340016a2eeb3a98798fc13

SHA256
de7d2c175cac4310e38f2c873ba623a642449cd7eabf53ae7af82e8fb2aa7616

SHA512
3523a58fe02b2282916e3f7c479a06c3028e56dbd50581d045234eeefaad5d6404f023bd0ceca218a4986911ad2318e3ac4d4bfee19f228c19cc8bf19359716f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9d4ed2238651e8412d6344bae98707c4

SHA1
c1023152475e1774d71998e2cedea83c750127b6

SHA256
248beb4d4e9c5fc3156a76b871240342363705ff5e3ed5749661f8ed8a95c147

SHA512
473f687dbdb5233d5090ce9649ea4e68b8b81a94977b7396fda87a58af767f15b154a3d14e96ebd1b9a5bfbf1b944903bc22dee88c38f4e16dea6bd8932a912b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Code Cache\js\index-dir\the-real-index~RFe5b8615.TMP

Filesize
48B

MD5
936fbaad8fa4f90f7cd756f62a329e9c

SHA1
3ef97b9f394117b6f622ba2caceed951e1b4728b

SHA256
4ed9093b40ba5c63c7b5f59e0064ce187e9662219c8f68e1f98c9d5f3140eb4f

SHA512
3af8d5ccd031a5a58a1d36501fd9c17307ec8688dca50da4a329b09f71f67a49e5f6e481cb5d464002fa2aaee122e9c4346d7cde875a645a08042b3cc79bd26f

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
700B

MD5
f6eab37038778419be08c207650b2f64

SHA1
1f7e0425de64b1dff9c62c8c8817a96a110bc210

SHA256
8952f5f7bf9d0bae70eba34592d6450403214efefd61e9cd9fead57cf9ceca39

SHA512
912a595b4f2e30f5a9fdba03d2a34367c5f75cb740e61309548117745342c0b7800863fa075fc77ea22cea9f46a21935725dd6d5d2eb715835264615e0ff137e

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json

Filesize
795B

MD5
a224e8fbf1dfac729b508f296c6f1472

SHA1
b9422eb42d25abe2c702e892bda6c0c3b05a35cd

SHA256
41a7e3e20245285153b852c261e095b1212ed3cbcd69b57b859425b56f255c0a

SHA512
4bdd6b786452a68c48ba2bd7c4550172590eed9a6a9ea915a8846f2c40ab55337ca4136091009d6f2cea1c71670b59608f6e1c2780902c2974c8484b7c7a2963

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\LocalPrefs.json~RFe5c4369.TMP

Filesize
484B

MD5
f51bdc8e340b5fb50174b3cdf93c52a5

SHA1
d15f9f5fc181ed2536b2983efe4fea40fa2a09c6

SHA256
4aaa0128427aa1e6707f8ed69985e5292a1098fae2a7f04516f6635a8859a5b4

SHA512
e93ebd1a5bf592eed0180fcd2c1ad07432c9503a50b313c736abcae972eabeb8aefdbf1f531535b645db85f1918c849d2836e7a9e5c7c61d43b39dd794b8b5c7

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
1KB

MD5
debfe60f111b1a0eee221baaa88ed25c

SHA1
02fcafbab20f23c3ba4b0f6a5b2f0d461d6f479d

SHA256
fb334ee5be41748b9135796a0b2e2bf2fdd0b7e7fcb69718f26d45110cc75af6

SHA512
b1a1b788af4aa57ad4055eb1b3fd9daced9ef6af6a2db91ee664bec13cc477dd65b518b1f5d018a814edda8c9cf31dc33f7c48242f485fe8d00ace87c816b97a

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State

Filesize
784B

MD5
dbcbf8f9b85f08b73ce5bd3833d4f35b

SHA1
94a974ad83a3d0500ada033b8adab267485bd865

SHA256
76e163861a46dfdf68a1ba3aa17fed0acd9e29b50bf69b98a7d815f5164b9133

SHA512
ed611804c0194755f69e2bef5753ff9019d2fbcb698692b0091e16853c1e4329ac1a0771da31cb064846243bd7b210ff172c0b0b502d8a18295a9151a6c6ca99

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\Network Persistent State~RFe5c6e23.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
370B

MD5
89dd17689a7b99a23b279a9370b295cc

SHA1
4dd086a13988803928b986ab86a44dfc49ad2281

SHA256
8ec5609fc347d221d34c0f7dbbec5753a2bf6639a83c5960d799ae5059f0e5c7

SHA512
4b01c27396272253c757175fde704072c50ab48825b35962f366dcf8bd81a9e7740c583d756708bc2c541998ad8f05d1e0dd3a628d50a8b6a2f71c12d973b31d

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity

Filesize
370B

MD5
558af1632f2172dbb3bb6f6875a95a59

SHA1
4183bc624b4a8d6f65ec22457dff5db70aa19bdd

SHA256
6fbb7747bbffd5a9b90a39096fbd2e113c54147923c90c248547523538050b23

SHA512
01c021f0440d9494cf49bdc06a00a7d4690fe1584828c1bcb2e592cf07af1d3b0455c1f4fc3196f5ad764c7666f8e3d76c37a789758299ba841258b3dceb2f97

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\Network\TransportSecurity~RFe5f408c.TMP

Filesize
201B

MD5
1bc17ce6c5c59c413dc48d6e3aa21747

SHA1
eae2ac63e36ed3626258faf87283b3e830979b44

SHA256
3351586018f6f60bc49fb879787915c69fc483e46978e1d1f3c5f31be76ae46a

SHA512
df477850b5dca24b46dc24b475a07442e6b2dd588fe40797259601e418e9a780a1eb7b79df67403e136503ad2d7448ea3cf925b624ec86a2c07f264646a1d8da

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json

Filesize
1KB

MD5
b136c5f1ce995a0d99a2fe40ed0b6eac

SHA1
1530dd8baa4a0a3898454c08fe867b0ec4ef9a34

SHA256
6453f9a29d3c13057696663b3eee02f933f25c0978309cb65b5456e46c50ef21

SHA512
e4636c762c07a07780c1592c9fa268e33cfdb3701d2fbb6b67d78ffc74424129af0cccdb903c02840fc8c7ba76493932274d5b641bcc271d08ea7e6f700ddab5

Download Submit
C:\Users\Admin\AppData\Local\Steam\htmlcache\UserPrefs.json~RFe5b940f.TMP

Filesize
1KB

MD5
8ba8aa9a23cb26f4d8bf25d4dbe84138

SHA1
96a0e6d05c1d9cc7b2631ae015353bc2538daba8

SHA256
7a0e3f37be9b9858c184099962ff9bf612c6a5136eb7a059af03355847bdaeb2

SHA512
4fae13c82999eb689a60b5aaa897b041b692ecc4de66ed7ce38954055392793cb712c7d8e5b77a0687468ff951a8dbcfca72ba7fe8d0c67a8e96d2488fa75777

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5A04.tmp\StdUtils.dll

Filesize
110KB

MD5
db11ab4828b429a987e7682e495c1810

SHA1
29c2c2069c4975c90789dc6d3677b4b650196561

SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5A04.tmp\System.dll

Filesize
22KB

MD5
a36fbe922ffac9cd85a845d7a813f391

SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a

SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5A04.tmp\modern-wizard.bmp

Filesize
150KB

MD5
3614a4be6b610f1daf6c801574f161fe

SHA1
6edee98c0084a94caa1fe0124b4c19f42b4e7de6

SHA256
16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b

SHA512
06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5A04.tmp\nsDialogs.dll

Filesize
20KB

MD5
4e5bc4458afa770636f2806ee0a1e999

SHA1
76dcc64af867526f776ab9225e7f4fe076487765

SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5A04.tmp\nsExec.dll

Filesize
17KB

MD5
2095af18c696968208315d4328a2b7fe

SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568

SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5A04.tmp\nsProcess.dll

Filesize
15KB

MD5
08072dc900ca0626e8c079b2c5bcfcf3

SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

Download Submit
C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 267820.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/5808-13806-0x0000000000B10000-0x0000000000FC2000-memory.dmp

Filesize
4.7MB

Download
memory/8548-14319-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14586-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14604-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14637-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14618-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14627-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14134-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14539-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14632-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14576-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14560-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8548-14544-0x00000000702F0000-0x0000000071669000-memory.dmp

Filesize
19.5MB

Download
memory/8724-14191-0x000001F5EEC10000-0x000001F5EECBF000-memory.dmp

Filesize
700KB

Download
memory/9328-13857-0x00007FFF77A70000-0x00007FFF77A71000-memory.dmp

Filesize
4KB

Download
memory/9328-14280-0x00000224B51A0000-0x00000224B523E000-memory.dmp

Filesize
632KB

Download
memory/9328-13856-0x00007FFF77080000-0x00007FFF77081000-memory.dmp

Filesize
4KB

Download
memory/9384-14281-0x000002CD88C10000-0x000002CD88CAE000-memory.dmp

Filesize
632KB

Download
memory/9384-14282-0x000002CD89330000-0x000002CD893DF000-memory.dmp

Filesize
700KB

Download
memory/14048-14640-0x000001BEAA9E0000-0x000001BEAA9E1000-memory.dmp

Filesize
4KB

Download
memory/14048-14639-0x000001BEAA9E0000-0x000001BEAA9E1000-memory.dmp

Filesize
4KB

Download